web/html/docs/security-guide/f10/en_US Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html, 1.6, 1.7 Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html, 1.6, 1.7 Security_Guide-Encryption-Data_in_Motion.html, 1.6, 1.7 Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html, 1.6, 1.7 We_Need_Feedback.html, 1.6, 1.7 chap-Security_Guide-Encryption.html, 1.6, 1.7 chap-Security_Guide-General_Principles_of_Information_Security.html, 1.6, 1.7 chap-Security_Guide-Refe
by Eric Christensen
Author: sparks
Update of /cvs/fedora/web/html/docs/security-guide/f10/en_US
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1790/en_US
Modified Files:
Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html
Security_Guide-Encryption-Data_in_Motion.html
Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html
We_Need_Feedback.html chap-Security_Guide-Encryption.html
chap-Security_Guide-General_Principles_of_Information_Security.html
chap-Security_Guide-References.html
chap-Security_Guide-Secure_Installation.html
chap-Security_Guide-Securing_Your_Network.html
chap-Security_Guide-Security_Overview.html
chap-Security_Guide-Software_Maintenance.html index.html
pref-Security_Guide-Preface.html
sect-Security_Guide-Additional_Resources-Related_Books.html
sect-Security_Guide-Additional_Resources-Related_Documentation.html
sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities.html
sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
sect-Security_Guide-Common_Exploits_and_Attacks.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html
sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
sect-Security_Guide-Encryption-Using_GPG.html
sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
sect-Security_Guide-Evaluating_the_Tools-Nessus.html
sect-Security_Guide-Evaluating_the_Tools-Nikto.html
sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
sect-Security_Guide-Firewalls-Additional_Resources.html
sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
sect-Security_Guide-Firewalls-IPv6.html
sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
sect-Security_Guide-Firewalls-Using_IPTables.html
sect-Security_Guide-Firewalls.html
sect-Security_Guide-IPTables-Additional_Resources.html
sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html
sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
sect-Security_Guide-IPTables-IPTables_and_IPv6.html
sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
sect-Security_Guide-IPTables.html
sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html
sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html
sect-Security_Guide-Kerberos-Additional_Resources.html
sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
sect-Security_Guide-Kerberos-How_Kerberos_Works.html
sect-Security_Guide-Kerberos-Kerberos_Terminology.html
sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
sect-Security_Guide-Kerberos.html
sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
sect-Security_Guide-LUKS_Disk_Encryption.html
sect-Security_Guide-Option_Fields-Access_Control.html
sect-Security_Guide-Option_Fields-Expansions.html
sect-Security_Guide-Option_Fields-Shell_Commands.html
sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
sect-Security_Guide-Securing_FTP-Anonymous_Access.html
sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
sect-Security_Guide-Securing_FTP-User_Accounts.html
sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
sect-Security_Guide-Security_Updates.html
sect-Security_Guide-Server_Security-Securing_FTP.html
sect-Security_Guide-Server_Security-Securing_NFS.html
sect-Security_Guide-Server_Security-Securing_NIS.html
sect-Security_Guide-Server_Security-Securing_Portmap.html
sect-Security_Guide-Server_Security-Securing_Sendmail.html
sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
sect-Security_Guide-Server_Security.html
sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
sect-Security_Guide-Single_Sign_on_SSO.html
sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
sect-Security_Guide-TCP_Wrappers_and_xinetd.html
sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html
sect-Security_Guide-Virtual_Private_Networks_VPNs.html
sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
sect-Security_Guide-Vulnerability_Assessment.html
sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
Log Message:
Added firewall config screenshot.
Index: Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html 27 Jan 2009 13:50:51 -0000 1.6
+++ Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.6. Secure Shell</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><l
i class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.6. Secure Shell</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</h2></div></div></div><div class="para">
Secure Shell (SSH) also provides encrypted tunnels between computers but only using a single port. <a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-t...">Port forwarding can be done over an SSH tunnel</a> and traffic will be encrypted as it passes over that tunnel but using port forwarding isn't as fluid as a VPN.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong>3.5. Virtual Private Networks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong>3.7. LUKS Disk Encryption</a></li></ul></body></html>
\ No newline at end of file
Index: Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html 27 Jan 2009 13:50:51 -0000 1.6
+++ Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.5. Virtual Private Networks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.5. Virtual Private Networks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</h2></div></div></div><div class="para">
Virtual Private Networks (VPN) provide encrypted tunnels between computers or networks of computers across all ports. With a VPN in place, all network traffic from the client is forwarded to the server through the encrypted tunnel. This means that the client is logically on the same network as the server it is connected to via the VPN. VPNs are very common and are simple to use and setup.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong>3.4. Data in Motion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong>3.6. Secure Shell</a></li></ul></body></html>
\ No newline at end of file
Index: Security_Guide-Encryption-Data_in_Motion.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Security_Guide-Encryption-Data_in_Motion.html 27 Jan 2009 13:50:51 -0000 1.6
+++ Security_Guide-Encryption-Data_in_Motion.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.4. Data in Motion</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.4. Data in Motion</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</h2></div></div></div><div class="para">
Data in motion is data that is being transmitted over a network. The biggest threats to data in motion are interception and alteration. Your user name and password should never be transmitted over a network without protection as it could be intercepted and used by someone else to impersonate you or gain access to sensitive information. Other private information such as bank account information should also be protected when transmitted across a network. If the network session was encrypted then you would not have to worry as much about the data being compromised while it is being transmitted.
</div><div class="para">
Data in motion is particularly vulnerable to attackers because the attacker does not have to be near the computer in which the data is being stored rather they only have to be somewhere along the path. Encryption tunnels can protect data along the path of communications.
Index: Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html 27 Jan 2009 13:50:51 -0000 1.6
+++ Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.3. File Based Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.3. File Based Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</h2></div></div></div><div class="para">
GnuPG (GPG) is an open source version of PGP that allows you to sign and/or encrypt a file or an email message. This is useful to maintain integrity of the message or file and also protects the confidentiality of the information contained within the file or email. In the case of email, GPG provides dual protection. Not only can it provide Data at Rest protection but also Data In Motion protection once the message has been sent across the network.
</div><div class="para">
File based encryption is intended to protect a file after it has left your computer, such as when you send a CD through the mail. Some file based encryption solutions will leave remnants of the encrypted files that an attacker who has physical access to your computer can recover under some circumstances. To protect the contents of those files from attackers who may have access to your computer, use file based encryption combined with another solution such as full disk encryption.
Index: We_Need_Feedback.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/We_Need_Feedback.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- We_Need_Feedback.html 27 Jan 2009 13:50:51 -0000 1.6
+++ We_Need_Feedback.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2. We Need Feedback!</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="prev" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="next" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html">
<strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="We_Need_Feedback">2. We Need Feedback!</h2></div></div></div><a id="d0e369" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2. We Need Feedback!</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="prev" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="next" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html"><s
trong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="We_Need_Feedback">2. We Need Feedback!</h2></div></div></div><a id="d0e369" class="indexterm"/><div class="para">
More information about the Linux Security Guide project can be found at <a href="https://fedorahosted.org/securityguide">https://fedorahosted.org/securityguide</a>
</div><div class="para">
To provide feedback for the Security Guide, please file a bug in <a href="https://fedorahosted.org/securityguide/">https://fedorahosted.org/securityguide/</a>. Please select the proper component in the dropdown menu which should be the page name.
Index: chap-Security_Guide-Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Encryption.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- chap-Security_Guide-Encryption.html 27 Jan 2009 13:50:51 -0000 1.6
+++ chap-Security_Guide-Encryption.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 3. Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/><link rel="next" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Encryption">Chapter 3. Encryption</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html">3.3. File Based Encryption</a></span></dt><dt><span class="section"
><a href="Security_Guide-Encryption-Data_in_Motion.html">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_
by_Step_Instructions.html">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html">3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span cl
ass="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html">3.8.4. Things of note</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="se
ction"><a href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 3. Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/><link rel="next" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Encryption">Chapter 3. Encryption</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html">3.3. File Based Encryption</a></span></dt><dt><span class="section"><
a href="Security_Guide-Encryption-Data_in_Motion.html">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by
_Step_Instructions.html">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html">3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span clas
s="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html">3.8.4. Things of note</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="sect
ion"><a href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></div><div class="para">
There are two main types of data that must be protected: data at rest and data in motion. These different types of data are protected in similar ways using similar technology but the implementations can be completely different. No single protective implementation can prevent all possible methods of compromise as the same information may be at rest and in motion at different points in time.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</h2></div></div></div><div class="para">
Data at rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other media. This information's biggest threat comes from being physically stolen. Laptops in airports, CDs going through the mail, and backup tapes that get left in the wrong places are all examples of events where data can be compromised through theft. If the data was encrypted on the media then you wouldn't have to worry as much about the data being compromised.
Index: chap-Security_Guide-General_Principles_of_Information_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-General_Principles_of_Information_Security.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- chap-Security_Guide-General_Principles_of_Information_Security.html 27 Jan 2009 13:50:51 -0000 1.6
+++ chap-Security_Guide-General_Principles_of_Information_Security.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 4. General Principles of Information Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/><link rel="next" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul c
lass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-General_Principles_of_Information_Security">Chapter 4. General Principles of Information Security</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 4. General Principles of Information Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/><link rel="next" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul cla
ss="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-General_Principles_of_Information_Security">Chapter 4. General Principles of Information Security</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></div><div class="para">
The following general principals provide an overview of good security practices:
</div><div class="itemizedlist"><ul><li><div class="para">
encrypt all data transmitted over networks to help prevent man-in-the-middle attacks and eavesdropping. It is important to encrypt authentication information, such as passwords.
Index: chap-Security_Guide-References.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-References.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- chap-Security_Guide-References.html 27 Jan 2009 13:50:51 -0000 1.6
+++ chap-Security_Guide-References.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 7. References</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintena
nce-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong></a></li><li class="next"/></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-References">Chapter 7. References</h2></div></div></div><a id="d0e16974" class="indexterm"/><a id="d0e16977" class="indexterm"/><a id="d0e16982" class="indexterm"/><a id="d0e16987" class="indexterm"/><a id="d0e16992" class="indexterm"/><a id="d0e16997" class="indexterm"/><a id="d0e17002" class="indexterm"/><a id="d0e17007" class="indexterm"/><a id="d0e17014" class="indexterm"/><a id="d0e17021" class="indexterm"/><a id="d0e17028" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 7. References</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenanc
e-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong></a></li><li class="next"/></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-References">Chapter 7. References</h2></div></div></div><a id="d0e16974" class="indexterm"/><a id="d0e16977" class="indexterm"/><a id="d0e16982" class="indexterm"/><a id="d0e16987" class="indexterm"/><a id="d0e16992" class="indexterm"/><a id="d0e16997" class="indexterm"/><a id="d0e17002" class="indexterm"/><a id="d0e17007" class="indexterm"/><a id="d0e17014" class="indexterm"/><a id="d0e17021" class="indexterm"/><a id="d0e17028" class="indexterm"/><div class="para">
The following references are pointers to additional information that is relevant to SELinux and Fedora but beyond the scope of this guide. Note that due to the rapid development of SELinux, some of this material may only apply to specific releases of Fedora.
</div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>Books</h6><dl><dt><span class="term">SELinux by Example</span></dt><dd><div class="para">
Mayer, MacMillan, and Caplan
Index: chap-Security_Guide-Secure_Installation.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Secure_Installation.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- chap-Security_Guide-Secure_Installation.html 27 Jan 2009 13:50:51 -0000 1.6
+++ chap-Security_Guide-Secure_Installation.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 5. Secure Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/><link rel="next" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Secure_Installation">Chapter 5. Secure Installation</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">5.2. Utilize LUKS Partition Encryption</a></span></dt></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 5. Secure Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/><link rel="next" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Secure_Installation">Chapter 5. Secure Installation</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">5.2. Utilize LUKS Partition Encryption</a></span></dt></dl></div><div class="para">
Security begins with the first time you put that CD or DVD into your disk drive to install Fedora. Configuring your system securely from the beginning makes it easier to implement additional security settings later.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</h2></div></div></div><div class="para">
The NSA recommends creating separate partitions for /boot, /, /home, /tmp, and /var/tmp. The reasons for each are different and we will address each partition.
Index: chap-Security_Guide-Securing_Your_Network.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Securing_Your_Network.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- chap-Security_Guide-Securing_Your_Network.html 27 Jan 2009 13:50:51 -0000 1.6
+++ chap-Security_Guide-Securing_Your_Network.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 2. Securing Your Network</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/><link rel="next" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Sec
urity_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Securing_Your_Network">Chapter 2. Securing Your Network</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">2.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="sectio
n"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">2.1.3. Password Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="sec
tion"><a href="sect-Security_Guide-Server_Security.html">2.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">2.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">2.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">2.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">2.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">2.2.6. Securing FTP</a>
</span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">2.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">2.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">2.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">2.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">2.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class
="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">2.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">2.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">2.4. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.4.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">2.4.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Config
uration_File_Format.html">2.4.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">2.4.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">2.4.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">2.4.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">2.4.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">2.4.8. Additional Resources</a></span></dt></dl></dd><dt><span class="sect
ion"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">2.5. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.5.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">2.5.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">2.5.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">2.5.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">2.5.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">2.6. Kerbero
s</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">2.6.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">2.6.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">2.6.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">2.6.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">2.6.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">2.6.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">2.6.7. Domai
n-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">2.6.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">2.6.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">2.6.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html">2.7. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.7.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html">2.7.2. VPNs and Fedora</a></span></dt>
<dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html">2.7.3. IPsec</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html">2.7.4. Creating an IPsec Connection</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html">2.7.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html">2.7.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html">2.7.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html">2.7.8. Starting and Stopping an IPsec C
onnection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">2.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.8.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">2.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">2.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">2.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">2.8.5. FORWARD and NAT Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">2.8.6
. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">2.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">2.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">2.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">2.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">2.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html">2.9.2. Differences Between IPTables and IPChains</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for
_IPTables.html">2.9.3. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">2.9.4. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">2.9.5. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">2.9.6. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">2.9.7. Additional Resources</a></span></dt></dl></dd></dl></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Workstation_Security">2.1. Workstation Security</h2></div></div></div><a id="d0e1789" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 2. Securing Your Network</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/><link rel="next" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secur
ity_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Securing_Your_Network">Chapter 2. Securing Your Network</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">2.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="section"
><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">2.1.3. Password Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="secti
on"><a href="sect-Security_Guide-Server_Security.html">2.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">2.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">2.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">2.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">2.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">2.2.6. Securing FTP</a></
span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">2.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">2.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">2.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">2.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">2.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class="
section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">2.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">2.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">2.4. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.4.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">2.4.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configur
ation_File_Format.html">2.4.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">2.4.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">2.4.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">2.4.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">2.4.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">2.4.8. Additional Resources</a></span></dt></dl></dd><dt><span class="sectio
n"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">2.5. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.5.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">2.5.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">2.5.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">2.5.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">2.5.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">2.6. Kerberos<
/a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">2.6.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">2.6.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">2.6.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">2.6.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">2.6.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">2.6.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">2.6.7. Domain-
to-Realm Mapping</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">2.6.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">2.6.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">2.6.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html">2.7. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.7.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html">2.7.2. VPNs and Fedora</a></span></dt><d
t><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html">2.7.3. IPsec</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html">2.7.4. Creating an IPsec Connection</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html">2.7.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html">2.7.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html">2.7.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html">2.7.8. Starting and Stopping an IPsec Con
nection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">2.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.8.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">2.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">2.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">2.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">2.8.5. FORWARD and NAT Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">2.8.6.
Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">2.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">2.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">2.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">2.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">2.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html">2.9.2. Differences Between IPTables and IPChains</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for_I
PTables.html">2.9.3. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">2.9.4. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">2.9.5. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">2.9.6. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">2.9.7. Additional Resources</a></span></dt></dl></dd></dl></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Workstation_Security">2.1. Workstation Security</h2></div></div></div><a id="d0e1789" class="indexterm"/><div class="para">
Securing a Linux environment begins with the workstation. Whether locking down a personal machine or securing an enterprise system, sound security policy begins with the individual computer. A computer network is only as secure as its weakest node.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating Workstation Security</h3></div></div></div><a id="d0e1797" class="indexterm"/><a id="d0e1804" class="indexterm"/><a id="d0e1811" class="indexterm"/><a id="d0e1818" class="indexterm"/><a id="d0e1825" class="indexterm"/><a id="d0e1832" class="indexterm"/><div class="para">
When evaluating the security of a Fedora workstation, consider the following:
Index: chap-Security_Guide-Security_Overview.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Security_Overview.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- chap-Security_Guide-Security_Overview.html 27 Jan 2009 13:50:51 -0000 1.6
+++ chap-Security_Guide-Security_Overview.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 1. Security Overview</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="We_Need_Feedback.html" title="2. We Need Feedback!"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="We_Need_Feedback.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Security_Overview">Chapter 1. Security Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.2. Security Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#se
ct-Security_Guide-Introduction_to_Security-Conclusion">1.1.3. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_V
ulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="
sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt></dl></dd></dl></div><a id="d0e387" class="indexterm"/><a id="d0e390" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 1. Security Overview</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="We_Need_Feedback.html" title="2. We Need Feedback!"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="We_Need_Feedback.html"><strong>P
rev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Security_Overview">Chapter 1. Security Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.2. Security Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect
-Security_Guide-Introduction_to_Security-Conclusion">1.1.3. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vul
nerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="se
ct-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt></dl></dd></dl></div><a id="d0e387" class="indexterm"/><a id="d0e390" class="indexterm"/><div class="para">
Because of the increased reliance on powerful, networked computers to help run businesses and keep track of our personal information, industries have been formed around the practice of network and computer security. Enterprises have solicited the knowledge and skills of security experts to properly audit systems and tailor solutions to fit the operating requirements of the organization. Because most organizations are dynamic in nature, with workers accessing company IT resources locally and remotely, the need for secure computing environments has become more pronounced.
</div><div class="para">
Unfortunately, most organizations (as well as individual users) regard security as an afterthought, a process that is overlooked in favor of increased power, productivity, and budgetary concerns. Proper security implementation is often enacted <em class="firstterm">postmortem</em> — after an unauthorized intrusion has already occurred. Security experts agree that taking the correct measures prior to connecting a site to an untrusted network, such as the Internet, is an effective means of thwarting most attempts at intrusion.
Index: chap-Security_Guide-Software_Maintenance.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Software_Maintenance.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- chap-Security_Guide-Software_Maintenance.html 27 Jan 2009 13:50:51 -0000 1.6
+++ chap-Security_Guide-Software_Maintenance.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 6. Software Maintenance</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Software_Maintenance">Chapter 6. Software Maintenance</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">6.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-
Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 6. Software Maintenance</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Doc
umentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Software_Maintenance">Chapter 6. Software Maintenance</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">6.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-So
ftware_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></div><div class="para">
Software maintenance is extremely important to maintaining a secure system. It is vital to patch software as soon as it becomes available in order to prevent attackers from using known holes to infiltrate your system.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</h2></div></div></div><div class="para">
It is best practice to install only the packages you will use because each piece of software on your computer could possibly contain a vulnerability. If you are installing from the DVD media take the opportunity to select exactly what packages you want to install during the installation. When you find you need another package, you can always add it to the system later.
Index: index.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/index.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- index.html 27 Jan 2009 13:50:51 -0000 1.6
+++ index.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><meta name="description" content="The Linux Security Guide is designed to assist users of Linux in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. The Linux Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods."/><link rel="home" href="index.html" title="security-guide"/><link rel="next" href="pref-Security_Guide-Preface.html" title="Preface"/></head><bod
y class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Next</strong></a></li></ul><div class="book" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">fedora</span> <span class="productnumber">11</span></div><div><h1 id="d0e1" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 1.0</p><div><h3 class="corpauthor">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><meta name="description" content="The Linux Security Guide is designed to assist users of Linux in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. The Linux Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods."/><link rel="home" href="index.html" title="security-guide"/><link rel="next" href="pref-Security_Guide-Preface.html" title="Preface"/></head><body
class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Next</strong></a></li></ul><div class="book" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">fedora</span> <span class="productnumber">11</span></div><div><h1 id="d0e1" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 1.0</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object type="image/svg+xml" data="Common_Content/images/title_logo.svg"/></span>
</h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller@redhat.com">jrfuller(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha@redhat.com">jha(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien@redhat.com">daobrien(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class=
"surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks@fedoraproject.org">sparks(a)fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan@redhat.com">sradvan(a)redhat.com</a></code></div></div></div><hr/><div><div id="d0e27" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
Copyright <span class="trademark"/>© 2008 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0, (the latest version is presently available at <a href="http://www.opencontent.org/openpub/">http://www.opencontent.org/openpub/</a>).
Index: pref-Security_Guide-Preface.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/pref-Security_Guide-Preface.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- pref-Security_Guide-Preface.html 27 Jan 2009 13:50:51 -0000 1.6
+++ pref-Security_Guide-Preface.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Preface</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="index.html" title="security-guide"/><link rel="next" href="We_Need_Feedback.html" title="2. We Need Feedback!"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="We_Need_Feedback.html"><st
rong>Next</strong></a></li></ul><div class="preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e101">1. Document Conventions</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Preface</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="index.html" title="security-guide"/><link rel="next" href="We_Need_Feedback.html" title="2. We Need Feedback!"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="We_Need_Feedback.html"><stro
ng>Next</strong></a></li></ul><div class="preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e101">1. Document Conventions</h2></div></div></div><div class="para">
This manual uses several conventions to highlight certain words and phrases and draw attention to specific pieces of information.
</div><div class="para">
In PDF and paper editions, this manual uses typefaces drawn from the <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> set. The Liberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes the Liberation Fonts set by default.
Index: sect-Security_Guide-Additional_Resources-Related_Books.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Related_Books.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Additional_Resources-Related_Books.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Additional_Resources-Related_Books.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.3. Related Books</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/><link rel="next" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">2.5.5.3. Related Books</h4></div></div></div><a id="d0e9181" class="indexterm"/><a id="d0e9188" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.3. Related Books</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/><link rel="next" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/
></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">2.5.5.3. Related Books</h4></div></div></div><a id="d0e9181" class="indexterm"/><a id="d0e9188" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<em class="citetitle">Hacking Linux Exposed</em> by Brian Hatch, James Lee, and George Kurtz; Osbourne/McGraw-Hill — An excellent security resource with information about TCP Wrappers and <code class="systemitem">xinetd</code>.
</div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong>2.5.5.2. Useful TCP Wrappers Websites</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong>2.6. Kerberos</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Additional_Resources-Related_Documentation.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Related_Documentation.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Additional_Resources-Related_Documentation.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Additional_Resources-Related_Documentation.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.3. Related Documentation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/><link rel="next" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">2.8.9.3. Related Documentation</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.3. Related Documentation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/><link rel="next" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul c
lass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">2.8.9.3. Related Documentation</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
<em class="citetitle">Red Hat Linux Firewalls</em>, by Bill McCarty; Red Hat Press — a comprehensive reference to building network and server firewalls using open source packet filtering technology such as Netfilter and <code class="command">iptables</code>. It includes topics that cover analyzing firewall logs, developing firewall rules, and customizing your firewall using various graphical tools.
</div></li><li><div class="para">
<em class="citetitle">Linux Firewalls</em>, by Robert Ziegler; New Riders Press — contains a wealth of information on building firewalls using both 2.2 kernel <code class="command">ipchains</code> as well as Netfilter and <code class="command">iptables</code>. Additional security topics such as remote access issues and intrusion detection systems are also covered.
Index: sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.2. Useful Firewall Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">2.8.9.2. Useful Firewall Websites</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.2. Useful Firewall Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">2.8.9.2. Useful Firewall Websites</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The official homepage of the Netfilter and <code class="command">iptables</code> project.
</div></li><li><div class="para">
<a href="http://www.tldp.org/">http://www.tldp.org/</a> — The Linux Documentation Project contains several useful guides relating to firewall creation and administration.
Index: sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7.2. Useful IP Tables Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="prev" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="next" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">2.9.7.2. Useful IP Tables Websites</h4></div></div></div><a id="d0e16307" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7.2. Useful IP Tables Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="prev" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="next" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">2.9.7.2. Useful IP Tables Websites</h4></div></div></div><a id="d0e16307" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The home of the netfilter/iptables project. Contains assorted information about <code class="command">iptables</code>, including a FAQ addressing specific problems and various helpful guides by Rusty Russell, the Linux IP firewall maintainer. The HOWTO documents on the site cover subjects such as basic networking concepts, kernel packet filtering, and NAT configurations.
</div></li><li><div class="para">
<a href="http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html">http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html</a> — An introduction to the way packets move through the Linux kernel, plus an introduction to constructing basic <code class="command">iptables</code> commands.
Index: sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10.2. Useful Kerberos Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">2.6.10.2. Useful Kerberos Websites</h4></div></div></div><a id="d0e10899" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10.2. Useful Kerberos Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">2.6.10.2. Useful Kerberos Websites</h4></div></div></div><a id="d0e10899" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a> — <em class="citetitle">Kerberos: The Network Authentication Protocol</em> webpage from MIT.
</div></li><li><div class="para">
<a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a> — The Kerberos Frequently Asked Questions (FAQ).
Index: sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8.2. Useful PAM Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">2.4.8.2. Useful PAM Websites</h4></div></div></div><a id="d0e7154" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8.2. Useful PAM Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">2.4.8.2. Useful PAM Websites</h4></div></div></div><a id="d0e7154" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — The primary distribution website for the Linux-PAM project, containing information on various PAM modules, a FAQ, and additional PAM documentation.
</div><div class="note"><h2>Note</h2><div class="para">
The documentation in the above website is for the last released upstream version of PAM and might not be 100% accurate for the PAM version included in Fedora.
Index: sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.2. Useful TCP Wrappers Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">2.5.5.2. Useful TCP Wrappers Websites</h4></div></div></div><a id="d0e9144" class="indexterm"/><a id="d0e9151" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.2. Useful TCP Wrappers Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">2.5.5.2. Useful TCP Wrappers Websites</h4></div></div></div><a id="d0e9144" class="indexterm"/><a id="d0e9151" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.xinetd.org">http://www.xinetd.org/</a> — The home of <code class="systemitem">xinetd</code>, containing sample configuration files, a full listing of features, and an informative FAQ.
</div></li><li><div class="para">
<a href="http://www.macsecurity.org/resources/xinetd/tutorial.shtml">http://www.macsecurity.org/resources/xinetd/tutorial.shtml</a> — A thorough tutorial that discusses many different ways to optimize default <code class="systemitem">xinetd</code> configuration files to meet specific security goals.
Index: sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.2. Access Control Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.p
ng" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">2.5.4.3.2. Access Control Options</h5></div></div></div><a id="d0e8677" class="indexterm"/><a id="d0e8685" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.2. Access Control Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png
" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">2.5.4.3.2. Access Control Options</h5></div></div></div><a id="d0e8677" class="indexterm"/><a id="d0e8685" class="indexterm"/><div class="para">
Users of <code class="systemitem">xinetd</code> services can choose to use the TCP Wrappers hosts access rules, provide access control via the <code class="systemitem">xinetd</code> configuration files, or a mixture of both. Refer to <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files">Section 2.5.2, “TCP Wrappers Configuration Files”</a> for more information about TCP Wrappers hosts access control files.
</div><div class="para">
This section discusses using <code class="systemitem">xinetd</code> to control access to services.
Index: sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.3. Binding and Redirection Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Produ
ct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">2.5.4.3.3. Binding and Redirection Options</h5></div></div></div><a id="d0e8847" class="indexterm"/><a id="d0e8855" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.3. Binding and Redirection Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">2.5.4.3.3. Binding and Redirection Options</h5></div></div></div><a id="d0e8847" class="indexterm"/><a id="d0e8855" class="indexterm"/><div class="para">
The service configuration files for <code class="systemitem">xinetd</code> support binding the service to an IP address and redirecting incoming requests for that service to another IP address, hostname, or port.
</div><div class="para">
Binding is controlled with the <code class="option">bind</code> option in the service-specific configuration files and links the service to one IP address on the system. When this is configured, the <code class="option">bind</code> option only allows requests to the correct IP address to access the service. You can use this method to bind different services to different network interfaces based on requirements.
Index: sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.4. Resource Management Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">2.5.4.3.4. Resource Management Options</h5></div></div></div><a id="d0e8937" class="indexterm"/><a id="d0e8945" class="indexterm"/><a id="d0e8951" class="indexterm"/><a id="d0e8956" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.4. Resource Management Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a c
lass="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">2.5.4.3.4. Resource Management Options</h5></div></div></div><a id="d0e8937" class="indexterm"/><a id="d0e8945" class="indexterm"/><a id="d0e8951" class="indexterm"/><a id="d0e8956" class="indexterm"/><div class="para">
The <code class="systemitem">xinetd</code> daemon can add a basic level of protection from Denial of Service (DoS) attacks. The following is a list of directives which can aid in limiting the effectiveness of such attacks:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">per_source</code> — Defines the maximum number of instances for a service per source IP address. It accepts only integers as an argument and can be used in both <code class="filename">xinetd.conf</code> and in the service-specific configuration files in the <code class="filename">xinetd.d/</code> directory.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.2. Threats to Network Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conten
t/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</h3></div></div></div><a id="d0e1068" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.2. Threats to Network Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</h3></div></div></div><a id="d0e1068" class="indexterm"/><div class="para">
Bad practices when configuring the following aspects of a network can increase the risk of attack.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.3.2.1. Insecure Architectures</h4></div></div></div><a id="d0e1078" class="indexterm"/><div class="para">
A misconfigured network is a primary entry point for unauthorized users. Leaving a trust-based, open local network vulnerable to the highly-insecure Internet is much like leaving a door ajar in a crime-ridden neighborhood — nothing may happen for an arbitrary amount of time, but <span class="emphasis"><em>eventually</em></span> someone exploits the opportunity.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3. Threats to Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</h3></div></div></div><a id="d0e1109" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3. Threats to Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</h3></div></div></div><a id="d0e1109" class="indexterm"/><div class="para">
Server security is as important as network security because servers often hold a great deal of an organization's vital information. If a server is compromised, all of its contents may become available for the cracker to steal or manipulate at will. The following sections detail some of the main issues.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.3.3.1. Unused Services and Open Ports</h4></div></div></div><a id="d0e1119" class="indexterm"/><div class="para">
A full installation of Fedora contains 1000+ application and library packages. However, most server administrators do not opt to install every single package in the distribution, preferring instead to install a base installation of packages, including several server applications.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4. Threats to Workstation and Home PC Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class
="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</h3></div></div></div><a id="d0e1204" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4. Threats to Workstation and Home PC Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="
right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</h3></div></div></div><a id="d0e1204" class="indexterm"/><div class="para">
Workstations and home PCs may not be as prone to attack as networks or servers, but since they often contain sensitive data, such as credit card information, they are targeted by system crackers. Workstations can also be co-opted without the user's knowledge and used by attackers as "slave" machines in coordinated attacks. For these reasons, knowing the vulnerabilities of a workstation can save users the headache of reinstalling the operating system, or worse, recovering from data theft.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.3.4.1. Bad Passwords</h4></div></div></div><a id="d0e1214" class="indexterm"/><div class="para">
Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on how to avoid common pitfalls when creating a password, refer to <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security" title="2.1.3. Password Security">Section 2.1.3, “Password Security”</a>.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Attackers_and_Vulnerabilities.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Attackers_and_Vulnerabilities.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3. Attackers and Vulnerabilities</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
ommon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</h2></div></div></div><a id="d0e968" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3. Attackers and Vulnerabilities</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</h2></div></div></div><a id="d0e968" class="indexterm"/><div class="para">
To plan and implement a good security strategy, first be aware of some of the issues which determined, motivated attackers exploit to compromise systems. But before detailing these issues, the terminology used when identifying an attacker must be defined.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</h3></div></div></div><a id="d0e976" class="indexterm"/><a id="d0e981" class="indexterm"/><div class="para">
The modern meaning of the term <em class="firstterm">hacker</em> has origins dating back to the 1960s and the Massachusetts Institute of Technology (MIT) Tech Model Railroad Club, which designed train sets of large scale and intricate detail. Hacker was a name used for club members who discovered a clever trick or workaround for a problem.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.6. Activating the IPTables Service</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/><link rel="next" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">2.8.2.6. Activating the IPTables Service</h4></div></div></div><a id="d0e13169" class="indexterm"/><a id="d0e13177" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.6. Activating the IPTables Service</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/><link rel="next" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_ri
ght.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">2.8.2.6. Activating the IPTables Service</h4></div></div></div><a id="d0e13169" class="indexterm"/><a id="d0e13177" class="indexterm"/><div class="para">
The firewall rules are only active if the <code class="command">iptables</code> service is running. To manually start the service, use the following command:
</div><pre class="screen">[root@myServer ~] # service iptables restart
</pre><div class="para">
Index: sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.2. Enabling and Disabling the Firewall</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">2.8.2.2. Enabling and Disabling the Firewall</h4></div></div></div><a id="d0e12967" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.2. Enabling and Disabling the Firewall</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">2.8.2.2. Enabling and Disabling the Firewall</h4></div></div></div><a id="d0e12967" class="indexterm"/><div class="para">
Select one of the following options for the firewall:
</div><div class="itemizedlist"><ul><li><div class="para">
<span class="guilabel"><strong>Disabled</strong></span> — Disabling the firewall provides complete access to your system and does no security checking. This should only be selected if you are running on a trusted network (not the Internet) or need to configure a custom firewall using the iptables command line tool.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.4. Other Ports</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">2.8.2.4. Other Ports</h4></div></div></div><a id="d0e13094" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.4. Other Ports</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
ge_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">2.8.2.4. Other Ports</h4></div></div></div><a id="d0e13094" class="indexterm"/><div class="para">
The <span class="application"><strong>Firewall Configuration Tool</strong></span> includes an <span class="guilabel"><strong>Other ports</strong></span> section for specifying custom IP ports as being trusted by <code class="command">iptables</code>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <span class="guilabel"><strong>Other ports</strong></span> section:
</div><div class="para">
<code class="computeroutput">194:tcp,631:tcp</code>
Index: sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.5. Saving the Settings</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
ommon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">2.8.2.5. Saving the Settings</h4></div></div></div><a id="d0e13122" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.5. Saving the Settings</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">2.8.2.5. Saving the Settings</h4></div></div></div><a id="d0e13122" class="indexterm"/><div class="para">
Click <span class="guibutton"><strong>OK</strong></span> to save the changes and enable or disable the firewall. If <span class="guilabel"><strong>Enable firewall</strong></span> was selected, the options selected are translated to <code class="command">iptables</code> commands and written to the <code class="filename">/etc/sysconfig/iptables</code> file. The <code class="command">iptables</code> service is also started so that the firewall is activated immediately after saving the selected options. If <span class="guilabel"><strong>Disable firewall</strong></span> was selected, the <code class="filename">/etc/sysconfig/iptables</code> file is removed and the <code class="command">iptables</code> service is stopped immediately.
</div><div class="para">
The selected options are also written to the <code class="filename">/etc/sysconfig/system-config-securitylevel</code> file so that the settings can be restored the next time the application is started. Do not edit this file by hand.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.3. Trusted Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img s
rc="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">2.8.2.3. Trusted Services</h4></div></div></div><a id="d0e13007" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.3. Trusted Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src
="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">2.8.2.3. Trusted Services</h4></div></div></div><a id="d0e13007" class="indexterm"/><div class="para">
Enabling options in the <span class="guilabel"><strong>Trusted services</strong></span> list allows the specified service to pass through the firewall.
</div><div class="variablelist"><dl><dt><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
The HTTP protocol is used by Apache (and by other Web servers) to serve web pages. If you plan on making your Web server publicly available, select this check box. This option is not required for viewing pages locally or for developing web pages. This service requires that the <code class="filename">httpd</code> package be installed.
Index: sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.2. Command Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">2.9.3.2. Command Options</h4></div></div></div><a id="d0e14521" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.2. Command Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">2.9.3.2. Command Options</h4></div></div></div><a id="d0e14521" class="indexterm"/><div class="para">
Command options instruct <code class="command">iptables</code> to perform a specific action. Only one command option is allowed per <code class="command">iptables</code> command. With the exception of the help command, all commands are written in upper-case characters.
</div><div class="para">
The <code class="command">iptables</code> commands are as follows:
Index: sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4. IPTables Match Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Cont
ent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">2.9.3.4. IPTables Match Options</h4></div></div></div><a id="d0e14918" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4. IPTables Match Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conten
t/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">2.9.3.4. IPTables Match Options</h4></div></div></div><a id="d0e14918" class="indexterm"/><div class="para">
Different network protocols provide specialized matching options which can be configured to match a particular packet using that protocol. However, the protocol must first be specified in the <code class="command">iptables</code> command. For example, <code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> enables options for the specified protocol. Note that you can also use the protocol ID, instead of the protocol name. Refer to the following examples, each of which have the same effect:
</div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code>
</pre><div class="para">
Index: sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.3. IPTables Parameter Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">2.9.3.3. IPTables Parameter Options</h4></div></div></div><a id="d0e14685" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.3. IPTables Parameter Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_
Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">2.9.3.3. IPTables Parameter Options</h4></div></div></div><a id="d0e14685" class="indexterm"/><div class="para">
Certain <code class="command">iptables</code> commands, including those used to add, append, delete, insert, or replace rules within a particular chain, require various parameters to construct a packet filtering rule.
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">-c</code> — Resets the counters for a particular rule. This parameter accepts the <code class="option">PKTS</code> and <code class="option">BYTES</code> options to specify which counter to reset.
Index: sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.6. Listing Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/><link rel="next" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">2.9.3.6. Listing Options</h4></div></div></div><a id="d0e15548" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.6. Listing Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/><link rel="next" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">2.9.3.6. Listing Options</h4></div></div></div><a id="d0e15548" class="indexterm"/><div class="para">
The default list command, <code class="command">iptables -L [<chain-name>]</code>, provides a very basic overview of the default filter table's current chains. Additional options provide more information:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">-v</code> — Displays verbose output, such as the number of packets and bytes each chain has processed, the number of packets and bytes each rule has matched, and which interfaces apply to a particular rule.
Index: sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.5. Target Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">2.9.3.5. Target Options</h4></div></div></div><a id="d0e15389" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.5. Target Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">2.9.3.5. Target Options</h4></div></div></div><a id="d0e15389" class="indexterm"/><div class="para">
When a packet has matched a particular rule, the rule can direct the packet to a number of different targets which determine the appropriate action. Each chain has a default target, which is used if none of the rules on that chain match a packet or if none of the rules which match the packet specify a target.
</div><div class="para">
The following are the standard targets:
Index: sect-Security_Guide-Common_Exploits_and_Attacks.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Common_Exploits_and_Attacks.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Common_Exploits_and_Attacks.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Common_Exploits_and_Attacks.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.4. Common Exploits and Attacks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/><link rel="next" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</h2></div></div></div><a id="d0e1244" class="indexterm"/><a id="d0e1249" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.4. Common Exploits and Attacks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/><link rel="next" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.pn
g" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</h2></div></div></div><a id="d0e1244" class="indexterm"/><a id="d0e1249" class="indexterm"/><div class="para">
<a class="xref" href="sect-Security_Guide-Common_Exploits_and_Attacks.html#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits" title="Table 1.1. Common Exploits">Table 1.1, “Common Exploits”</a> details some of the most common exploits and entry points used by intruders to access organizational network resources. Key to these common exploits are the explanations of how they are performed and how administrators can properly safeguard their network against such attacks.
</div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><div class="table-contents"><table summary="Common Exploits" border="1"><colgroup><col width="2*"/><col width="4*"/><col width="4*"/></colgroup><thead><tr><th>
Exploit
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.2. Step-by-Step Installation Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</h3></div></div></div><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.2. Step-by-Step Installation Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</h3></div></div></div><div class="itemizedlist"><ul><li><div class="para">
Open a Terminal: <code class="code">Click ''Applications'' -> ''System Tools'' -> ''Terminal''</code>
</div></li><li><div class="para">
Install 7-Zip with sudo access: <code class="code">sudo yum install p7zip</code>
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.4. Things of note</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.4. Things of note</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</h3></div></div></div><div class="para">
7-Zip is not shipped by default with Microsoft Windows or Mac OS X. If you need to use your 7-Zip files on those platforms you will need to install the appropriate version of 7-Zip on those computers. See the 7-Zip <a href="http://www.7-zip.org/download.html">download page</a>.
</div><div class="para">
GNOME's File Roller application will recognize your .7z files and attempt to open them, but it will fail with the error "''An error occurred while loading the archive.''" when it attempts to do so. This is because File Roller does not currently support the extraction of encrypted 7-Zip files. A bug report ([http://bugzilla.gnome.org/show_bug.cgi?id=490732 Gnome Bug 490732]) has been submitted.
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html 28 Jan 2009 00:04:28 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.3. Step-by-Step Usage Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraprojec
t.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.3. Step-by-Step Usage Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.
org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</h3></div></div></div><div class="para">
By following these instructions you are going to compress and encrypt your "Documents" directory. Your original "Documents" directory will remain unaltered. This technique can be applied to any directory or file you have access to on the filesystem.
</div><div class="itemizedlist"><ul><li><div class="para">
Open a Terminal:<code class="code">Click ''Applications'' -> ''System Tools'' -> ''Terminal''</code>
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8. 7-Zip Encrypted Archives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right
.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8. 7-Zip Encrypted Archives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.p
ng" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</h2></div></div></div><div class="para">
<a href="http://www.7-zip.org/">7-Zip</a> is a cross-platform, next generation, file compression tool that can also use strong encryption (AES-256) to protect the contents of the archive. This is extremely useful when you need to move data between multiple computers that use varying operating systems (i.e. Linux at home, Windows at work) and you want a portable encryption solution.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</h3></div></div></div><div class="para">
7-Zip is not a base package in Fedora, but it is available in the software repository. Once installed, the package will update alongside the rest of the software on the computer with no special attention necessary.
Index: sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.2. Full Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="next" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.2. Full Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="next" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li cl
ass="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</h2></div></div></div><div class="para">
Full disk or partition encryption is one of the best ways of protecting your data. Not only is each file protected but also the temporary storage that may contain parts of these files is also protected. Full disk encryption will protect all of your files so you don't have to worry about selecting what you want to protect and possibly missing a file.
</div><div class="para">
Fedora 9 natively supports LUKS Encryption. LUKS will bulk encrypt your hard drive partitions so that while your computer is off your data is protected. This will also protect your computer from attackers attempting to use single-user-mode to login to your computer or otherwise gain access. LUKS can be manually setup on Fedora 8.
Index: sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html 27 Jan 2009 13:50:51 -0000 1.4
+++ sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html 28 Jan 2009 00:04:29 -0000 1.5
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.4. About Public Key Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/><link rel="next" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject
.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.4. About Public Key Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/><link rel="next" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
<a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Wikipedia - Public Key Cryptography</a>
</div></li><li><div class="para">
<a href="http://computer.howstuffworks.com/encryption.htm">HowStuffWorks - Encryption</a>
Index: sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html 27 Jan 2009 13:50:51 -0000 1.4
+++ sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html 28 Jan 2009 00:04:29 -0000 1.5
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.3. Creating GPG Keys Using the Command Line</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.3. Creating GPG Keys Using the Command Line</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</h3></div></div></div><div class="para">
Use the following shell command: <code class="code">gpg --gen-key</code>
</div><div class="para">
This command generates a key pair that consists of a public and a private key. Other people use your public key to authenticate and/or decrypt your communications. Distribute your public key as widely as possible, especially to people who you know will want to receive authentic communications from you, such as a mailing list. The Fedora Documentation Project, for example, asks participants to include a GPG public key in their self-introduction.
Index: sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html 27 Jan 2009 13:50:51 -0000 1.4
+++ sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html 28 Jan 2009 00:04:29 -0000 1.5
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.2. Creating GPG Keys in KDE</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.2. Creating GPG Keys in KDE</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</h3></div></div></div><div class="para">
Start the KGpg program from the main menu by selecting Applications > Utilities > Encryption Tool. If you have never used KGpg before, the program walks you through the process of creating your own GPG keypair. A dialog box appears prompting you to create a new key pair. Enter your name, email address, and an optional comment. You can also choose an expiration time for your key, as well as the key strength (number of bits) and algorithms. The next dialog box prompts you for your passphrase. At this point, your key appears in the main <code class="code">KGpg</code> window.
</div><div class="warning"><h2>Warning</h2><div class="para">
If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
Index: sect-Security_Guide-Encryption-Using_GPG.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sect-Security_Guide-Encryption-Using_GPG.html 27 Jan 2009 13:50:51 -0000 1.4
+++ sect-Security_Guide-Encryption-Using_GPG.html 28 Jan 2009 00:04:29 -0000 1.5
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9. Using GNU Privacy Guard (GnuPG)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9. Using GNU Privacy Guard (GnuPG)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</h2></div></div></div><div class="para">
GPG is used to identify yourself and authenticate your communications, including those with people you don't know. GPG allows anyone reading a GPG-signed email to verify its authenticity. In other words, GPG allows someone to be reasonably certain that communications signed by you actually are from you. GPG is useful because it helps prevent third parties from altering code or intercepting conversations and altering the message.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</h3></div></div></div><div class="para">
Install the Seahorse utility, which makes GPG key management easier. From the main menu, select <code class="code">System > Administration > Add/Remove Software</code> and wait for PackageKit to start. Enter <code class="code">Seahorse</code> into the text box and select the Find. Select the checkbox next to the ''seahorse'' package and select ''Apply'' to add the software. You can also install <code class="code">Seahorse</code> at the command line with the command <code class="code">su -c "yum install seahorse"</code>.
Index: sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.5. Anticipating Your Future Needs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.2.3.5. Anticipating Your Future Needs</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.5. Anticipating Your Future Needs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.2.3.5. Anticipating Your Future Needs</h4></div></div></div><div class="para">
Depending upon your target and resources, there are many tools available. There are tools for wireless networks, Novell networks, Windows systems, Linux systems, and more. Another essential part of performing assessments may include reviewing physical security, personnel screening, or voice/PBX network assessment. New concepts, such as <em class="firstterm">war walking</em> scanning the perimeter of your enterprise's physical structures for wireless network vulnerabilities are some emerging concepts that you can investigate and, if needed, incorporate into your assessments. Imagination and exposure are the only limits of planning and conducting vulnerability assessments.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong>1.2.3.4. VLAD the Scanner</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong>1.3. Attackers and Vulnerabilities</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Evaluating_the_Tools-Nessus.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Nessus.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Evaluating_the_Tools-Nessus.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Evaluating_the_Tools-Nessus.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.2. Nessus</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.2.3.2. Nessus</h4></div></div></div><a id="d0e882" class="indexterm"/><a id="d0e887" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.2. Nessus</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/>
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.2.3.2. Nessus</h4></div></div></div><a id="d0e882" class="indexterm"/><a id="d0e887" class="indexterm"/><div class="para">
Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.
</div><div class="note"><h2>Note</h2><div class="para">
Nessus is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-Evaluating_the_Tools-Nikto.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Nikto.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Evaluating_the_Tools-Nikto.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Evaluating_the_Tools-Nikto.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.3. Nikto</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.2.3.3. Nikto</h4></div></div></div><a id="d0e907" class="indexterm"/><a id="d0e912" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.3. Nikto</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.2.3.3. Nikto</h4></div></div></div><a id="d0e907" class="indexterm"/><a id="d0e912" class="indexterm"/><div class="para">
Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems. It comes with thorough documentation which should be carefully reviewed prior to running the program. If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.
</div><div class="note"><h2>Note</h2><div class="para">
Nikto is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.4. VLAD the Scanner</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.p
ng" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.2.3.4. VLAD the Scanner</h4></div></div></div><a id="d0e932" class="indexterm"/><a id="d0e937" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.4. VLAD the Scanner</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.2.3.4. VLAD the Scanner</h4></div></div></div><a id="d0e932" class="indexterm"/><a id="d0e937" class="indexterm"/><div class="para">
VLAD is a vulnerabilities scanner developed by the <acronym class="acronym">RAZOR</acronym> team at Bindview, Inc., which checks for the SANS Top Ten list of common security issues (SNMP issues, file sharing issues, etc.). While not as full-featured as Nessus, VLAD is worth investigating.
</div><div class="note"><h2>Note</h2><div class="para">
VLAD is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.3. DMZs and IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/><link rel="next" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">2.8.5.3. DMZs and IPTables</h4></div></div></div><a id="d0e13658" class="indexterm"/><a id="d0e13664" class="indexterm"/><a id="d0e13669" class="indexterm"/><a id="d0e13672" class="indexterm"/><a id="d0e13680" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.3. DMZs and IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/><link rel="next" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
ge_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">2.8.5.3. DMZs and IPTables</h4></div></div></div><a id="d0e13658" class="indexterm"/><a id="d0e13664" class="indexterm"/><a id="d0e13669" class="indexterm"/><a id="d0e13672" class="indexterm"/><a id="d0e13680" class="indexterm"/><div class="para">
You can create <code class="command">iptables</code> rules to route traffic to certain machines, such as a dedicated HTTP or FTP server, in a <em class="firstterm">demilitarized zone</em> (<acronym class="acronym">DMZ</acronym>). A <acronym class="acronym">DMZ</acronym> is a special local subnetwork dedicated to providing services on a public carrier, such as the Internet.
</div><div class="para">
For example, to set a rule for routing incoming HTTP requests to a dedicated HTTP server at 10.0.4.2 (outside of the 192.168.1.0/24 range of the LAN), NAT uses the <code class="computeroutput">PREROUTING</code> table to forward the packets to the appropriate destination:
Index: sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.2. Prerouting</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">2.8.5.2. Prerouting</h4></div></div></div><a id="d0e13624" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.2. Prerouting</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">2.8.5.2. Prerouting</h4></div></div></div><a id="d0e13624" class="indexterm"/><div class="para">
If you have a server on your internal network that you want make available externally, you can use the <code class="option">-j DNAT</code> target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded.
</div><div class="para">
For example, if you want to forward incoming HTTP requests to your dedicated Apache HTTP Server at 172.31.0.23, use the following command:
Index: sect-Security_Guide-Firewalls-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Additional_Resources.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-Additional_Resources.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-Additional_Resources.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previo
us"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">2.8.9. Additional Resources</h3></div></div></div><a id="d0e13897" class="indexterm"/><a id="d0e13902" class="indexterm"/><a id="d0e13907" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">2.8.9. Additional Resources</h3></div></div></div><a id="d0e13897" class="indexterm"/><a id="d0e13902" class="indexterm"/><a id="d0e13907" class="indexterm"/><div class="para">
There are several aspects to firewalls and the Linux Netfilter subsystem that could not be covered in this chapter. For more information, refer to the following resources.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">2.8.9.1. Installed Firewall Documentation</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
Refer to <a class="xref" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables">Section 2.9, “IPTables”</a> for more detailed information on the <code class="command">iptables</code> command, including definitions for many command options.
Index: sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2. Basic Firewall Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p>
<ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.8.2. Basic Firewall Configuration</h3></div></div></div><a id="d0e12900" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2. Basic Firewall Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><u
l class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.8.2. Basic Firewall Configuration</h3></div></div></div><a id="d0e12900" class="indexterm"/><div class="para">
Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent malicious software from spreading to your computer. It also helps to prevent unauthorized users from accessing your computer.
</div><div class="para">
In a default Fedora installation, a firewall exists between your computer or network and any untrusted networks, for example the Internet. It determines which services on your computer remote users can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any Fedora system with an Internet connection.
Index: sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.4. Common IPTables Filtering</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/><link rel="next" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentat
ion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.8.4. Common IPTables Filtering</h3></div></div></div><a id="d0e13397" class="indexterm"/><a id="d0e13405" class="indexterm"/><a id="d0e13413" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.4. Common IPTables Filtering</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/><link rel="next" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentatio
n Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.8.4. Common IPTables Filtering</h3></div></div></div><a id="d0e13397" class="indexterm"/><a id="d0e13405" class="indexterm"/><a id="d0e13413" class="indexterm"/><div class="para">
Preventing remote attackers from accessing a LAN is one of the most important aspects of network security. The integrity of a LAN should be protected from malicious remote users through the use of stringent firewall rules.
</div><div class="para">
However, with a default policy set to block all incoming, outgoing, and forwarded packets, it is impossible for the firewall/gateway and internal LAN users to communicate with each other or with external resources.
Index: sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5. FORWARD and NAT Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><
li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</h3></div></div></div><a id="d0e13489" class="indexterm"/><a id="d0e13494" class="indexterm"/><a id="d0e13497" class="indexterm"/><a id="d0e13504" class="indexterm"/><a id="d0e13512" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5. FORWARD and NAT Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</h3></div></div></div><a id="d0e13489" class="indexterm"/><a id="d0e13494" class="indexterm"/><a id="d0e13497" class="indexterm"/><a id="d0e13504" class="indexterm"/><a id="d0e13512" class="indexterm"/><div class="para">
Most ISPs provide only a limited number of publicly routable IP addresses to the organizations they serve.
</div><div class="para">
Administrators must, therefore, find alternative ways to share access to Internet services without giving public IP addresses to every node on the LAN. Using private IP addresses is the most common way of allowing all nodes on a LAN to properly access internal and external network services.
Index: sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.7. IPTables and Connection Tracking</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/><link rel="next" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.8.7. IPTables and Connection Tracking</h3></div></div></div><a id="d0e13781" class="indexterm"/><a id="d0e13786" class="indexterm"/><a id="d0e13791" class="indexterm"/><a id="d0e13797" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.7. IPTables and Connection Tracking</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/><link rel="next" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.8.7. IPTables and Connection Tracking</h3></div></div></div><a id="d0e13781" class="indexterm"/><a id="d0e13786" class="indexterm"/><a id="d0e13791" class="indexterm"/><a id="d0e13797" class="indexterm"/><div class="para">
You can inspect and restrict connections to services based on their <em class="firstterm">connection state.</em> A module within <code class="command">iptables</code> uses a method called <em class="firstterm">connection tracking</em> to store information about incoming connections. You can allow or deny access based on the following connection states:
</div><a id="d0e13814" class="indexterm"/><a id="d0e13822" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<code class="option">NEW</code> — A packet requesting a new connection, such as an HTTP request.
Index: sect-Security_Guide-Firewalls-IPv6.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-IPv6.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-IPv6.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-IPv6.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.8. IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/><link rel="next" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">2.8.8. IPv6</h3></div></div></div><a id="d0e13865" class="indexterm"/><a id="d0e13869" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.8. IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/><link rel="next" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav">
<li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">2.8.8. IPv6</h3></div></div></div><a id="d0e13865" class="indexterm"/><a id="d0e13869" class="indexterm"/><div class="para">
The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses, and carrier networks that are IPv6 aware are therefore able to address a larger number of routable addresses than IPv4.
</div><div class="para">
Fedora supports IPv6 firewall rules using the Netfilter 6 subsystem and the <code class="command">ip6tables</code> command. In Fedora 5, both IPv4 and IPv6 services are enabled by default.
Index: sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.6. Malicious Software and Spoofed IP Addresses</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/><link rel="next" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.8.6. Malicious Software and Spoofed IP Addresses</h3></div></div></div><a id="d0e13716" class="indexterm"/><a id="d0e13721" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.6. Malicious Software and Spoofed IP Addresses</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/><link rel="next" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.8.6. Malicious Software and Spoofed IP Addresses</h3></div></div></div><a id="d0e13716" class="indexterm"/><a id="d0e13721" class="indexterm"/><div class="para">
More elaborate rules can be created that control access to specific subnets, or even specific nodes, within a LAN. You can also restrict certain dubious applications or programs such as trojans, worms, and other client/server viruses from contacting their server.
</div><div class="para">
For example, some trojans scan networks for services on ports from 31337 to 31340 (called the <span class="emphasis"><em>elite</em></span> ports in cracking terminology).
Index: sect-Security_Guide-Firewalls-Using_IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Using_IPTables.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls-Using_IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls-Using_IPTables.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3. Using IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">2.8.3. Using IPTables</h3></div></div></div><a id="d0e13220" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3. Using IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docume
ntation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">2.8.3. Using IPTables</h3></div></div></div><a id="d0e13220" class="indexterm"/><div class="para">
The first step in using <code class="command">iptables</code> is to start the <code class="command">iptables</code> service. Use the following command to start the <code class="command">iptables</code> service:
</div><pre class="screen">[root@myServer ~] # service iptables start
</pre><div class="note"><h2>Note</h2><div class="para">
Index: sect-Security_Guide-Firewalls.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Firewalls.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Firewalls.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8. Firewalls</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Firewalls">2.8. Firewalls</h2></div></div></div><a id="d0e12706" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8. Firewalls</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Firewalls">2.8. Firewalls</h2></div></div></div><a id="d0e12706" class="indexterm"/><div class="para">
Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. Fedora includes several tools to assist administrators and security engineers with network-level access control issues.
</div><div class="para">
Firewalls are one of the core components of a network security implementation. Several vendors market firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding vital enterprise information. Firewalls can be stand-alone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint, McAfee, and Symantec have also developed proprietary software firewall solutions for home and business markets.
Index: sect-Security_Guide-IPTables-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Additional_Resources.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables-Additional_Resources.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables-Additional_Resources.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">2.9.7. Additional Resources</h3></div></div></div><a id="d0e16266" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">2.9.7. Additional Resources</h3></div></div></div><a id="d0e16266" class="indexterm"/><div class="para">
Refer to the following sources for additional information on packet filtering with <code class="command">iptables</code>.
</div><div class="itemizedlist"><ul><li><div class="para">
<a class="xref" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls">Section 2.8, “Firewalls”</a> — Contains a chapter about the role of firewalls within an overall security strategy as well as strategies for constructing firewall rules.
Index: sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables-Command_Options_for_IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables-Command_Options_for_IPTables.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3. Command Options for IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" a
lt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.9.3. Command Options for IPTables</h3></div></div></div><a id="d0e14384" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3. Command Options for IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.9.3. Command Options for IPTables</h3></div></div></div><a id="d0e14384" class="indexterm"/><div class="para">
Rules for filtering packets are created using the <code class="command">iptables</code> command. The following aspects of the packet are most often used as criteria:
</div><div class="itemizedlist"><ul><li><div class="para">
<span class="emphasis"><em>Packet Type</em></span> — Specifies the type of packets the command filters.
Index: sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.2. Differences Between IPTables and IPChains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="next" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li clas
s="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains">2.9.2. Differences Between IPTables and IPChains</h3></div></div></div><a id="d0e14285" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.2. Differences Between IPTables and IPChains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="next" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains">2.9.2. Differences Between IPTables and IPChains</h3></div></div></div><a id="d0e14285" class="indexterm"/><div class="para">
Both <code class="command">ipchains</code> and <code class="command">iptables</code> use chains of rules that operate within the Linux kernel to filter packets based on matches with specified rules or rule sets. However, <code class="command">iptables</code> offers a more extensible way of filtering packets, giving the administrator greater control without building undue complexity into the system.
</div><div class="para">
You should be aware of the following significant differences between <code class="command">ipchains</code> and <code class="command">iptables</code>:
Index: sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables-IPTables_Control_Scripts.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables-IPTables_Control_Scripts.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.5. IPTables Control Scripts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.9.5. IPTables Control Scripts</h3></div></div></div><a id="d0e15778" class="indexterm"/><a id="d0e15786" class="indexterm"/><a id="d0e15794" class="indexterm"/><a id="d0e15802" class="indexterm"/><a id="d0e15810" class="indexterm"/><a id="d0e15818" class="indexterm"/><a id="d0e15826" class="indexterm"/><a id="d0e15834" class="indexterm"/><a id="d0e15842" class="indexterm"/><a id="d0e15850" class="indexterm"/><a id="d0e15858" class="indexterm"/><a id="d0e15866" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.5. IPTables Control Scripts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="p
revious"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.9.5. IPTables Control Scripts</h3></div></div></div><a id="d0e15778" class="indexterm"/><a id="d0e15786" class="indexterm"/><a id="d0e15794" class="indexterm"/><a id="d0e15802" class="indexterm"/><a id="d0e15810" class="indexterm"/><a id="d0e15818" class="indexterm"/><a id="d0e15826" class="indexterm"/><a id="d0e15834" class="indexterm"/><a id="d0e15842" class="indexterm"/><a id="d0e15850" class="indexterm"/><a id="d0e15858" class="indexterm"/><a id="d0e15866" class="indexterm"/><div class="para">
There are two basic methods for controlling <code class="command">iptables</code> in Fedora:
</div><div class="itemizedlist"><ul><li><div class="para">
<span class="application"><strong>Firewall Configuration Tool</strong></span> (<code class="command">system-config-securitylevel</code>) — A graphical interface for creating, activating, and saving basic firewall rules. Refer to <a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration">Section 2.8.2, “Basic Firewall Configuration”</a> for more information.
Index: sect-Security_Guide-IPTables-IPTables_and_IPv6.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-IPTables_and_IPv6.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables-IPTables_and_IPv6.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables-IPTables_and_IPv6.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.6. IPTables and IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/><link rel="next" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">2.9.6. IPTables and IPv6</h3></div></div></div><a id="d0e16202" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.6. IPTables and IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/><link rel="next" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li cla
ss="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">2.9.6. IPTables and IPv6</h3></div></div></div><a id="d0e16202" class="indexterm"/><div class="para">
If the <code class="filename">iptables-ipv6</code> package is installed, netfilter in Fedora can filter the next-generation IPv6 Internet protocol. The command used to manipulate the IPv6 netfilter is <code class="command">ip6tables</code>.
</div><div class="para">
Most directives for this command are identical to those used for <code class="command">iptables</code>, except the <code class="command">nat</code> table is not yet supported. This means that it is not yet possible to perform IPv6 network address translation tasks, such as masquerading and port forwarding.
Index: sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables-Saving_IPTables_Rules.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables-Saving_IPTables_Rules.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.4. Saving IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.9.4. Saving IPTables Rules</h3></div></div></div><a id="d0e15613" class="indexterm"/><a id="d0e15619" class="indexterm"/><a id="d0e15627" class="indexterm"/><a id="d0e15634" class="indexterm"/><a id="d0e15641" class="indexterm"/><a id="d0e15649" class="indexterm"/><a id="d0e15658" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.4. Saving IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.9.4. Saving IPTables Rules</h3></div></div></div><a id="d0e15613" class="indexterm"/><a id="d0e15619" class="indexterm"/><a id="d0e15627" class="indexterm"/><a id="d0e15634" class="indexterm"/><a id="d0e15641" class="indexterm"/><a id="d0e15649" class="indexterm"/><a id="d0e15658" class="indexterm"/><div class="para">
Rules created with the <code class="command">iptables</code> command are stored in memory. If the system is restarted before saving the <code class="command">iptables</code> rule set, all rules are lost. For netfilter rules to persist through a system reboot, they need to be saved. To save netfilter rules, type the following command as root:
</div><pre class="screen"><code class="command"> /sbin/service iptables save </code>
</pre><div class="para">
Index: sect-Security_Guide-IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9. IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/><link rel="next" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
ge_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-IPTables">2.9. IPTables</h2></div></div></div><a id="d0e13986" class="indexterm"/><a id="d0e13992" class="indexterm"/><a id="d0e13998" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9. IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/><link rel="next" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-IPTables">2.9. IPTables</h2></div></div></div><a id="d0e13986" class="indexterm"/><a id="d0e13992" class="indexterm"/><a id="d0e13998" class="indexterm"/><div class="para">
Included with Fedora are advanced tools for network <em class="firstterm">packet filtering</em> — the process of controlling network packets as they enter, move through, and exit the network stack within the kernel. Kernel versions prior to 2.4 relied on <code class="command">ipchains</code> for packet filtering and used lists of rules applied to packets at each step of the filtering process. The 2.4 kernel introduced <code class="command">iptables</code> (also called <em class="firstterm">netfilter</em>), which is similar to <code class="command">ipchains</code> but greatly expands the scope and control available for filtering network packets.
</div><div class="para">
This chapter focuses on packet filtering basics, defines the differences between <code class="command">ipchains</code> and <code class="command">iptables</code>, explains various options available with <code class="command">iptables</code> commands, and explains how filtering rules can be preserved between system reboots.
Index: sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.4. Additional Match Option Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conte
nt/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">2.9.3.4.4. Additional Match Option Modules</h5></div></div></div><a id="d0e15221" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.4. Additional Match Option Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content
/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">2.9.3.4.4. Additional Match Option Modules</h5></div></div></div><a id="d0e15221" class="indexterm"/><div class="para">
Additional match options are available through modules loaded by the <code class="command">iptables</code> command.
</div><div class="para">
To use a match option module, load the module by name using the <code class="option">-m <em class="replaceable"><code><module-name></code></em></code>, where <em class="replaceable"><code><module-name></code></em> is the name of the module.
Index: sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.3. ICMP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">2.9.3.4.3. ICMP Protocol</h5></div></div></div><a id="d0e15195" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.3. ICMP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">2.9.3.4.3. ICMP Protocol</h5></div></div></div><a id="d0e15195" class="indexterm"/><div class="para">
The following match options are available for the Internet Control Message Protocol (ICMP) (<code class="option">-p icmp</code>):
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">--icmp-type</code> — Sets the name or number of the ICMP type to match with the rule. A list of valid ICMP names can be retrieved by typing the <code class="command">iptables -p icmp -h</code> command.
Index: sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.2. UDP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">2.9.3.4.2. UDP Protocol</h5></div></div></div><a id="d0e15143" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.2. UDP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">2.9.3.4.2. UDP Protocol</h5></div></div></div><a id="d0e15143" class="indexterm"/><div class="para">
These match options are available for the UDP protocol (<code class="option">-p udp</code>):
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">--dport</code> — Specifies the destination port of the UDP packet, using the service name, port number, or range of port numbers. The <code class="option">--destination-port</code> match option is synonymous with <code class="option">--dport</code>.
Index: sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6.2. Manual IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/ima
ge_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">2.7.6.2. Manual <abbr class="abbrev">IPsec</abbr> Host-to-Host Configuration</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6.2. Manual IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image
_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">2.7.6.2. Manual <abbr class="abbrev">IPsec</abbr> Host-to-Host Configuration</h4></div></div></div><div class="para">
The first step in creating a connection is to gather system and network information from each workstation. For a host-to-host connection, you need the following:
</div><div class="itemizedlist"><ul><li><div class="para">
The IP address of each host
Index: sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7.2. Manual IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"
><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">2.7.7.2. Manual <abbr class="abbrev">IPsec</abbr> Network-to-Network Configuration</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7.2. Manual IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><
img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">2.7.7.2. Manual <abbr class="abbrev">IPsec</abbr> Network-to-Network Configuration</h4></div></div></div><div class="para">
Suppose <acronym class="acronym">LAN</acronym> A (lana.example.com) and <acronym class="acronym">LAN</acronym> B (lanb.example.com) want to connect to each other through an <abbr class="abbrev">IPsec</abbr> tunnel. The network address for <acronym class="acronym">LAN</acronym> A is in the 192.168.1.0/24 range, while <acronym class="acronym">LAN</acronym> B uses the 192.168.2.0/24 range. The gateway IP address is 192.168.1.254 for <acronym class="acronym">LAN</acronym> A and 192.168.2.254 for <acronym class="acronym">LAN</acronym> B. The <abbr class="abbrev">IPsec</abbr> routers are separate from each <acronym class="acronym">LAN</acronym> gateway and use two network devices: eth0 is assigned to an externally-accessible static IP address which accesses the Internet, while eth1 acts as a routing point to process and transmit <acronym class="acronym">LAN</acronym> packets from one network node to the remote network nodes.
</div><div class="para">
The <abbr class="abbrev">IPsec</abbr> connection between each network uses a pre-shared key with the value of <code class="computeroutput">r3dh4tl1nux</code>, and the administrators of A and B agree to let <code class="command">racoon</code> automatically generate and share an authentication key between each <abbr class="abbrev">IPsec</abbr> router. The administrator of <acronym class="acronym">LAN</acronym> A decides to name the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec0</code>, while the administrator of <acronym class="acronym">LAN</acronym> B names the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec1</code>.
Index: sect-Security_Guide-Kerberos-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Additional_Resources.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Additional_Resources.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Kerberos-Additional_Resources.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">2.6.10. Additional Resources</h3></div></div></div><a id="d0e10755" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">2.6.10. Additional Resources</h3></div></div></div><a id="d0e10755" class="indexterm"/><div class="para">
For more information about Kerberos, refer to the following resources.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">2.6.10.1. Installed Kerberos Documentation</h4></div></div></div><a id="d0e10765" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
The <em class="citetitle">Kerberos V5 Installation Guide</em> and the <em class="citetitle">Kerberos V5 System Administrator's Guide</em> in PostScript and HTML formats. These can be found in the <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code> directory (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="command">krb5-server</code> package installed on your system).
Index: sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.6. Configuring a Kerberos 5 Client</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/><link rel="next" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.6.6. Configuring a Kerberos 5 Client</h3></div></div></div><a id="d0e9821" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.6. Configuring a Kerberos 5 Client</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/><link rel="next" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/>
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.6.6. Configuring a Kerberos 5 Client</h3></div></div></div><a id="d0e9821" class="indexterm"/><div class="para">
Setting up a Kerberos 5 client is less involved than setting up a server. At a minimum, install the client packages and provide each client with a valid <code class="filename">krb5.conf</code> configuration file. While <code class="command">ssh</code> and <code class="command">slogin</code> are the preferred method of remotely logging in to client systems, Kerberized versions of <code class="command">rsh</code> and <code class="command">rlogin</code> are still available, though deploying them requires that a few more configuration changes be made.
</div><div class="procedure"><ol class="1"><li><div class="para">
Be sure that time synchronization is in place between the Kerberos client and the KDC. Refer to <a class="xref" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server">Section 2.6.5, “Configuring a Kerberos 5 Server”</a> for more information. In addition, verify that DNS is working properly on the Kerberos client before configuring the Kerberos client programs.
Index: sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html 27 Jan 2009 13:50:51 -0000 1.6
+++ sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.5. Configuring a Kerberos 5 Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.6.5. Configuring a Kerberos 5 Server</h3></div></div></div><a id="d0e9611" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.5. Configuring a Kerberos 5 Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.6.5. Configuring a Kerberos 5 Server</h3></div></div></div><a id="d0e9611" class="indexterm"/><div class="para">
When setting up Kerberos, install the KDC first. If it is necessary to set up slave servers, install the master first.
</div><div class="para">
To configure the first Kerberos KDC, follow these steps:
Index: sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.7. Domain-to-Realm Mapping</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.6.7. Domain-to-Realm Mapping</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.7. Domain-to-Realm Mapping</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.6.7. Domain-to-Realm Mapping</h3></div></div></div><div class="para">
When a client attempts to access a service running on a particular server, it knows the name of the service (<span class="emphasis"><em>host</em></span>) and the name of the server (<span class="emphasis"><em>foo.example.com</em></span>), but because more than one realm may be deployed on your network, it must guess at the name of the realm in which the service resides.
</div><div class="para">
By default, the name of the realm is taken to be the DNS domain name of the server, upper-cased.
Index: sect-Security_Guide-Kerberos-How_Kerberos_Works.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-How_Kerberos_Works.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-How_Kerberos_Works.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Kerberos-How_Kerberos_Works.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.3. How Kerberos Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">2.6.3. How Kerberos Works</h3></div></div></div><a id="d0e9472" class="indexterm"/><a id="d0e9477" class="indexterm"/><a id="d0e9482" class="indexterm"/><a id="d0e9487" class="indexterm"/><a id="d0e9492" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.3. How Kerberos Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">2.6.3. How Kerberos Works</h3></div></div></div><a id="d0e9472" class="indexterm"/><a id="d0e9477" class="indexterm"/><a id="d0e9482" class="indexterm"/><a id="d0e9487" class="indexterm"/><a id="d0e9492" class="indexterm"/><div class="para">
Kerberos differs from username/password authentication methods. Instead of authenticating each user to each network service, Kerberos uses symmetric encryption and a trusted third party (a KDC), to authenticate users to a suite of network services. When a user authenticates to the KDC, the KDC sends a ticket specific to that session back to the user's machine, and any Kerberos-aware services look for the ticket on the user's machine rather than requiring the user to authenticate using a password.
</div><div class="para">
When a user on a Kerberos-aware network logs in to their workstation, their principal is sent to the KDC as part of a request for a TGT from the Authentication Server. This request can be sent by the log-in program so that it is transparent to the user, or can be sent by the <code class="command">kinit</code> program after the user logs in.
Index: sect-Security_Guide-Kerberos-Kerberos_Terminology.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Kerberos_Terminology.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Kerberos_Terminology.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Kerberos-Kerberos_Terminology.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.2. Kerberos Terminology</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="next" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-
Security_Guide-Kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">2.6.2. Kerberos Terminology</h3></div></div></div><a id="d0e9305" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.2. Kerberos Terminology</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="next" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Se
curity_Guide-Kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">2.6.2. Kerberos Terminology</h3></div></div></div><a id="d0e9305" class="indexterm"/><div class="para">
Kerberos has its own terminology to define various aspects of the service. Before learning how Kerberos works, it is important to learn the following terms.
</div><div class="variablelist"><dl><dt><span class="term">authentication server (AS)</span></dt><dd><div class="para">
A server that issues tickets for a desired service which are in turn given to users for access to the service. The AS responds to requests from clients who do not have or do not send credentials with a request. It is usually used to gain access to the ticket-granting server (TGS) service by issuing a ticket-granting ticket (TGT). The AS usually runs on the same host as the key distribution center (KDC).
Index: sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Kerberos_and_PAM.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Kerberos-Kerberos_and_PAM.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.4. Kerberos and PAM</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.6.4. Kerberos and PAM</h3></div></div></div><a id="d0e9576" class="indexterm"/><a id="d0e9581" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.4. Kerberos and PAM</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.6.4. Kerberos and PAM</h3></div></div></div><a id="d0e9576" class="indexterm"/><a id="d0e9581" class="indexterm"/><div class="para">
Kerberos-aware services do not currently make use of Pluggable Authentication Modules (PAM) — these services bypass PAM completely. However, applications that use PAM can make use of Kerberos for authentication if the <code class="filename">pam_krb5</code> module (provided in the <code class="filename">pam_krb5</code> package) is installed. The <code class="filename">pam_krb5</code> package contains sample configuration files that allow services such as <code class="command">login</code> and <code class="command">gdm</code> to authenticate users as well as obtain initial credentials using their passwords. If access to network servers is always performed using Kerberos-aware services or services that use GSS-API, such as IMAP, the network can be considered reasonably safe.
</div><div class="important"><h2>Important</h2><div class="para">
Administrators should be careful not to allow users to authenticate to most network services using Kerberos passwords. Many protocols used by these services do not encrypt the password before sending it over the network, destroying the benefits of the Kerberos system. For example, users should not be allowed to authenticate to Telnet services with the same password they use for Kerberos authentication.
Index: sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.9. Setting Up Cross Realm Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/><link rel="next" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.6.9. Setting Up Cross Realm Authentication</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.9. Setting Up Cross Realm Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/><link rel="next" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.6.9. Setting Up Cross Realm Authentication</h3></div></div></div><div class="para">
<span class="emphasis"><em>Cross-realm authentication</em></span> is the term which is used to describe situations in which clients (typically users) of one realm use Kerberos to authenticate to services (typically server processes running on a particular server system) which belong to a realm other than their own.
</div><div class="para">
For the simplest case, in order for a client of a realm named <code class="literal">A.EXAMPLE.COM</code> to access a service in the <code class="literal">B.EXAMPLE.COM</code> realm, both realms must share a key for a principal named <code class="literal">krbtgt/B.EXAMPLE.COM(a)A.EXAMPLE.COM</code>, and both keys must have the same key version number associated with them.
Index: sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.8. Setting Up Secondary KDCs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.6.8. Setting Up Secondary KDCs</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.8. Setting Up Secondary KDCs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation S
ite"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.6.8. Setting Up Secondary KDCs</h3></div></div></div><div class="para">
For a number of reasons, you may choose to run multiple KDCs for a given realm. In this scenario, one KDC (the <span class="emphasis"><em>master KDC</em></span>) keeps a writable copy of the realm database and runs <code class="command">kadmind</code> (it is also your realm's <span class="emphasis"><em>admin server</em></span>), and one or more KDCs (<span class="emphasis"><em>slave KDCs</em></span>) keep read-only copies of the database and run <code class="command">kpropd</code>.
</div><div class="para">
The master-slave propagation procedure entails the master KDC dumping its database to a temporary dump file and then transmitting that file to each of its slaves, which then overwrite their previously-received read-only copies of the database with the contents of the dump file.
Index: sect-Security_Guide-Kerberos.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Kerberos.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Kerberos.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6. Kerberos</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Kerberos">2.6. Kerberos</h2></div></div></div><a id="d0e9209" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6. Kerberos</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Kerberos">2.6. Kerberos</h2></div></div></div><a id="d0e9209" class="indexterm"/><div class="para">
System security and integrity within a network can be unwieldy. It can occupy the time of several administrators just to keep track of what services are being run on a network and the manner in which these services are used.
</div><div class="para">
Further, authenticating users to network services can prove dangerous when the method used by the protocol is inherently insecure, as evidenced by the transfer of unencrypted passwords over a network using the traditional FTP and Telnet protocols.
Index: sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.5. Links of Interest</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links of Interest</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.5. Links of Interest</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links of Interest</h3></div></div></div><div class="para">
For additional information on LUKS or encrypting hard drives under Fedora please visit one of the following links:
</div><div class="itemizedlist"><ul><li><div class="para">
<a href="http://luks.endorphin.org/">LUKS - Linux Unified Key Setup</a>
Index: sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.3. Step-by-Step Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.3. Step-by-Step Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fed
oraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
enter runlevel 1: <code class="code">telinit 1</code>
</div></li><li><div class="para">
unmount your existing /home: <code class="code"> umount /home</code>
Index: sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.4. What you have just accomplished.</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What you have just accomplished.</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.4. What you have just accomplished.</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What you have just accomplished.</h3></div></div></div><div class="para">
Congratulations, you now have an encrypted partition for all of your data to safely rest while the computer is off.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong>3.7.3. Step-by-Step Instructions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong>3.7.5. Links of Interest</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.2. Manually Encrypting Directories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/im
age_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</h3></div></div></div><div class="warning"><h2>Warning</h2><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.2. Manually Encrypting Directories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</h3></div></div></div><div class="warning"><h2>Warning</h2><div class="para">
Following this procedure will remove all data on the partition that you are encrypting. You WILL lose all your information! Make sure you backup your data to an external source before beginning this procedure!
</div></div><div class="para">
If you are running a version of Fedora prior to Fedora 9 and want to encrypt a partition, or you want to encrypt a partition after the installation of the current version of Fedora, the following directions are for you. The below example demonstrates encrypting your /home partition but any partition can be used.
Index: sect-Security_Guide-LUKS_Disk_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-LUKS_Disk_Encryption.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-LUKS_Disk_Encryption.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7. LUKS Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/>
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7. LUKS Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</h2></div></div></div><div class="para">
Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the partition.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</h3></div></div></div><div class="para">
Fedora 9, and later, utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt you hard drive, you will be prompted for a passphrase that will be asked every time you boot the computer. This passphrase "unlocks" the bulk encryption key that is used to decrypt your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings
Index: sect-Security_Guide-Option_Fields-Access_Control.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Access_Control.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Option_Fields-Access_Control.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Option_Fields-Access_Control.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.2. Access Control</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="next" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">2.5.2.2.2. Access Control</h5></div></div></div><a id="d0e7959" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.2. Access Control</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="next" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docume
ntation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">2.5.2.2.2. Access Control</h5></div></div></div><a id="d0e7959" class="indexterm"/><div class="para">
Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the <code class="option">allow</code> or <code class="option">deny</code> directive as the final option.
</div><div class="para">
For example, the following two rules allow SSH connections from <code class="systemitem">client-1.example.com</code>, but deny connections from <code class="systemitem">client-2.example.com</code>:
Index: sect-Security_Guide-Option_Fields-Expansions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Expansions.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Option_Fields-Expansions.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Option_Fields-Expansions.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.4. Expansions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">2.5.2.2.4. Expansions</h5></div></div></div><a id="d0e8069" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.4. Expansions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">2.5.2.2.4. Expansions</h5></div></div></div><a id="d0e8069" class="indexterm"/><div class="para">
Expansions, when used in conjunction with the <code class="command">spawn</code> and <code class="command">twist</code> directives, provide information about the client, server, and processes involved.
</div><div class="para">
The following is a list of supported expansions:
Index: sect-Security_Guide-Option_Fields-Shell_Commands.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Shell_Commands.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Option_Fields-Shell_Commands.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Option_Fields-Shell_Commands.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.3. Shell Commands</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/><link rel="next" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">2.5.2.2.3. Shell Commands</h5></div></div></div><a id="d0e7995" class="indexterm"/><a id="d0e8002" class="indexterm"/><a id="d0e8011" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.3. Shell Commands</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/><link rel="next" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p>
<ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">2.5.2.2.3. Shell Commands</h5></div></div></div><a id="d0e7995" class="indexterm"/><a id="d0e8002" class="indexterm"/><a id="d0e8011" class="indexterm"/><div class="para">
Option fields allow access rules to launch shell commands through the following two directives:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="command">spawn</code> — Launches a shell command as a child process. This directive can perform tasks like using <code class="command">/usr/sbin/safe_finger</code> to get more information about the requesting client or create special log files using the <code class="command">echo</code> command.
Index: sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.2. Control Flag</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedor
aproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">2.4.3.2. Control Flag</h4></div></div></div><a id="d0e6295" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.2. Control Flag</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedorap
roject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">2.4.3.2. Control Flag</h4></div></div></div><a id="d0e6295" class="indexterm"/><div class="para">
All PAM modules generate a success or failure result when called. Control flags tell PAM what do with the result. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module is to the overall goal of authenticating the user to the service.
</div><div class="para">
There are four predefined control flags:
Index: sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.4. Module Arguments</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs
.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">2.4.3.4. Module Arguments</h4></div></div></div><a id="d0e6404" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.4. Module Arguments</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">2.4.3.4. Module Arguments</h4></div></div></div><a id="d0e6404" class="indexterm"/><div class="para">
PAM uses <em class="firstterm">arguments</em> to pass information to a pluggable module during authentication for some modules.
</div><div class="para">
For example, the <code class="filename">pam_userdb.so</code> module uses information stored in a Berkeley DB file to authenticate the user. Berkeley DB is an open source database system embedded in many applications. The module takes a <code class="filename">db</code> argument so that Berkeley DB knows which database to use for the requested service.
Index: sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.3. Module Name</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">2.4.3.3. Module Name</h4></div></div></div><a id="d0e6383" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.3. Module Name</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">2.4.3.3. Module Name</h4></div></div></div><a id="d0e6383" class="indexterm"/><div class="para">
The module name provides PAM with the name of the pluggable module containing the specified module interface. In older versions of Fedora, the full path to the module was provided in the PAM configuration file. However, since the advent of <em class="firstterm">multilib</em> systems, which store 64-bit PAM modules in the <code class="filename">/lib64/security/</code> directory, the directory name is omitted because the application is linked to the appropriate version of <code class="filename">libpam</code>, which can locate the correct version of the module.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong>2.4.3.2. Control Flag</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong>2.4.3.4. Module Arguments</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6.2. Common pam_timestamp Directives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Comm
on_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">2.4.6.2. Common pam_timestamp Directives</h4></div></div></div><a id="d0e6803" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6.2. Common pam_timestamp Directives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common
_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">2.4.6.2. Common pam_timestamp Directives</h4></div></div></div><a id="d0e6803" class="indexterm"/><div class="para">
The <code class="filename">pam_timestamp.so</code> module accepts several directives. The following are the two most commonly used options:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="command">timestamp_timeout</code> — Specifies the period (in seconds) for which the timestamp file is valid. The default value is 300 (five minutes).
Index: sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7.2. Application Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://d
ocs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">2.4.7.2. Application Access</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7.2. Application Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://doc
s.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">2.4.7.2. Application Access</h4></div></div></div><div class="para">
The console user also has access to certain programs configured for use in the <code class="filename">/etc/security/console.apps/</code> directory.
</div><div class="para">
This directory contains configuration files which enable the console user to run certain applications in <code class="filename">/sbin</code> and <code class="filename">/usr/sbin</code>.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.4.8. Additional Resources</h3></div></div></div><a id="d0e7033" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/image
s/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.4.8. Additional Resources</h3></div></div></div><a id="d0e7033" class="indexterm"/><div class="para">
The following resources further explain methods to use and configure PAM. In addition to these resources, read the PAM configuration files on the system to better understand how they are structured.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">2.4.8.1. Installed PAM Documentation</h4></div></div></div><a id="d0e7043" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
PAM-related man pages — Several man pages exist for the various applications and configuration files involved with PAM. The following is a list of some of the more important man pages.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.5. Creating PAM Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product S
ite"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.4.5. Creating PAM Modules</h3></div></div></div><a id="d0e6631" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.5. Creating PAM Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Sit
e"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.4.5. Creating PAM Modules</h3></div></div></div><a id="d0e6631" class="indexterm"/><div class="para">
You can create or add new PAM modules at any time for use by PAM-aware applications.
</div><div class="para">
For example, a developer might create a one-time-password creation method and write a PAM module to support it. PAM-aware programs can immediately use the new module and password method without being recompiled or otherwise modified.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3. PAM Configuration File Format</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.4.3. PAM Configuration File Format</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3. PAM Configuration File Format</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img s
rc="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.4.3. PAM Configuration File Format</h3></div></div></div><div class="para">
Each PAM configuration file contains a group of directives formatted as follows:
</div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em>
</pre><div class="para">
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.2. PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.4.2. PAM Configuration Files</h3></div></div></div><a id="d0e6066" class="indexterm"/><a id="d0e6072" class="indexterm"/><a id="d0e6078" class="indexterm"/><a id="d0e6084" class="indexterm"/><a id="d0e6090" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.2. PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fed
oraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.4.2. PAM Configuration Files</h3></div></div></div><a id="d0e6066" class="indexterm"/><a id="d0e6072" class="indexterm"/><a id="d0e6078" class="indexterm"/><a id="d0e6084" class="indexterm"/><a id="d0e6090" class="indexterm"/><div class="para">
The <code class="filename">/etc/pam.d/</code> directory contains the PAM configuration files for each PAM-aware application. In earlier versions of PAM, the <code class="filename">/etc/pam.conf</code> file was used, but this file is now deprecated and is only used if the <code class="filename">/etc/pam.d/</code> directory does not exist.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">2.4.2.1. PAM Service Files</h4></div></div></div><a id="d0e6109" class="indexterm"/><div class="para">
Each PAM-aware application or <em class="firstterm">service</em> has a file in the <code class="filename">/etc/pam.d/</code> directory. Each file in this directory has the same name as the service to which it controls access.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6. PAM and Administrative Credential Caching</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/><link rel="next" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.4.6. PAM and Administrative Credential Caching</h3></div></div></div><a id="d0e6658" class="indexterm"/><a id="d0e6666" class="indexterm"/><a id="d0e6672" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6. PAM and Administrative Credential Caching</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/><link rel="next" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a c
lass="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.4.6. PAM and Administrative Credential Caching</h3></div></div></div><a id="d0e6658" class="indexterm"/><a id="d0e6666" class="indexterm"/><a id="d0e6672" class="indexterm"/><div class="para">
A number of graphical administrative tools in Fedora provide users with elevated privileges for up to five minutes using the <code class="filename">pam_timestamp.so</code> module. It is important to understand how this mechanism works, because a user who walks away from a terminal while <code class="filename">pam_timestamp.so</code> is in effect leaves the machine open to manipulation by anyone with physical access to the console.
</div><div class="para">
In the PAM timestamp scheme, the graphical administrative application prompts the user for the root password when it is launched. When the user has been authenticated, the <code class="filename">pam_timestamp.so</code> module creates a timestamp file. By default, this is created in the <code class="filename">/var/run/sudo/</code> directory. If the timestamp file already exists, graphical administrative programs do not prompt for a password. Instead, the <code class="filename">pam_timestamp.so</code> module freshens the timestamp file, reserving an extra five minutes of unchallenged administrative access for the user.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7. PAM and Device Ownership</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/><link rel="next" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://doc
s.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.4.7. PAM and Device Ownership</h3></div></div></div><a id="d0e6842" class="indexterm"/><a id="d0e6850" class="indexterm"/><a id="d0e6856" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7. PAM and Device Ownership</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/><link rel="next" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.
fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.4.7. PAM and Device Ownership</h3></div></div></div><a id="d0e6842" class="indexterm"/><a id="d0e6850" class="indexterm"/><a id="d0e6856" class="indexterm"/><div class="para">
In Fedora, the first user who logs in at the physical console of the machine can manipulate certain devices and perform certain tasks normally reserved for the root user. This is controlled by a PAM module called <code class="filename">pam_console.so</code>.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">2.4.7.1. Device Ownership</h4></div></div></div><div class="para">
When a user logs in to a Fedora system, the <code class="filename">pam_console.so</code> module is called by <code class="command">login</code> or the graphical login programs, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, and <span class="application"><strong>xdm</strong></span>. If this user is the first user to log in at the physical console — referred to as the <em class="firstterm">console user</em> — the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. After this user has logged out, ownership of the devices reverts back to the root user.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.4. Sample PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.4.4. Sample PAM Configuration Files</h3></div></div></div><a id="d0e6448" class="indexterm"/><a id="d0e6453" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.4. Sample PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><im
g src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.4.4. Sample PAM Configuration Files</h3></div></div></div><a id="d0e6448" class="indexterm"/><a id="d0e6453" class="indexterm"/><div class="para">
The following is a sample PAM application configuration file:
</div><pre class="screen">#%PAM-1.0
auth required pam_securetty.so
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4. Pluggable Authentication Modules (PAM)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http
://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.4. Pluggable Authentication Modules (PAM)</h2></div></div></div><a id="d0e6014" class="indexterm"/><a id="d0e6019" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4. Pluggable Authentication Modules (PAM)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http:/
/docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.4. Pluggable Authentication Modules (PAM)</h2></div></div></div><a id="d0e6014" class="indexterm"/><a id="d0e6019" class="indexterm"/><div class="para">
Programs that grant users access to a system use <em class="firstterm">authentication</em> to verify each other's identity (that is, to establish that a user is who they say they are).
</div><div class="para">
Historically, each program had its own way of authenticating users. In Fedora, many programs are configured to use a centralized authentication mechanism called <em class="firstterm">Pluggable Authentication Modules</em> (<acronym class="acronym">PAM</acronym>).
Index: sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.2. Utilize LUKS Partition Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="prev" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="next" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.2. Utilize LUKS Partition Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="prev" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="next" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encryption</h2></div></div></div><div class="para">
Since Fedora 9, implementation of <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">Linux Unified Key Setup-on-disk-format</a>(LUKS) encryption has become a lot easier. During the installation process an option to encrypt your partitions will be presented to the user. The user must supply a passphrase that will be the key to unlock the bulk encryption key that will be used to secure the partition's data.
</div><div class="para">
Fedora 8, however, does not have LUKS support built-in; however it is easily implemented. <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption#Step-by...">Step-by-step procedures</a> are available that allow the user to implement partition encryption on their Fedora 8 installation.
Index: sect-Security_Guide-Securing_FTP-Anonymous_Access.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-Anonymous_Access.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_FTP-Anonymous_Access.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_FTP-Anonymous_Access.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.2. Anonymous Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="next" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">2.2.6.2. Anonymous Access</h4></div></div></div><a id="d0e5177" class="indexterm"/><a id="d0e5182" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.2. Anonymous Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="next" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">2.2.6.2. Anonymous Access</h4></div></div></div><a id="d0e5177" class="indexterm"/><a id="d0e5182" class="indexterm"/><div class="para">
The presence of the <code class="filename">/var/ftp/</code> directory activates the anonymous account.
</div><div class="para">
The easiest way to create this directory is to install the <code class="filename">vsftpd</code> package. This package establishes a directory tree for anonymous users and configures the permissions on directories to read-only for anonymous users.
Index: sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.4. Use TCP Wrappers To Control Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">2.2.6.4. Use TCP Wrappers To Control Access</h4></div></div></div><a id="d0e5309" class="indexterm"/><a id="d0e5314" class="indexterm"/><a id="d0e5319" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.4. Use TCP Wrappers To Control Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">2.2.6.4. Use TCP Wrappers To Control Access</h4></div></div></div><a id="d0e5309" class="indexterm"/><a id="d0e5314" class="indexterm"/><a id="d0e5319" class="indexterm"/><div class="para">
Use TCP Wrappers to control access to either FTP daemon as outlined in <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers" title="2.2.1.1. Enhancing Security With TCP Wrappers">Section 2.2.1.1, “Enhancing Security With TCP Wrappers”</a>.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong>2.2.6.3. User Accounts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong>2.2.7. Securing Sendmail</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_FTP-User_Accounts.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-User_Accounts.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_FTP-User_Accounts.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_FTP-User_Accounts.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.3. User Accounts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">2.2.6.3. User Accounts</h4></div></div></div><a id="d0e5256" class="indexterm"/><a id="d0e5261" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.3. User Accounts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documen
tation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">2.2.6.3. User Accounts</h4></div></div></div><a id="d0e5256" class="indexterm"/><a id="d0e5261" class="indexterm"/><div class="para">
Because FTP transmits unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.
</div><div class="para">
To disable all user accounts in <code class="command">vsftpd</code>, add the following directive to <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
Index: sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.2. Beware of Syntax Errors</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">2.2.4.2. Beware of Syntax Errors</h4></div></div></div><a id="d0e4863" class="indexterm"/><a id="d0e4868" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.2. Beware of Syntax Errors</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">2.2.4.2. Beware of Syntax Errors</h4></div></div></div><a id="d0e4863" class="indexterm"/><a id="d0e4868" class="indexterm"/><div class="para">
The NFS server determines which file systems to export and which hosts to export these directories to by consulting the <code class="filename">/etc/exports</code> file. Be careful not to add extraneous spaces when editing this file.
</div><div class="para">
For instance, the following line in the <code class="filename">/etc/exports</code> file shares the directory <code class="command">/tmp/nfs/</code> to the host <code class="command">bob.example.com</code> with read/write permissions.
Index: sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.3. Do Not Use the no_root_squash Option</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">2.2.4.3. Do Not Use the <code class="command">no_root_squash</code> Option</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.3. Do Not Use the no_root_squash Option</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/imag
es/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">2.2.4.3. Do Not Use the <code class="command">no_root_squash</code> Option</h4></div></div></div><div class="para">
By default, NFS shares change the root user to the <code class="command">nfsnobody</code> user, an unprivileged user account. This changes the owner of all root-created files to <code class="command">nfsnobody</code>, which prevents uploading of programs with the setuid bit set.
</div><div class="para">
If <code class="command">no_root_squash</code> is used, remote root users are able to change any file on the shared file system and leave applications infected by trojans for other users to inadvertently execute.
Index: sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.4. Assign Static Ports and Use iptables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">2.2.3.4. Assign Static Ports and Use iptables Rules</h4></div></div></div><a id="d0e4729" class="indexterm"/><a id="d0e4734" class="indexterm"/><a id="d0e4741" class="indexterm"/><a id="d0e4746" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.4. Assign Static Ports and Use iptables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_
Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">2.2.3.4. Assign Static Ports and Use iptables Rules</h4></div></div></div><a id="d0e4729" class="indexterm"/><a id="d0e4734" class="indexterm"/><a id="d0e4741" class="indexterm"/><a id="d0e4746" class="indexterm"/><div class="para">
All of the servers related to NIS can be assigned specific ports except for <code class="command">rpc.yppasswdd</code> — the daemon that allows users to change their login passwords. Assigning ports to the other two NIS server daemons, <code class="command">rpc.ypxfrd</code> and <code class="command">ypserv</code>, allows for the creation of firewall rules to further protect the NIS server daemons from intruders.
</div><div class="para">
To do this, add the following lines to <code class="filename">/etc/sysconfig/network</code>:
Index: sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.3. Edit the /var/yp/securenets File</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="righ
t" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">2.2.3.3. Edit the <code class="filename">/var/yp/securenets</code> File</h4></div></div></div><a id="d0e4687" class="indexterm"/><a id="d0e4693" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.3. Edit the /var/yp/securenets File</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">2.2.3.3. Edit the <code class="filename">/var/yp/securenets</code> File</h4></div></div></div><a id="d0e4687" class="indexterm"/><a id="d0e4693" class="indexterm"/><div class="para">
If the <code class="filename">/var/yp/securenets</code> file is blank or does not exist (as is the case after a default installation), NIS listens to all networks. One of the first things to do is to put netmask/network pairs in the file so that <code class="command">ypserv</code> only responds to requests from the appropriate network.
</div><div class="para">
Below is a sample entry from a <code class="filename">/var/yp/securenets</code> file:
Index: sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.5. Use Kerberos Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">2.2.3.5. Use Kerberos Authentication</h4></div></div></div><a id="d0e4787" class="indexterm"/><a id="d0e4792" class="indexterm"/><a id="d0e4799" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.5. Use Kerberos Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">2.2.3.5. Use Kerberos Authentication</h4></div></div></div><a id="d0e4787" class="indexterm"/><a id="d0e4792" class="indexterm"/><a id="d0e4799" class="indexterm"/><div class="para">
One of the issues to consider when NIS is used for authentication is that whenever a user logs into a machine, a password hash from the <code class="filename">/etc/shadow</code> map is sent over the network. If an intruder gains access to an NIS domain and sniffs network traffic, they can collect usernames and password hashes. With enough time, a password cracking program can guess weak passwords, and an attacker can gain access to a valid account on the network.
</div><div class="para">
Since Kerberos uses secret-key cryptography, no password hashes are ever sent over the network, making the system far more secure. Refer to <a class="xref" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos">Section 2.6, “Kerberos”</a> for more information about Kerberos.
Index: sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.2. Use a Password-like NIS Domain Name and Hostname</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">2.2.3.2. Use a Password-like NIS Domain Name and Hostname</h4></div></div></div><a id="d0e4625" class="indexterm"/><a id="d0e4630" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.2. Use a Password-like NIS Domain Name and Hostname</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_ri
ght.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">2.2.3.2. Use a Password-like NIS Domain Name and Hostname</h4></div></div></div><a id="d0e4625" class="indexterm"/><a id="d0e4630" class="indexterm"/><div class="para">
Any machine within an NIS domain can use commands to extract information from the server without authentication, as long as the user knows the NIS server's DNS hostname and NIS domain name.
</div><div class="para">
For instance, if someone either connects a laptop computer into the network or breaks into the network from outside (and manages to spoof an internal IP address), the following command reveals the <code class="command">/etc/passwd</code> map:
Index: sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2.2. Protect portmap With iptables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">2.2.2.2. Protect portmap With iptables</h4></div></div></div><a id="d0e4501" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2.2. Protect portmap With iptables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">2.2.2.2. Protect portmap With iptables</h4></div></div></div><a id="d0e4501" class="indexterm"/><div class="para">
To further restrict access to the <code class="command">portmap</code> service, it is a good idea to add iptables rules to the server and restrict access to specific networks.
</div><div class="para">
Below are two example iptables commands. The first allows TCP connections to the port 111 (used by the <code class="command">portmap</code> service) from the 192.168.0.0/24 network. The second allows TCP connections to the same port from the localhost. This is necessary for the <code class="command">sgi_fam</code> service used by <span class="application"><strong>Nautilus</strong></span>. All other packets are dropped.
Index: sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.3. Mail-only Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/><link rel="next" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">2.2.7.3. Mail-only Users</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.3. Mail-only Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/><link rel="next" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">2.2.7.3. Mail-only Users</h4></div></div></div><div class="para">
To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the Sendmail server using an email program. Shell accounts on the mail server should not be allowed and all user shells in the <code class="filename">/etc/passwd</code> file should be set to <code class="command">/sbin/nologin</code> (with the possible exception of the root user).
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong>2.2.7.2. NFS and Sendmail</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong>2.2.8. Verifying Which Ports Are Listening</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.2. NFS and Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/><
/a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">2.2.7.2. NFS and Sendmail</h4></div></div></div><a id="d0e5401" class="indexterm"/><a id="d0e5406" class="indexterm"/><a id="d0e5411" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.2. NFS and Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a
></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">2.2.7.2. NFS and Sendmail</h4></div></div></div><a id="d0e5401" class="indexterm"/><a id="d0e5406" class="indexterm"/><a id="d0e5411" class="indexterm"/><div class="para">
Never put the mail spool directory, <code class="filename">/var/spool/mail/</code>, on an NFS shared volume.
</div><div class="para">
Because NFSv2 and NFSv3 do not maintain control over user and group IDs, two or more users can have the same UID, and receive and read each other's mail.
Index: sect-Security_Guide-Security_Updates.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Security_Updates.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Security_Updates.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Security_Updates.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.5. Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/><link rel="next" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Security Updates</h2></div></div></div><a id="d0e1399" class="indexterm"/><a id="d0e1404" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.5. Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/><link rel="next" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Security Updates</h2></div></div></div><a id="d0e1399" class="indexterm"/><a id="d0e1404" class="indexterm"/><div class="para">
As security vulnerabilities are discovered, the affected software must be updated in order to limit any potential security risks. If the software is part of a package within a Fedora distribution that is currently supported, Fedora. is committed to releasing updated packages that fix the vulnerability as soon as possible. Often, announcements about a given security exploit are accompanied with a patch (or source code that fixes the problem). This patch is then applied to the Fedora package, tested by the Red Hat quality assurance team, and released as an errata update. However, if an announcement does not include a patch, a Red Hat developer works with the maintainer of the software to fix the problem. Once the problem is fixed, the package is tested and released as an errata update.
</div><div class="para">
If an errata update is released for software used on your system, it is highly recommended that you update the effected packages as soon as possible to minimize the amount of time the system is potentially vulnerable.
Index: sect-Security_Guide-Server_Security-Securing_FTP.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_FTP.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security-Securing_FTP.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security-Securing_FTP.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6. Securing FTP</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">2.2.6. Securing FTP</h3></div></div></div><a id="d0e5041" class="indexterm"/><a id="d0e5046" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6. Securing FTP</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">2.2.6. Securing FTP</h3></div></div></div><a id="d0e5041" class="indexterm"/><a id="d0e5046" class="indexterm"/><div class="para">
The <em class="firstterm">File Transfer Protocol</em> (<abbr class="abbrev">FTP</abbr>) is an older TCP protocol designed to transfer files over a network. Because all transactions with the server, including user authentication, are unencrypted, it is considered an insecure protocol and should be carefully configured.
</div><div class="para">
Fedora provides three FTP servers.
Index: sect-Security_Guide-Server_Security-Securing_NFS.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_NFS.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security-Securing_NFS.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security-Securing_NFS.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4. Securing NFS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/
></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">2.2.4. Securing NFS</h3></div></div></div><a id="d0e4816" class="indexterm"/><a id="d0e4821" class="indexterm"/><div class="important"><h2>Important</h2><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4. Securing NFS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/><
/a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">2.2.4. Securing NFS</h3></div></div></div><a id="d0e4816" class="indexterm"/><a id="d0e4821" class="indexterm"/><div class="important"><h2>Important</h2><div class="para">
The version of NFS included in Fedora, NFSv4, no longer requires the <code class="command">portmap</code> service as outlined in <a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap">Section 2.2.2, “Securing Portmap”</a>. NFS traffic now utilizes TCP in all versions, rather than UDP, and requires it when using NFSv4. NFSv4 now includes Kerberos user and group authentication, as part of the <code class="filename">RPCSEC_GSS</code> kernel module. Information on <code class="command">portmap</code> is still included, since Fedora supports NFSv2 and NFSv3, both of which utilize <code class="command">portmap</code>.
</div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">2.2.4.1. Carefully Plan the Network</h4></div></div></div><a id="d0e4846" class="indexterm"/><a id="d0e4851" class="indexterm"/><div class="para">
Now that NFSv4 has the ability to pass all information encrypted using Kerberos over a network, it is important that the service be configured correctly if it is behind a firewall or on a segmented network. NFSv2 and NFSv3 still pass data insecurely, and this should be taken into consideration. Careful network design in all of these regards can help prevent security breaches.
Index: sect-Security_Guide-Server_Security-Securing_NIS.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_NIS.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security-Securing_NIS.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security-Securing_NIS.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3. Securing NIS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">2.2.3. Securing NIS</h3></div></div></div><a id="d0e4539" class="indexterm"/><a id="d0e4544" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3. Securing NIS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_C
ontent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">2.2.3. Securing NIS</h3></div></div></div><a id="d0e4539" class="indexterm"/><a id="d0e4544" class="indexterm"/><div class="para">
The <em class="firstterm">Network Information Service</em> (<acronym class="acronym">NIS</acronym>) is an RPC service, called <code class="command">ypserv</code>, which is used in conjunction with <code class="command">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
</div><div class="para">
An NIS server is comprised of several applications. They include the following:
Index: sect-Security_Guide-Server_Security-Securing_Portmap.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_Portmap.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security-Securing_Portmap.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security-Securing_Portmap.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2. Securing Portmap</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="next" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">2.2.2. Securing Portmap</h3></div></div></div><a id="d0e4448" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2. Securing Portmap</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="next" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">2.2.2. Securing Portmap</h3></div></div></div><a id="d0e4448" class="indexterm"/><div class="para">
The <code class="command">portmap</code> service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.
</div><div class="note"><h2>Note</h2><div class="para">
Securing <code class="command">portmap</code> only affects NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to implement an NFSv2 or NFSv3 server, then <code class="command">portmap</code> is required, and the following section applies.
Index: sect-Security_Guide-Server_Security-Securing_Sendmail.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_Sendmail.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security-Securing_Sendmail.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security-Securing_Sendmail.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7. Securing Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentat
ion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">2.2.7. Securing Sendmail</h3></div></div></div><a id="d0e5333" class="indexterm"/><a id="d0e5338" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7. Securing Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentatio
n Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">2.2.7. Securing Sendmail</h3></div></div></div><a id="d0e5333" class="indexterm"/><a id="d0e5338" class="indexterm"/><div class="para">
Sendmail is a Mail Transfer Agent (MTA) that uses the Simple Mail Transfer Protocol (SMTP) to deliver electronic messages between other MTAs and to email clients or delivery agents. Although many MTAs are capable of encrypting traffic between one another, most do not, so sending email over any public networks is considered an inherently insecure form of communication.
</div><div class="para">
It is recommended that anyone planning to implement a Sendmail server address the following issues.
Index: sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.5. Securing the Apache HTTP Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.2.5. Securing the Apache HTTP Server</h3></div></div></div><a id="d0e4938" class="indexterm"/><a id="d0e4943" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.5. Securing the Apache HTTP Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docume
ntation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.2.5. Securing the Apache HTTP Server</h3></div></div></div><a id="d0e4938" class="indexterm"/><a id="d0e4943" class="indexterm"/><div class="para">
The Apache HTTP Server is one of the most stable and secure services that ships with Fedora. A large number of options and techniques are available to secure the Apache HTTP Server — too numerous to delve into deeply here. The following section briefly explains good practices when running the Apache HTTP Server.
</div><div class="para">
Always verify that any scripts running on the system work as intended <span class="emphasis"><em>before</em></span> putting them into production. Also, ensure that only the root user has write permissions to any directory containing scripts or CGIs. To do this, run the following commands as the root user:
Index: sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.8. Verifying Which Ports Are Listening</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.2.8. Verifying Which Ports Are Listening</h3></div></div></div><a id="d0e5450" class="indexterm"/><a id="d0e5455" class="indexterm"/><a id="d0e5462" class="indexterm"/><a id="d0e5466" class="indexterm"/><a id="d0e5470" class="indexterm"/><a id="d0e5473" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.8. Verifying Which Ports Are Listening</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="doc
nav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.2.8. Verifying Which Ports Are Listening</h3></div></div></div><a id="d0e5450" class="indexterm"/><a id="d0e5455" class="indexterm"/><a id="d0e5462" class="indexterm"/><a id="d0e5466" class="indexterm"/><a id="d0e5470" class="indexterm"/><a id="d0e5473" class="indexterm"/><div class="para">
After configuring network services, it is important to pay attention to which ports are actually listening on the system's network interfaces. Any open ports can be evidence of an intrusion.
</div><div class="para">
There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack using commands such as <code class="command">netstat -an</code> or <code class="command">lsof -i</code>. This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system. For this reason, these applications are frequent targets for replacement by attackers. Crackers attempt to cover their tracks if they open unauthorized network ports by replacing <code class="command">netstat</code> and <code class="command">lsof</code> with their own, modified versions.
Index: sect-Security_Guide-Server_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Server_Security.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Server_Security.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2. Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Server_Security">2.2. Server Security</h2></div></div></div><a id="d0e4031" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2. Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Server_Security">2.2. Server Security</h2></div></div></div><a id="d0e4031" class="indexterm"/><div class="para">
When a system is used as a server on a public network, it becomes a target for attacks. Hardening the system and locking down services is therefore of paramount importance for the system administrator.
</div><div class="para">
Before delving into specific issues, review the following general tips for enhancing server security:
Index: sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.5. Configuring Firefox to use Kerberos for SSO</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conte
nt/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.3.5. Configuring Firefox to use Kerberos for SSO</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.5. Configuring Firefox to use Kerberos for SSO</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content
/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.3.5. Configuring Firefox to use Kerberos for SSO</h3></div></div></div><div class="para">
You can configure Firefox to use Kerberos for Single Sign-on. In order for this functionality to work correctly, you need to configure your web browser to send your Kerberos credentials to the appropriate <abbr class="abbrev">KDC</abbr>.The following section describes the configuration changes and other requirements to achieve this.
</div><div class="orderedlist"><ol><li><div class="para">
In the address bar of Firefox, type <strong class="userinput"><code>about:config</code></strong> to display the list of current configuration options.
Index: sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.2. Getting Started with your new Smart Card</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" al
t="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.3.2. Getting Started with your new Smart Card</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.2. Getting Started with your new Smart Card</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.3.2. Getting Started with your new Smart Card</h3></div></div></div><div class="para">
Before you can use your smart card to log in to your system and take advantage of the increased security options this technology provides, you need to perform some basic installation and configuration steps. These are described below.
</div><div class="note"><h2>Note</h2><div class="para">
This section provides a high-level view of getting started with your smart card. More detailed information is available in the Red Hat Certificate System Enterprise Security Client Guide.
Index: sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.3. How Smart Card Enrollment Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.3.3. How Smart Card Enrollment Works</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.3. How Smart Card Enrollment Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.3.3. How Smart Card Enrollment Works</h3></div></div></div><div class="para">
Smart cards are said to be <em class="firstterm">enrolled</em> when they have received an appropriate certificate signed by a valid Certificate Authority (<abbr class="abbrev">CA</abbr>). This involves several steps, described below:
</div><div class="orderedlist"><ol><li><div class="para">
The user inserts their smart card into the smart card reader on their workstation. This event is recognized by the Enterprise Security Client (<abbr class="abbrev">ESC</abbr>).
Index: sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.4. How Smart Card Login Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.3.4. How Smart Card Login Works</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.4. How Smart Card Login Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org
"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.3.4. How Smart Card Login Works</h3></div></div></div><div class="para">
This section provides a brief overview of the process of logging in using a smart card.
</div><div class="orderedlist"><ol><li><div class="para">
When the user inserts their smart card into the smart card reader, this event is recognized by the PAM facility, which prompts for the user's PIN.
Index: sect-Security_Guide-Single_Sign_on_SSO.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Single_Sign_on_SSO.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Single_Sign_on_SSO.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3. Single Sign-on (SSO)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject
.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">2.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3. Single Sign-on (SSO)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">2.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</h3></div></div></div><div class="para">
The Fedora SSO functionality reduces the number of times Fedora desktop users have to enter their passwords. Several major applications leverage the same underlying authentication and authorization mechanisms so that users can log in to Fedora from the log-in screen, and then not need to re-enter their passwords. These applications are detailed below.
</div><div class="para">
In addition, users can log in to their machines even when there is no network (<em class="firstterm">offline mode</em>) or where network connectivity is unreliable, for example, wireless access. In the latter case, services will degrade gracefully.
Index: sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.4. Install Signed Packages from Well Known Repositories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/><link rel="next" href="chap-Security_Guide-References.html" title="Chapter 7. References"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.4. Install Signed Packages from Well Known Repositories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/><link rel="next" href="chap-Security_Guide-References.html" title="Chapter 7. References"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_
Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</h2></div></div></div><div class="para">
Software packages are published through repositories. All well known repositories support package signing. Package signing uses public key technology to prove that the package that was published by the repository has not been changed since the signature was applied. This provides some protection against installing software that may have been maliciously altered after the package was created but before you downloaded it.
</div><div class="para">
Using too many repositories, untrustworthy repositories, or repositories with unsigned packages has a higher risk of introducing malicious or vulnerable code into your system. Use caution when adding repositories to yum/software update.
Index: sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.3. Adjusting Automatic Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.3. Adjusting Automatic Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" h
ref="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</h2></div></div></div><div class="para">
Fedora 9 is configured to apply all updates on a daily schedule. If you want to change the how your system installs updates you must do so via '''Software Update Preferences'''. You can change the schedule, the type of updates to apply or to notify you of available updates.
</div><div class="para">
In Gnome, you can find controls for your updates at: <code class="code">System -> Preferences -> System -> Software Updates</code>. In KDE it is located at: <code class="code">Applications -> Settings -> Software Updates</code>.
Index: sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.2. Plan and Configure Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Security Updates</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.2. Plan and Configure Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Security Updates</h2></div></div></div><div class="para">
All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Unpatched systems are a common cause of computer intrusions. You should have a plan to install security patches in a timely manner to close those vulnerabilities so they can not be exploited.
</div><div class="para">
For home users, security updates should be installed as soon as possible. Configuring automatic installation of security updates is one way to avoid having to remember, but does carry a slight risk that something can cause a conflict with your configuration or with other software on the system.
Index: sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2. Option Fields</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="next" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">2.5.2.2. Option Fields</h4></div></div></div><a id="d0e7883" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2. Option Fields</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="next" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">2.5.2.2. Option Fields</h4></div></div></div><a id="d0e7883" class="indexterm"/><div class="para">
In addition to basic rules that allow and deny access, the Fedora implementation of TCP Wrappers supports extensions to the access control language through <em class="firstterm">option fields</em>. By using option fields in hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">2.5.2.2.1. Logging</h5></div></div></div><a id="d0e7898" class="indexterm"/><div class="para">
Option fields let administrators easily change the log facility and priority level for a rule by using the <code class="option">severity</code> directive.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.5.5. Additional Resources</h3></div></div></div><a id="d0e9027" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.5.5. Additional Resources</h3></div></div></div><a id="d0e9027" class="indexterm"/><div class="para">
More information about TCP Wrappers and <code class="systemitem">xinetd</code> is available from system documentation and on the Internet.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">2.5.5.1. Installed TCP Wrappers Documentation</h4></div></div></div><a id="d0e9040" class="indexterm"/><a id="d0e9047" class="indexterm"/><div class="para">
The documentation on your system is a good place to start looking for additional configuration options for TCP Wrappers, <code class="systemitem">xinetd</code>, and access control.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2. TCP Wrappers Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documenta
tion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.5.2. TCP Wrappers Configuration Files</h3></div></div></div><a id="d0e7364" class="indexterm"/><a id="d0e7372" class="indexterm"/><a id="d0e7380" class="indexterm"/><a id="d0e7386" class="indexterm"/><a id="d0e7392" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2. TCP Wrappers Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentati
on Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.5.2. TCP Wrappers Configuration Files</h3></div></div></div><a id="d0e7364" class="indexterm"/><a id="d0e7372" class="indexterm"/><a id="d0e7380" class="indexterm"/><a id="d0e7386" class="indexterm"/><a id="d0e7392" class="indexterm"/><div class="para">
To determine if a client is allowed to connect to a service, TCP Wrappers reference the following two files, which are commonly referred to as <em class="firstterm">hosts access</em> files:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="filename">/etc/hosts.allow</code>
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.3. xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a><
/p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.5.3. xinetd</h3></div></div></div><a id="d0e8214" class="indexterm"/><a id="d0e8220" class="indexterm"/><a id="d0e8226" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.3. xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.5.3. xinetd</h3></div></div></div><a id="d0e8214" class="indexterm"/><a id="d0e8220" class="indexterm"/><a id="d0e8226" class="indexterm"/><div class="para">
The <code class="systemitem">xinetd</code> daemon is a TCP-wrapped <em class="firstterm">super service</em> which controls access to a subset of popular network services, including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
</div><div class="para">
When a client attempts to connect to a network service controlled by <code class="systemitem">xinetd</code>, the super service receives the request and checks for any TCP Wrappers access control rules.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4. xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.5.4. xinetd Configuration Files</h3></div></div></div><a id="d0e8261" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4. xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.5.4. xinetd Configuration Files</h3></div></div></div><a id="d0e8261" class="indexterm"/><div class="para">
The configuration files for <code class="systemitem">xinetd</code> are as follows:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="filename">/etc/xinetd.conf</code> — The global <code class="systemitem">xinetd</code> configuration file.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-TCP_Wrappers_and_xinetd.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5. TCP Wrappers and xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">2.5. TCP Wrappers and xinetd</h2></div></div></div><a id="d0e7176" class="indexterm"/><a id="d0e7181" class="indexterm"/><a id="d0e7187" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5. TCP Wrappers and xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/imag
es/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">2.5. TCP Wrappers and xinetd</h2></div></div></div><a id="d0e7176" class="indexterm"/><a id="d0e7181" class="indexterm"/><a id="d0e7187" class="indexterm"/><div class="para">
Controlling access to network services is one of the most important security tasks facing a server administrator. Fedora provides several tools for this purpose. For example, an <code class="command">iptables</code>-based firewall filters out unwelcome network packets within the kernel's network stack. For network services that utilize it, <em class="firstterm">TCP Wrappers</em> add an additional layer of protection by defining which hosts are or are not allowed to connect to "<span class="emphasis"><em>wrapped</em></span>" network services. One such wrapped network service is the <code class="systemitem">xinetd</code> <span class="emphasis"><em>super server</em></span>. This service is called a super server because it controls connections to a subset of network services and further refines access control.
</div><div class="para">
<a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services" title="Figure 2.9. Access Control to Network Services">Figure 2.9, “Access Control to Network Services”</a> is a basic illustration of how these tools work together to protect network services.
Index: sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.3. Inattentive Administration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fed
oraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive Administration</h4></div></div></div><a id="d0e1157" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.3. Inattentive Administration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedor
aproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive Administration</h4></div></div></div><a id="d0e1157" class="indexterm"/><div class="para">
Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="d0e1172" href="#ftn.d0e1172" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
</div><div class="para">
Some administrators fail to patch their servers and workstations, while others fail to watch log messages from the system kernel or network traffic. Another common error is when default passwords or keys to services are left unchanged. For example, some databases have default administration passwords because the database developers assume that the system administrator changes these passwords immediately after installation. If a database administrator fails to change this password, even an inexperienced cracker can use a widely-known default password to gain administrative privileges to the database. These are only a few examples of how inattentive administration can lead to compromised servers.
Index: sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.4. Inherently Insecure Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently Insecure Services</h4></div></div></div><a id="d0e1181" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.4. Inherently Insecure Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Si
te"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently Insecure Services</h4></div></div></div><a id="d0e1181" class="indexterm"/><div class="para">
Even the most vigilant organization can fall victim to vulnerabilities if the network services they choose are inherently insecure. For instance, there are many services developed under the assumption that they are used over trusted networks; however, this assumption fails as soon as the service becomes available over the Internet — which is itself inherently untrusted.
</div><div class="para">
One category of insecure network services are those that require unencrypted usernames and passwords for authentication. Telnet and FTP are two such services. If packet sniffing software is monitoring traffic between the remote user and such a service usernames and passwords can be easily intercepted.
Index: sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.2. Unpatched Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://doc
s.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.3.3.2. Unpatched Services</h4></div></div></div><a id="d0e1133" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.2. Unpatched Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.
fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.3.3.2. Unpatched Services</h4></div></div></div><a id="d0e1133" class="indexterm"/><div class="para">
Most server applications that are included in a default installation are solid, thoroughly tested pieces of software. Having been in use in production environments for many years, their code has been thoroughly refined and many of the bugs have been found and fixed.
</div><div class="para">
However, there is no such thing as perfect software and there is always room for further refinement. Moreover, newer software is often not as rigorously tested as one might expect, because of its recent arrival to production environments or because it may not be as popular as other server software.
Index: sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4.2. Vulnerable Client Applications</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="P
roduct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.3.4.2. Vulnerable Client Applications</h4></div></div></div><a id="d0e1226" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4.2. Vulnerable Client Applications</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Pro
duct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.3.4.2. Vulnerable Client Applications</h4></div></div></div><a id="d0e1226" class="indexterm"/><div class="para">
Although an administrator may have a fully secure and patched server, that does not mean remote users are secure when accessing it. For instance, if the server offers Telnet or FTP services over a public network, an attacker can capture the plain text usernames and passwords as they pass over the network, and then use the account information to access the remote user's workstation.
</div><div class="para">
Even when using secure protocols, such as SSH, a remote user may be vulnerable to certain attacks if they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to an X-forwarding attack from malicious SSH servers. Once connected to the server, the attacker can quietly capture any keystrokes and mouse clicks made by the client over the network. This problem was fixed in the v.2 SSH protocol, but it is up to the user to keep track of what applications have such vulnerabilities and update them as necessary.
Index: sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.2. Basic Firewall Policies</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">2.8.3.2. Basic Firewall Policies</h4></div></div></div><a id="d0e13318" class="indexterm"/><a id="d0e13323" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.2. Basic Firewall Policies</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">2.8.3.2. Basic Firewall Policies</h4></div></div></div><a id="d0e13318" class="indexterm"/><a id="d0e13323" class="indexterm"/><div class="para">
Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules.
</div><div class="para">
Each <code class="command">iptables</code> chain is comprised of a default policy, and zero or more rules which work in concert with the default policy to define the overall ruleset for the firewall.
Index: sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.3. Saving and Restoring IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/><link rel="next" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.pn
g" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">2.8.3.3. Saving and Restoring IPTables Rules</h4></div></div></div><a id="d0e13354" class="indexterm"/><a id="d0e13360" class="indexterm"/><a id="d0e13368" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.3. Saving and Restoring IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/><link rel="next" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">2.8.3.3. Saving and Restoring IPTables Rules</h4></div></div></div><a id="d0e13354" class="indexterm"/><a id="d0e13360" class="indexterm"/><a id="d0e13368" class="indexterm"/><div class="para">
Changes to <code class="command">iptables</code> are transitory; if the system is rebooted or if the <code class="command">iptables</code> service is restarted, the rules are automatically flushed and reset. To save the rules so that they are loaded when the <code class="command">iptables</code> service is started, use the following command:
</div><pre class="screen">[root@myServer ~ ] # service iptables save
</pre><div class="para">
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.4. Creating an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.7.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.4. Creating an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.7.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
An <abbr class="abbrev">IPsec</abbr> connection is split into two logical phases. In phase 1, an <abbr class="abbrev">IPsec</abbr> node initializes the connection with the remote node or network. The remote node or network checks the requesting node's credentials and both parties negotiate the authentication method for the connection.
</div><div class="para">
On Fedora systems, an <abbr class="abbrev">IPsec</abbr> connection uses the <em class="firstterm">pre-shared key</em> method of <abbr class="abbrev">IPsec</abbr> node authentication. In a pre-shared key <abbr class="abbrev">IPsec</abbr> connection, both hosts must use the same key in order to move to Phase 2 of the <abbr class="abbrev">IPsec</abbr> connection.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.3. IPsec</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.7.3. IPsec</h3></div></div></div><a id="d0e11080" class="indexterm"/><a id="d0e11085" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.3. IPsec</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.7.3. IPsec</h3></div></div></div><a id="d0e11080" class="indexterm"/><a id="d0e11085" class="indexterm"/><div class="para">
Fedora supports <abbr class="abbrev">IPsec</abbr> for connecting remote hosts and networks to each other using a secure tunnel on a common carrier network such as the Internet. <abbr class="abbrev">IPsec</abbr> can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> to another) configuration.
</div><div class="para">
The <abbr class="abbrev">IPsec</abbr> implementation in Fedora uses <em class="firstterm">Internet Key Exchange</em> (<em class="firstterm">IKE</em>), a protocol implemented by the Internet Engineering Task Force (<acronym class="acronym">IETF</acronym>), used for mutual authentication and secure associations between connecting systems.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6. IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/><link rel="next" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http:/
/docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.7.6. IPsec Host-to-Host Configuration</h3></div></div></div><a id="d0e11280" class="indexterm"/><a id="d0e11287" class="indexterm"/><a id="d0e11294" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6. IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/><link rel="next" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://d
ocs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.7.6. IPsec Host-to-Host Configuration</h3></div></div></div><a id="d0e11280" class="indexterm"/><a id="d0e11287" class="indexterm"/><a id="d0e11294" class="indexterm"/><div class="para">
IPsec can be configured to connect one desktop or workstation (host) to another using a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between each host. The requirements of a host-to-host connection are minimal, as is the configuration of <abbr class="abbrev">IPsec</abbr> on each host. The hosts need only a dedicated connection to a carrier network (such as the Internet) and Fedora to create the <abbr class="abbrev">IPsec</abbr> connection.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">2.7.6.1. Host-to-Host Connection</h4></div></div></div><a id="d0e11310" class="indexterm"/><a id="d0e11315" class="indexterm"/><div class="para">
A host-to-host <abbr class="abbrev">IPsec</abbr> connection is an encrypted connection between two systems, both running <abbr class="abbrev">IPsec</abbr> with the same authentication key. With the <abbr class="abbrev">IPsec</abbr> connection active, any network traffic between the two hosts is encrypted.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.5. IPsec Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedorap
roject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.7.5. IPsec Installation</h3></div></div></div><a id="d0e11186" class="indexterm"/><a id="d0e11193" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.5. IPsec Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedorapro
ject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.7.5. IPsec Installation</h3></div></div></div><a id="d0e11186" class="indexterm"/><a id="d0e11193" class="indexterm"/><div class="para">
Implementing <abbr class="abbrev">IPsec</abbr> requires that the <code class="filename">ipsec-tools</code> RPM package be installed on all <abbr class="abbrev">IPsec</abbr> hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files for setting up the <abbr class="abbrev">IPsec</abbr> connection, including:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="command">/sbin/setkey</code> — manipulates the key management and security attributes of <abbr class="abbrev">IPsec</abbr> in the kernel. This executable is controlled by the <code class="command">racoon</code> key management daemon. Refer to the <code class="command">setkey</code>(8) man page for more information.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7. IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/image
s/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.7.7. IPsec Network-to-Network Configuration</h3></div></div></div><a id="d0e11927" class="indexterm"/><a id="d0e11934" class="indexterm"/><a id="d0e11939" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7. IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/
image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.7.7. IPsec Network-to-Network Configuration</h3></div></div></div><a id="d0e11927" class="indexterm"/><a id="d0e11934" class="indexterm"/><a id="d0e11939" class="indexterm"/><div class="para">
IPsec can also be configured to connect an entire network (such as a <acronym class="acronym">LAN</acronym> or <acronym class="acronym">WAN</acronym>) to a remote network using a network-to-network connection. A network-to-network connection requires the setup of <abbr class="abbrev">IPsec</abbr> routers on each side of the connecting networks to transparently process and route information from one node on a <acronym class="acronym">LAN</acronym> to a node on a remote <acronym class="acronym">LAN</acronym>. <a class="xref" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection" title="Figure 2.11. A network-to-network IPsec tunneled connection">Figure 2.11, “A network-to-network IPsec tunneled connection”</a> shows a network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection.
</div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" alt="A network-to-network IPsec tunneled connection"/><div class="longdesc"><div class="para">
A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.8. Starting and Stopping an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org
"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.7.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.8. Starting and Stopping an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org">
<img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.7.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
If the <abbr class="abbrev">IPsec</abbr> connection was not configured to activate on boot, you can control it from the command line.
</div><div class="para">
To start the connection, use the following command on each host for host-to-host IPsec, or each <abbr class="abbrev">IPsec</abbr> router for network-to-network IPsec:
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.2. VPNs and Fedora</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.7.2. VPNs and Fedora</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.2. VPNs and Fedora</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/>
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.7.2. VPNs and Fedora</h3></div></div></div><div class="para">
Fedora provides various options in terms of implementing a software solution to securely connect to a <acronym class="acronym">WAN</acronym>. <em class="firstterm">Internet Protocol Security</em> (<acronym class="acronym">IPsec</acronym>) is the supported <abbr class="abbrev">VPN</abbr> implementation for Fedora, and sufficiently addresses the usability needs of organizations with branch offices or remote users.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong>2.7. Virtual Private Networks (VPNs)</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong>2.7.3. IPsec</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Virtual_Private_Networks_VPNs.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7. Virtual Private Networks (VPNs)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">2.7. Virtual Private Networks (VPNs)</h2></div></div></div><a id="d0e10961" class="indexterm"/><a id="d0e10964" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7. Virtual Private Networks (VPNs)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_ri
ght.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">2.7. Virtual Private Networks (VPNs)</h2></div></div></div><a id="d0e10961" class="indexterm"/><a id="d0e10964" class="indexterm"/><div class="para">
Organizations with several satellite offices often connect to each other with dedicated lines for efficiency and protection of sensitive data in transit. For example, many businesses use frame relay or <em class="firstterm">Asynchronous Transfer Mode</em> (<acronym class="acronym">ATM</acronym>) lines as an end-to-end networking solution to link one office with others. This can be an expensive proposition, especially for small to medium sized businesses (<acronym class="acronym">SMB</acronym>s) that want to expand without paying the high costs associated with enterprise-level, dedicated digital circuits.
</div><div class="para">
To address this need, <em class="firstterm">Virtual Private Networks</em> (<abbr class="abbrev">VPN</abbr>s) were developed. Following the same functional principles as dedicated circuits, <abbr class="abbrev">VPN</abbr>s allow for secured digital communication between two parties (or networks), creating a <em class="firstterm">Wide Area Network</em> (<acronym class="acronym">WAN</acronym>) from existing <em class="firstterm">Local Area Networks</em> (<acronym class="acronym">LAN</acronym>s). Where it differs from frame relay or ATM is in its transport medium. <abbr class="abbrev">VPN</abbr>s transmit over IP using datagrams as the transport layer, making it a secure conduit through the Internet to an intended destination. Most free software <abbr class="abbrev">VPN</abbr> implementations incorporate open standard encryption methods to further mask data in transit.
Index: sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.2. Defining Assessment and Testing</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</h3></div></div></div><a id="d0e720" class="indexterm"/><a id="d0e727" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.2. Defining Assessment and Testing</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</h3></div></div></div><a id="d0e720" class="indexterm"/><a id="d0e727" class="indexterm"/><div class="para">
Vulnerability assessments may be broken down into one of two types: <em class="firstterm">Outside looking in</em> and <em class="firstterm">inside looking around</em>.
</div><div class="para">
When performing an outside looking in vulnerability assessment, you are attempting to compromise your systems from the outside. Being external to your company provides you with the cracker's viewpoint. You see what a cracker sees — publicly-routable IP addresses, systems on your <em class="firstterm">DMZ</em>, external interfaces of your firewall, and more. DMZ stands for "demilitarized zone", which corresponds to a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
Index: sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3. Evaluating the Tools</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.2.3. Evaluating the Tools</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3. Evaluating the Tools</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.2.3. Evaluating the Tools</h3></div></div></div><div class="para">
An assessment can start by using some form of an information gathering tool. When assessing the entire network, map the layout first to find the hosts that are running. Once located, examine each host individually. Focusing on these hosts requires another set of tools. Knowing which tools to use may be the most crucial step in finding vulnerabilities.
</div><div class="para">
Just as in any aspect of everyday life, there are many different tools that perform the same job. This concept applies to performing vulnerability assessments as well. There are tools specific to operating systems, applications, and even networks (based on the protocols used). Some tools are free; others are not. Some tools are intuitive and easy to use, while others are cryptic and poorly documented but have features that other tools do not.
Index: sect-Security_Guide-Vulnerability_Assessment.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-Vulnerability_Assessment.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-Vulnerability_Assessment.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2. Vulnerability Assessment</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Doc
umentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</h2></div></div></div><a id="d0e683" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2. Vulnerability Assessment</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</h2></div></div></div><a id="d0e683" class="indexterm"/><div class="para">
Given time, resources, and motivation, a cracker can break into nearly any system. At the end of the day, all of the security procedures and technologies currently available cannot guarantee that any systems are safe from intrusion. Routers help secure gateways to the Internet. Firewalls help secure the edge of the network. Virtual Private Networks safely pass data in an encrypted stream. Intrusion detection systems warn you of malicious activity. However, the success of each of these technologies is dependent upon a number of variables, including:
</div><div class="itemizedlist"><ul><li><div class="para">
The expertise of the staff responsible for configuring, monitoring, and maintaining the technologies.
Index: sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3. Altering xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">2.5.4.3. Altering xinetd Configuration Files</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3. Altering xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href
="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">2.5.4.3. Altering xinetd Configuration Files</h4></div></div></div><div class="para">
A range of directives is available for services protected by <code class="systemitem">xinetd</code>. This section highlights some of the more commonly used options.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">2.5.4.3.1. Logging Options</h5></div></div></div><a id="d0e8590" class="indexterm"/><div class="para">
The following logging options are available for both <code class="filename">/etc/xinetd.conf</code> and the service-specific configuration files within the <code class="filename">/etc/xinetd.d/</code> directory.
Index: sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html 27 Jan 2009 13:50:52 -0000 1.6
+++ sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html 28 Jan 2009 00:04:29 -0000 1.7
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.2. The /etc/xinetd.d/ Directory</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">2.5.4.2. The /etc/xinetd.d/ Directory</h4></div></div></div><a id="d0e8429" class="indexterm"/><a id="d0e8439" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.2. The /etc/xinetd.d/ Directory</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-en-US-1.0-10"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">2.5.4.2. The /etc/xinetd.d/ Directory</h4></div></div></div><a id="d0e8429" class="indexterm"/><a id="d0e8439" class="indexterm"/><div class="para">
The <code class="filename">/etc/xinetd.d/</code> directory contains the configuration files for each service managed by <code class="systemitem">xinetd</code> and the names of the files correlate to the service. As with <code class="filename">xinetd.conf</code>, this directory is read only when the <code class="systemitem">xinetd</code> service is started. For any changes to take effect, the administrator must restart the <code class="systemitem">xinetd</code> service.
</div><div class="para">
The format of files in the <code class="filename">/etc/xinetd.d/</code> directory use the same conventions as <code class="filename">/etc/xinetd.conf</code>. The primary reason the configuration for each service is stored in a separate file is to make customization easier and less likely to affect other services.
15 years, 1 month
web/html/docs/security-guide/f10/en_US/images fed-firewallconfig.png, NONE, 1.1 icon.svg, NONE, 1.1 rh-securitylevel.png, 1.1, NONE
by Eric Christensen
Author: sparks
Update of /cvs/fedora/web/html/docs/security-guide/f10/en_US/images
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1790/en_US/images
Added Files:
fed-firewallconfig.png icon.svg
Removed Files:
rh-securitylevel.png
Log Message:
Added firewall config screenshot.
--- NEW FILE icon.svg ---
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:ns="http://ns.adobe.com/AdobeSVGViewerExtensions/3/"
xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://web.resource.org/cc/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.0"
width="32"
height="32"
id="svg3017"
sodipodi:version="0.32"
inkscape:version="0.44+devel"
sodipodi:docname="book.svg"
sodipodi:docbase="/home/andy/Desktop">
<metadata
id="metadata489">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
</cc:Work>
</rdf:RDF>
</metadata>
<sodipodi:namedview
inkscape:window-height="480"
inkscape:window-width="858"
inkscape:pageshadow="0"
inkscape:pageopacity="0.0"
guidetolerance="10.0"
gridtolerance="10.0"
objecttolerance="10.0"
borderopacity="1.0"
bordercolor="#666666"
pagecolor="#ffffff"
id="base"
inkscape:zoom="1"
inkscape:cx="16"
inkscape:cy="15.944056"
inkscape:window-x="0"
inkscape:window-y="33"
inkscape:current-layer="svg3017" />
<defs
id="defs3019">
<linearGradient
id="linearGradient2381">
<stop
style="stop-color:white;stop-opacity:1"
offset="0"
id="stop2383" />
<stop
style="stop-color:white;stop-opacity:0"
offset="1"
id="stop2385" />
</linearGradient>
<linearGradient
x1="415.73831"
y1="11.854"
x2="418.13361"
y2="18.8104"
id="XMLID_1758_"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.8362,0.5206,-1.1904,0.992,147.62,-30.9374)">
<stop
style="stop-color:#ccc;stop-opacity:1"
offset="0"
id="stop3903" />
<stop
style="stop-color:#f2f2f2;stop-opacity:1"
offset="1"
id="stop3905" />
<a:midPointStop
style="stop-color:#CCCCCC"
offset="0" />
<a:midPointStop
style="stop-color:#CCCCCC"
offset="0.5" />
<a:midPointStop
style="stop-color:#F2F2F2"
offset="1" />
</linearGradient>
<linearGradient
x1="500.70749"
y1="-13.2441"
x2="513.46442"
y2="-2.1547"
id="XMLID_1757_"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
<stop
style="stop-color:#5387ba;stop-opacity:1"
offset="0"
id="stop3890" />
<stop
style="stop-color:#96bad6;stop-opacity:1"
offset="1"
id="stop3892" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.5" />
<a:midPointStop
style="stop-color:#96BAD6"
offset="1" />
</linearGradient>
<clipPath
id="XMLID_1755_">
<use
id="use3874"
x="0"
y="0"
width="744.09448"
height="600"
xlink:href="#XMLID_343_" />
</clipPath>
<linearGradient
x1="505.62939"
y1="-14.9526"
x2="527.49402"
y2="-0.7536"
id="XMLID_1756_"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
<stop
style="stop-color:#b4daea;stop-opacity:1"
offset="0"
id="stop3877" />
<stop
style="stop-color:#b4daea;stop-opacity:1"
offset="0.51120001"
id="stop3879" />
<stop
style="stop-color:#5387ba;stop-opacity:1"
offset="0.64609998"
id="stop3881" />
<stop
style="stop-color:#16336e;stop-opacity:1"
offset="1"
id="stop3883" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5112" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.6461" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.5" />
<a:midPointStop
style="stop-color:#16336E"
offset="1" />
</linearGradient>
<linearGradient
x1="471.0806"
y1="201.07761"
x2="481.91711"
y2="210.4977"
id="XMLID_1754_"
gradientUnits="userSpaceOnUse">
<stop
style="stop-color:#6498c1;stop-opacity:1"
offset="0.005618"
id="stop3863" />
<stop
style="stop-color:#79a9cc;stop-opacity:1"
offset="0.2332"
id="stop3865" />
<stop
style="stop-color:#a4cde2;stop-opacity:1"
offset="0.74049997"
id="stop3867" />
<stop
style="stop-color:#b4daea;stop-opacity:1"
offset="1"
id="stop3869" />
<a:midPointStop
style="stop-color:#6498C1"
offset="5.618000e-003" />
<a:midPointStop
style="stop-color:#6498C1"
[...3537 lines suppressed...]
style="stop-color:#B4DAEA"
offset="0" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5112" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.6461" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.5" />
<a:midPointStop
style="stop-color:#16336E"
offset="1" />
</linearGradient>
<linearGradient
x1="506.09909"
y1="-11.5137"
x2="527.99609"
y2="2.7063999"
id="linearGradient17882"
xlink:href="#XMLID_1752_"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)" />
<defs
id="defs3826">
<polygon
points="463.52,216.14 480.56,220.24 481.36,219.5 483.03,202.04 469.05,196.69 468.24,197.45 463.52,216.14 "
id="XMLID_338_" />
</defs>
<linearGradient
x1="468.2915"
y1="204.7612"
x2="479.39871"
y2="214.4166"
id="linearGradient17357"
gradientUnits="userSpaceOnUse">
<stop
style="stop-color:#5387ba;stop-opacity:1"
offset="0"
id="stop17359" />
<stop
style="stop-color:#96bad6;stop-opacity:1"
offset="1"
id="stop17361" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.5" />
<a:midPointStop
style="stop-color:#96BAD6"
offset="1" />
</linearGradient>
<clipPath
id="clipPath17364">
<use
id="use17366"
x="0"
y="0"
width="744.09448"
height="600"
xlink:href="#XMLID_338_" />
</clipPath>
<linearGradient
x1="506.09909"
y1="-11.5137"
x2="527.99609"
y2="2.7063999"
id="linearGradient17368"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.6868,0.4269,-0.9821,0.821,111.6149,-5.7901)">
<stop
style="stop-color:#b4daea;stop-opacity:1"
offset="0"
id="stop17370" />
<stop
style="stop-color:#b4daea;stop-opacity:1"
offset="0.51120001"
id="stop17372" />
<stop
style="stop-color:#5387ba;stop-opacity:1"
offset="0.64609998"
id="stop17374" />
<stop
style="stop-color:#16336e;stop-opacity:1"
offset="1"
id="stop17376" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5112" />
<a:midPointStop
style="stop-color:#B4DAEA"
offset="0.5" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.6461" />
<a:midPointStop
style="stop-color:#5387BA"
offset="0.5" />
<a:midPointStop
style="stop-color:#16336E"
offset="1" />
</linearGradient>
<linearGradient
x1="296.4996"
y1="188.81061"
x2="317.32471"
y2="209.69398"
id="linearGradient2387"
xlink:href="#linearGradient2381"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
<linearGradient
x1="296.4996"
y1="188.81061"
x2="317.32471"
y2="209.69398"
id="linearGradient5105"
xlink:href="#linearGradient2381"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
<linearGradient
x1="296.4996"
y1="188.81061"
x2="317.32471"
y2="209.69398"
id="linearGradient5145"
xlink:href="#linearGradient2381"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)" />
<linearGradient
inkscape:collect="always"
xlink:href="#linearGradient2381"
id="linearGradient2371"
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(0.90776,0,0,0.90776,24.35648,49.24131)"
x1="296.4996"
y1="188.81061"
x2="317.32471"
y2="209.69398" />
</defs>
<g
transform="matrix(0.437808,-0.437808,0.437808,0.437808,-220.8237,43.55311)"
id="g5089">
<path
d="M 8.4382985,-6.28125 C 7.8309069,-6.28125 4.125,-0.33238729 4.125,1.96875 L 4.125,28.6875 C 4.125,29.533884 4.7068159,29.8125 5.28125,29.8125 L 30.84375,29.8125 C 31.476092,29.8125 31.968751,29.319842 31.96875,28.6875 L 31.96875,23.46875 L 32.25,23.46875 C 32.74684,23.46875 33.156249,23.059339 33.15625,22.5625 L 33.15625,-5.375 C 33.15625,-5.8718398 32.74684,-6.28125 32.25,-6.28125 L 8.4382985,-6.28125 z "
transform="translate(282.8327,227.1903)"
style="fill:#5c5c4f;stroke:black;stroke-width:3.23021388;stroke-miterlimit:4;stroke-dasharray:none"
id="path5091" />
<rect
width="27.85074"
height="29.369793"
rx="1.1414107"
ry="1.1414107"
x="286.96509"
y="227.63805"
style="fill:#032c87"
id="rect5093" />
<path
d="M 288.43262,225.43675 L 313.67442,225.43675 L 313.67442,254.80655 L 287.29827,254.83069 L 288.43262,225.43675 z "
style="fill:white"
id="rect5095" />
<path
d="M 302.44536,251.73726 C 303.83227,259.59643 301.75225,263.02091 301.75225,263.02091 C 303.99609,261.41329 305.71651,259.54397 306.65747,257.28491 C 307.62455,259.47755 308.49041,261.71357 310.9319,263.27432 C 310.9319,263.27432 309.33686,256.07392 309.22047,251.73726 L 302.44536,251.73726 z "
style="fill:#a70000;fill-opacity:1;stroke-width:2"
id="path5097" />
<rect
width="25.241802"
height="29.736675"
rx="0.89682275"
ry="0.89682275"
x="290.73544"
y="220.92249"
style="fill:#809cc9"
id="rect5099" />
<path
d="M 576.47347,725.93939 L 582.84431,726.35441 L 583.25121,755.8725 C 581.35919,754.55465 576.39694,752.1117 574.98889,754.19149 L 574.98889,727.42397 C 574.98889,726.60151 575.65101,725.93939 576.47347,725.93939 z "
transform="matrix(0.499065,-0.866565,0,1,0,0)"
style="fill:#4573b3;fill-opacity:1"
id="rect5101" />
<path
d="M 293.2599,221.89363 L 313.99908,221.89363 C 314.45009,221.89363 314.81318,222.25673 314.81318,222.70774 C 315.02865,229.0361 295.44494,244.47124 292.44579,240.30491 L 292.44579,222.70774 C 292.44579,222.25673 292.80889,221.89363 293.2599,221.89363 z "
style="opacity:0.65536726;fill:url(#linearGradient2371);fill-opacity:1"
id="path5103" />
</g>
</svg>
15 years, 1 month
web/html/docs/security-guide/f10/en_US Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html, 1.5, 1.6 Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html, 1.5, 1.6 Security_Guide-Encryption-Data_in_Motion.html, 1.5, 1.6 Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html, 1.5, 1.6 We_Need_Feedback.html, 1.5, 1.6 chap-Security_Guide-Encryption.html, 1.5, 1.6 chap-Security_Guide-General_Principles_of_Information_Security.html, 1.5, 1.6 chap-Security_Guide-Refe
by Eric Christensen
Author: sparks
Update of /cvs/fedora/web/html/docs/security-guide/f10/en_US
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14250/en_US
Modified Files:
Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html
Security_Guide-Encryption-Data_in_Motion.html
Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html
We_Need_Feedback.html chap-Security_Guide-Encryption.html
chap-Security_Guide-General_Principles_of_Information_Security.html
chap-Security_Guide-References.html
chap-Security_Guide-Secure_Installation.html
chap-Security_Guide-Securing_Your_Network.html
chap-Security_Guide-Security_Overview.html
chap-Security_Guide-Software_Maintenance.html index.html
pref-Security_Guide-Preface.html
sect-Security_Guide-Additional_Resources-Related_Books.html
sect-Security_Guide-Additional_Resources-Related_Documentation.html
sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
sect-Security_Guide-Attackers_and_Vulnerabilities.html
sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
sect-Security_Guide-Common_Exploits_and_Attacks.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html
sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
sect-Security_Guide-Encryption-Using_GPG.html
sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
sect-Security_Guide-Evaluating_the_Tools-Nessus.html
sect-Security_Guide-Evaluating_the_Tools-Nikto.html
sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
sect-Security_Guide-Firewalls-Additional_Resources.html
sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
sect-Security_Guide-Firewalls-IPv6.html
sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
sect-Security_Guide-Firewalls-Using_IPTables.html
sect-Security_Guide-Firewalls.html
sect-Security_Guide-IPTables-Additional_Resources.html
sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html
sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
sect-Security_Guide-IPTables-IPTables_and_IPv6.html
sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
sect-Security_Guide-IPTables.html
sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html
sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html
sect-Security_Guide-Kerberos-Additional_Resources.html
sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
sect-Security_Guide-Kerberos-How_Kerberos_Works.html
sect-Security_Guide-Kerberos-Kerberos_Terminology.html
sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
sect-Security_Guide-Kerberos.html
sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
sect-Security_Guide-LUKS_Disk_Encryption.html
sect-Security_Guide-Option_Fields-Access_Control.html
sect-Security_Guide-Option_Fields-Expansions.html
sect-Security_Guide-Option_Fields-Shell_Commands.html
sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
sect-Security_Guide-Securing_FTP-Anonymous_Access.html
sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
sect-Security_Guide-Securing_FTP-User_Accounts.html
sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
sect-Security_Guide-Security_Updates.html
sect-Security_Guide-Server_Security-Securing_FTP.html
sect-Security_Guide-Server_Security-Securing_NFS.html
sect-Security_Guide-Server_Security-Securing_NIS.html
sect-Security_Guide-Server_Security-Securing_Portmap.html
sect-Security_Guide-Server_Security-Securing_Sendmail.html
sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
sect-Security_Guide-Server_Security.html
sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
sect-Security_Guide-Single_Sign_on_SSO.html
sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
sect-Security_Guide-TCP_Wrappers_and_xinetd.html
sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html
sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html
sect-Security_Guide-Virtual_Private_Networks_VPNs.html
sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
sect-Security_Guide-Vulnerability_Assessment.html
sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
Log Message:
Fixed items found to be in error during validation.
Index: Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html 21 Jan 2009 20:19:01 -0000 1.5
+++ Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.6. Secure Shell</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><l
i class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.6. Secure Shell</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><l
i class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Secure_Shell">3.6. Secure Shell</h2></div></div></div><div class="para">
Secure Shell (SSH) also provides encrypted tunnels between computers but only using a single port. <a href="http://www.redhatmagazine.com/2007/11/27/advanced-ssh-configuration-and-t...">Port forwarding can be done over an SSH tunnel</a> and traffic will be encrypted as it passes over that tunnel but using port forwarding isn't as fluid as a VPN.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Prev</strong>3.5. Virtual Private Networks</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Next</strong>3.7. LUKS Disk Encryption</a></li></ul></body></html>
\ No newline at end of file
Index: Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html 21 Jan 2009 20:19:01 -0000 1.5
+++ Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.5. Virtual Private Networks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.5. Virtual Private Networks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks">3.5. Virtual Private Networks</h2></div></div></div><div class="para">
Virtual Private Networks (VPN) provide encrypted tunnels between computers or networks of computers across all ports. With a VPN in place, all network traffic from the client is forwarded to the server through the encrypted tunnel. This means that the client is logically on the same network as the server it is connected to via the VPN. VPNs are very common and are simple to use and setup.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Prev</strong>3.4. Data in Motion</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Next</strong>3.6. Secure Shell</a></li></ul></body></html>
\ No newline at end of file
Index: Security_Guide-Encryption-Data_in_Motion.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Data_in_Motion.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Security_Guide-Encryption-Data_in_Motion.html 21 Jan 2009 20:19:01 -0000 1.5
+++ Security_Guide-Encryption-Data_in_Motion.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.4. Data in Motion</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.4. Data in Motion</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html" title="3.5. Virtual Private Networks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Data_in_Motion">3.4. Data in Motion</h2></div></div></div><div class="para">
Data in motion is data that is being transmitted over a network. The biggest threats to data in motion are interception and alteration. Your user name and password should never be transmitted over a network without protection as it could be intercepted and used by someone else to impersonate you or gain access to sensitive information. Other private information such as bank account information should also be protected when transmitted across a network. If the network session was encrypted then you would not have to worry as much about the data being compromised while it is being transmitted.
</div><div class="para">
Data in motion is particularly vulnerable to attackers because the attacker does not have to be near the computer in which the data is being stored rather they only have to be somewhere along the path. Encryption tunnels can protect data along the path of communications.
Index: Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html 21 Jan 2009 20:19:01 -0000 1.5
+++ Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.3. File Based Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.3. File Based Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/><link rel="next" href="Security_Guide-Encryption-Data_in_Motion.html" title="3.4. Data in Motion"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Data_in_Motion.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption">3.3. File Based Encryption</h2></div></div></div><div class="para">
GnuPG (GPG) is an open source version of PGP that allows you to sign and/or encrypt a file or an email message. This is useful to maintain integrity of the message or file and also protects the confidentiality of the information contained within the file or email. In the case of email, GPG provides dual protection. Not only can it provide Data at Rest protection but also Data In Motion protection once the message has been sent across the network.
</div><div class="para">
File based encryption is intended to protect a file after it has left your computer, such as when you send a CD through the mail. Some file based encryption solutions will leave remnants of the encrypted files that an attacker who has physical access to your computer can recover under some circumstances. To protect the contents of those files from attackers who may have access to your computer, use file based encryption combined with another solution such as full disk encryption.
Index: We_Need_Feedback.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/We_Need_Feedback.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- We_Need_Feedback.html 21 Jan 2009 20:19:01 -0000 1.5
+++ We_Need_Feedback.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2. We Need Feedback!</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="prev" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="next" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html">
<strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="We_Need_Feedback">2. We Need Feedback!</h2></div></div></div><a id="d0e369" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2. We Need Feedback!</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="prev" href="pref-Security_Guide-Preface.html" title="Preface"/><link rel="next" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security_Guide-Preface.html">
<strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Security_Overview.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="We_Need_Feedback">2. We Need Feedback!</h2></div></div></div><a id="d0e369" class="indexterm"/><div class="para">
More information about the Linux Security Guide project can be found at <a href="https://fedorahosted.org/securityguide">https://fedorahosted.org/securityguide</a>
</div><div class="para">
To provide feedback for the Security Guide, please file a bug in <a href="https://fedorahosted.org/securityguide/">https://fedorahosted.org/securityguide/</a>. Please select the proper component in the dropdown menu which should be the page name.
Index: chap-Security_Guide-Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Encryption.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- chap-Security_Guide-Encryption.html 21 Jan 2009 20:19:01 -0000 1.5
+++ chap-Security_Guide-Encryption.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 3. Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/><link rel="next" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Encryption">Chapter 3. Encryption</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html">3.3. File Based Encryption</a></span></dt><dt><span class="section"
><a href="Security_Guide-Encryption-Data_in_Motion.html">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_
by_Step_Instructions.html">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html">3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span cl
ass="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html">3.8.4. Things of note</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="se
ction"><a href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 3. Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/><link rel="next" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html" title="3.2. Full Disk Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Encryption">Chapter 3. Encryption</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Encryption.html#sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html">3.2. Full Disk Encryption</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html">3.3. File Based Encryption</a></span></dt><dt><span class="section"
><a href="Security_Guide-Encryption-Data_in_Motion.html">3.4. Data in Motion</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Virtual_Private_Networks.html">3.5. Virtual Private Networks</a></span></dt><dt><span class="section"><a href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html">3.6. Secure Shell</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html">3.7. LUKS Disk Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption.html#sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html">3.7.2. Manually Encrypting Directories</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_
by_Step_Instructions.html">3.7.3. Step-by-Step Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html">3.7.4. What you have just accomplished.</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html">3.7.5. Links of Interest</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html">3.8. 7-Zip Encrypted Archives</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html#sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html">3.8.2. Step-by-Step Installation Instructions</a></span></dt><dt><span cl
ass="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html">3.8.3. Step-by-Step Usage Instructions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html">3.8.4. Things of note</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html">3.9. Using GNU Privacy Guard (GnuPG)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG.html#sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html">3.9.2. Creating GPG Keys in KDE</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html">3.9.3. Creating GPG Keys Using the Command Line</a></span></dt><dt><span class="se
ction"><a href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html">3.9.4. About Public Key Encryption</a></span></dt></dl></dd></dl></div><div class="para">
There are two main types of data that must be protected: data at rest and data in motion. These different types of data are protected in similar ways using similar technology but the implementations can be completely different. No single protective implementation can prevent all possible methods of compromise as the same information may be at rest and in motion at different points in time.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Data_at_Rest">3.1. Data at Rest</h2></div></div></div><div class="para">
Data at rest is data that is stored on a hard drive, tape, CD, DVD, disk, or other media. This information's biggest threat comes from being physically stolen. Laptops in airports, CDs going through the mail, and backup tapes that get left in the wrong places are all examples of events where data can be compromised through theft. If the data was encrypted on the media then you wouldn't have to worry as much about the data being compromised.
Index: chap-Security_Guide-General_Principles_of_Information_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-General_Principles_of_Information_Security.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- chap-Security_Guide-General_Principles_of_Information_Security.html 21 Jan 2009 20:19:01 -0000 1.5
+++ chap-Security_Guide-General_Principles_of_Information_Security.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 4. General Principles of Information Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/><link rel="next" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul c
lass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-General_Principles_of_Information_Security">Chapter 4. General Principles of Information Security</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 4. General Principles of Information Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/><link rel="next" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul c
lass="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Secure_Installation.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-General_Principles_of_Information_Security">Chapter 4. General Principles of Information Security</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-General_Principles_of_Information_Security.html#sect-Security_Guide-General_Principles_of_Information_Security-Tips_Guides_and_Tools">4.1. Tips, Guides, and Tools</a></span></dt></dl></div><div class="para">
The following general principals provide an overview of good security practices:
</div><div class="itemizedlist"><ul><li><div class="para">
encrypt all data transmitted over networks to help prevent man-in-the-middle attacks and eavesdropping. It is important to encrypt authentication information, such as passwords.
Index: chap-Security_Guide-References.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-References.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- chap-Security_Guide-References.html 21 Jan 2009 20:19:01 -0000 1.5
+++ chap-Security_Guide-References.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 7. References</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintena
nce-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong></a></li><li class="next"/></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-References">Chapter 7. References</h2></div></div></div><a id="d0e16974" class="indexterm"/><a id="d0e16977" class="indexterm"/><a id="d0e16982" class="indexterm"/><a id="d0e16987" class="indexterm"/><a id="d0e16992" class="indexterm"/><a id="d0e16997" class="indexterm"/><a id="d0e17002" class="indexterm"/><a id="d0e17007" class="indexterm"/><a id="d0e17014" class="indexterm"/><a id="d0e17021" class="indexterm"/><a id="d0e17028" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 7. References</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintena
nce-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Prev</strong></a></li><li class="next"/></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-References">Chapter 7. References</h2></div></div></div><a id="d0e16974" class="indexterm"/><a id="d0e16977" class="indexterm"/><a id="d0e16982" class="indexterm"/><a id="d0e16987" class="indexterm"/><a id="d0e16992" class="indexterm"/><a id="d0e16997" class="indexterm"/><a id="d0e17002" class="indexterm"/><a id="d0e17007" class="indexterm"/><a id="d0e17014" class="indexterm"/><a id="d0e17021" class="indexterm"/><a id="d0e17028" class="indexterm"/><div class="para">
The following references are pointers to additional information that is relevant to SELinux and Fedora but beyond the scope of this guide. Note that due to the rapid development of SELinux, some of this material may only apply to specific releases of Fedora.
</div><div class="variablelist" id="vari-Security_Guide-References-Books"><h6>Books</h6><dl><dt><span class="term">SELinux by Example</span></dt><dd><div class="para">
Mayer, MacMillan, and Caplan
Index: chap-Security_Guide-Secure_Installation.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Secure_Installation.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- chap-Security_Guide-Secure_Installation.html 21 Jan 2009 20:19:01 -0000 1.5
+++ chap-Security_Guide-Secure_Installation.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 5. Secure Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/><link rel="next" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Secure_Installation">Chapter 5. Secure Installation</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">5.2. Utilize LUKS Partition Encryption</a></span></dt></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 5. Secure Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/><link rel="next" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Secure_Installation">Chapter 5. Secure Installation</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Secure_Installation.html#sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html">5.2. Utilize LUKS Partition Encryption</a></span></dt></dl></div><div class="para">
Security begins with the first time you put that CD or DVD into your disk drive to install Fedora. Configuring your system securely from the beginning makes it easier to implement additional security settings later.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Secure_Installation-Disk_Partitions">5.1. Disk Partitions</h2></div></div></div><div class="para">
The NSA recommends creating separate partitions for /boot, /, /home, /tmp, and /var/tmp. The reasons for each are different and we will address each partition.
Index: chap-Security_Guide-Securing_Your_Network.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Securing_Your_Network.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- chap-Security_Guide-Securing_Your_Network.html 21 Jan 2009 20:19:01 -0000 1.5
+++ chap-Security_Guide-Securing_Your_Network.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 2. Securing Your Network</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/><link rel="next" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Sec
urity_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Securing_Your_Network">Chapter 2. Securing Your Network</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">2.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="sectio
n"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">2.1.3. Password Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="sec
tion"><a href="sect-Security_Guide-Server_Security.html">2.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">2.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">2.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">2.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">2.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">2.2.6. Securing FTP</a>
</span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">2.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">2.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">2.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">2.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">2.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class
="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">2.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">2.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">2.4. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.4.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">2.4.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Config
uration_File_Format.html">2.4.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">2.4.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">2.4.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">2.4.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">2.4.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">2.4.8. Additional Resources</a></span></dt></dl></dd><dt><span class="sect
ion"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">2.5. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.5.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">2.5.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">2.5.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">2.5.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">2.5.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">2.6. Kerbero
s</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">2.6.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">2.6.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">2.6.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">2.6.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">2.6.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">2.6.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">2.6.7. Domai
n-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">2.6.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">2.6.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">2.6.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html">2.7. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.7.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html">2.7.2. VPNs and Fedora</a></span></dt>
<dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html">2.7.3. IPsec</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html">2.7.4. Creating an IPsec Connection</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html">2.7.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html">2.7.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html">2.7.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html">2.7.8. Starting and Stopping an IPsec C
onnection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">2.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.8.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">2.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">2.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">2.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">2.8.5. FORWARD and NAT Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">2.8.6
. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">2.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">2.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">2.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">2.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">2.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html">2.9.2. Differences Between IPTables and IPChains</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for
_IPTables.html">2.9.3. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">2.9.4. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">2.9.5. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">2.9.6. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">2.9.7. Additional Resources</a></span></dt></dl></dd></dl></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Workstation_Security">2.1. Workstation Security</h2></div></div></div><a id="d0e1789" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 2. Securing Your Network</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/><link rel="next" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Sec
urity_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Securing_Your_Network">Chapter 2. Securing Your Network</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security">2.1. Workstation Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating Workstation Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-BIOS_and_Boot_Loader_Security">2.1.2. BIOS and Boot Loader Security</a></span></dt><dt><span class="sectio
n"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security">2.1.3. Password Security</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Administrative_Controls">2.1.4. Administrative Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Available_Network_Services">2.1.5. Available Network Services</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Personal_Firewalls">2.1.6. Personal Firewalls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Security_Enhanced_Communication_Tools">2.1.7. Security Enhanced Communication Tools</a></span></dt></dl></dd><dt><span class="sec
tion"><a href="sect-Security_Guide-Server_Security.html">2.2. Server Security</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Server_Security-Securing_Services_With_TCP_Wrappers_and_xinetd">2.2.1. Securing Services With TCP Wrappers and xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Portmap.html">2.2.2. Securing Portmap</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NIS.html">2.2.3. Securing NIS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_NFS.html">2.2.4. Securing NFS</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html">2.2.5. Securing the Apache HTTP Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_FTP.html">2.2.6. Securing FTP</a>
</span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Securing_Sendmail.html">2.2.7. Securing Sendmail</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html">2.2.8. Verifying Which Ports Are Listening</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html">2.3. Single Sign-on (SSO)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO.html#sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html">2.3.2. Getting Started with your new Smart Card</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html">2.3.3. How Smart Card Enrollment Works</a></span></dt><dt><span class
="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html">2.3.4. How Smart Card Login Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html">2.3.5. Configuring Firefox to use Kerberos for SSO</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html">2.4. Pluggable Authentication Modules (PAM)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html#sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Advantages_of_PAM">2.4.1. Advantages of PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html">2.4.2. PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Config
uration_File_Format.html">2.4.3. PAM Configuration File Format</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html">2.4.4. Sample PAM Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html">2.4.5. Creating PAM Modules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html">2.4.6. PAM and Administrative Credential Caching</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html">2.4.7. PAM and Device Ownership</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html">2.4.8. Additional Resources</a></span></dt></dl></dd><dt><span class="sect
ion"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html">2.5. TCP Wrappers and xinetd</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers">2.5.1. TCP Wrappers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html">2.5.2. TCP Wrappers Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html">2.5.3. xinetd</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html">2.5.4. xinetd Configuration Files</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html">2.5.5. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html">2.6. Kerbero
s</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Kerberos.html#sect-Security_Guide-Kerberos-What_is_Kerberos">2.6.1. What is Kerberos?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html">2.6.2. Kerberos Terminology</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html">2.6.3. How Kerberos Works</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html">2.6.4. Kerberos and PAM</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html">2.6.5. Configuring a Kerberos 5 Server</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html">2.6.6. Configuring a Kerberos 5 Client</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html">2.6.7. Domai
n-to-Realm Mapping</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html">2.6.8. Setting Up Secondary KDCs</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html">2.6.9. Setting Up Cross Realm Authentication</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Kerberos-Additional_Resources.html">2.6.10. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html">2.7. Virtual Private Networks (VPNs)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html#sect-Security_Guide-Virtual_Private_Networks_VPNs-How_Does_a_VPN_Work">2.7.1. How Does a VPN Work?</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html">2.7.2. VPNs and Fedora</a></span></dt>
<dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html">2.7.3. IPsec</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html">2.7.4. Creating an IPsec Connection</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html">2.7.5. IPsec Installation</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html">2.7.6. IPsec Host-to-Host Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html">2.7.7. IPsec Network-to-Network Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html">2.7.8. Starting and Stopping an IPsec C
onnection</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html">2.8. Firewalls</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Firewalls.html#sect-Security_Guide-Firewalls-Netfilter_and_IPTables">2.8.1. Netfilter and IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html">2.8.2. Basic Firewall Configuration</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Using_IPTables.html">2.8.3. Using IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html">2.8.4. Common IPTables Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html">2.8.5. FORWARD and NAT Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html">2.8.6
. Malicious Software and Spoofed IP Addresses</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html">2.8.7. IPTables and Connection Tracking</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-IPv6.html">2.8.8. IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Firewalls-Additional_Resources.html">2.8.9. Additional Resources</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-IPTables.html">2.9. IPTables</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-IPTables.html#sect-Security_Guide-IPTables-Packet_Filtering">2.9.1. Packet Filtering</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html">2.9.2. Differences Between IPTables and IPChains</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Command_Options_for
_IPTables.html">2.9.3. Command Options for IPTables</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html">2.9.4. Saving IPTables Rules</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html">2.9.5. IPTables Control Scripts</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html">2.9.6. IPTables and IPv6</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-IPTables-Additional_Resources.html">2.9.7. Additional Resources</a></span></dt></dl></dd></dl></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Workstation_Security">2.1. Workstation Security</h2></div></div></div><a id="d0e1789" class="indexterm"/><div class="para">
Securing a Linux environment begins with the workstation. Whether locking down a personal machine or securing an enterprise system, sound security policy begins with the individual computer. A computer network is only as secure as its weakest node.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Workstation_Security-Evaluating_Workstation_Security">2.1.1. Evaluating Workstation Security</h3></div></div></div><a id="d0e1797" class="indexterm"/><a id="d0e1804" class="indexterm"/><a id="d0e1811" class="indexterm"/><a id="d0e1818" class="indexterm"/><a id="d0e1825" class="indexterm"/><a id="d0e1832" class="indexterm"/><div class="para">
When evaluating the security of a Fedora workstation, consider the following:
Index: chap-Security_Guide-Security_Overview.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Security_Overview.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- chap-Security_Guide-Security_Overview.html 21 Jan 2009 20:19:01 -0000 1.5
+++ chap-Security_Guide-Security_Overview.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 1. Security Overview</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="We_Need_Feedback.html" title="2. We Need Feedback!"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="We_Need_Feedback.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Security_Overview">Chapter 1. Security Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.2. Security Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#se
ct-Security_Guide-Introduction_to_Security-Conclusion">1.1.3. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_V
ulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="
sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt></dl></dd></dl></div><a id="d0e387" class="indexterm"/><a id="d0e390" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 1. Security Overview</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="We_Need_Feedback.html" title="2. We Need Feedback!"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="We_Need_Feedback.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Security_Overview">Chapter 1. Security Overview</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security">1.1. Introduction to Security</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-What_is_Computer_Security">1.1.1. What is Computer Security?</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#sect-Security_Guide-Introduction_to_Security-Security_Controls">1.1.2. Security Controls</a></span></dt><dt><span class="section"><a href="chap-Security_Guide-Security_Overview.html#se
ct-Security_Guide-Introduction_to_Security-Conclusion">1.1.3. Conclusion</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html">1.2. Vulnerability Assessment</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment.html#sect-Security_Guide-Vulnerability_Assessment-Thinking_Like_the_Enemy">1.2.1. Thinking Like the Enemy</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html">1.2.2. Defining Assessment and Testing</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html">1.2.3. Evaluating the Tools</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities.html">1.3. Attackers and Vulnerabilities</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_V
ulnerabilities.html#sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html">1.3.2. Threats to Network Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html">1.3.3. Threats to Server Security</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html">1.3.4. Threats to Workstation and Home PC Security</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security_Guide-Common_Exploits_and_Attacks.html">1.4. Common Exploits and Attacks</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Security_Updates.html">1.5. Security Updates</a></span></dt><dd><dl><dt><span class="section"><a href="
sect-Security_Guide-Security_Updates.html#sect-Security_Guide-Security_Updates-Updating_Packages">1.5.1. Updating Packages</a></span></dt></dl></dd></dl></div><a id="d0e387" class="indexterm"/><a id="d0e390" class="indexterm"/><div class="para">
Because of the increased reliance on powerful, networked computers to help run businesses and keep track of our personal information, industries have been formed around the practice of network and computer security. Enterprises have solicited the knowledge and skills of security experts to properly audit systems and tailor solutions to fit the operating requirements of the organization. Because most organizations are dynamic in nature, with workers accessing company IT resources locally and remotely, the need for secure computing environments has become more pronounced.
</div><div class="para">
Unfortunately, most organizations (as well as individual users) regard security as an afterthought, a process that is overlooked in favor of increased power, productivity, and budgetary concerns. Proper security implementation is often enacted <em class="firstterm">postmortem</em> — after an unauthorized intrusion has already occurred. Security experts agree that taking the correct measures prior to connecting a site to an untrusted network, such as the Internet, is an effective means of thwarting most attempts at intrusion.
Index: chap-Security_Guide-Software_Maintenance.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/chap-Security_Guide-Software_Maintenance.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- chap-Security_Guide-Software_Maintenance.html 21 Jan 2009 20:19:01 -0000 1.5
+++ chap-Security_Guide-Software_Maintenance.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 6. Software Maintenance</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Software_Maintenance">Chapter 6. Software Maintenance</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">6.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-
Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 6. Software Maintenance</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html" title="5.2. Utilize LUKS Partition Encryption"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security_Guide-Software_Maintenance">Chapter 6. Software Maintenance</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security_Guide-Software_Maintenance.html#sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html">6.2. Plan and Configure Security Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-
Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html">6.3. Adjusting Automatic Updates</a></span></dt><dt><span class="section"><a href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html">6.4. Install Signed Packages from Well Known Repositories</a></span></dt></dl></div><div class="para">
Software maintenance is extremely important to maintaining a secure system. It is vital to patch software as soon as it becomes available in order to prevent attackers from using known holes to infiltrate your system.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Minimal_Software">6.1. Install Minimal Software</h2></div></div></div><div class="para">
It is best practice to install only the packages you will use because each piece of software on your computer could possibly contain a vulnerability. If you are installing from the DVD media take the opportunity to select exactly what packages you want to install during the installation. When you find you need another package, you can always add it to the system later.
Index: index.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/index.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- index.html 21 Jan 2009 20:19:01 -0000 1.5
+++ index.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><meta name="description" content="The Linux Security Guide is designed to assist users of Linux in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. The Linux Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods."/><link rel="home" href="index.html" title="security-guide"/><link rel="next" href="pref-Security_Guide-Preface.html" title="Preface"/></head><bod
y class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Next</strong></a></li></ul><div class="book" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">fedora</span> <span class="productnumber">11</span></div><div><h1 id="d0e1" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 1.0</p><div><h3 class="corpauthor">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>security-guide</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><meta name="description" content="The Linux Security Guide is designed to assist users of Linux in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. The Linux Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods."/><link rel="home" href="index.html" title="security-guide"/><link rel="next" href="pref-Security_Guide-Preface.html" title="Preface"/></head><bod
y class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security_Guide-Preface.html"><strong>Next</strong></a></li></ul><div class="book" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">fedora</span> <span class="productnumber">11</span></div><div><h1 id="d0e1" class="title">security-guide</h1></div><div><h2 class="subtitle">A Guide to Securing Fedora Linux</h2></div><p class="edition">Edition 1.0</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object type="image/svg+xml" data="Common_Content/images/title_logo.svg"/></span>
</h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Johnray</span> <span class="surname">Fuller</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jrfuller@redhat.com">jrfuller(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="surname">Ha</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:jha@redhat.com">jha(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">O'Brien</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:daobrien@redhat.com">daobrien(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Eric</span> <span class=
"surname">Christensen</span></h3><div class="affiliation"><span class="orgname">Fedora Project</span> <span class="orgdiv">Documentation Team</span></div><code class="email"><a class="email" href="mailto:sparks@fedoraproject.org">sparks(a)fedoraproject.org</a></code></div><div class="author"><h3 class="author"><span class="firstname">Scott</span> <span class="surname">Radvan</span></h3><div class="affiliation"><span class="orgname">Red Hat</span></div><code class="email"><a class="email" href="mailto:sradvan@redhat.com">sradvan(a)redhat.com</a></code></div></div></div><hr/><div><div id="d0e27" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
Copyright <span class="trademark"/>© 2008 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0, (the latest version is presently available at <a href="http://www.opencontent.org/openpub/">http://www.opencontent.org/openpub/</a>).
Index: pref-Security_Guide-Preface.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/pref-Security_Guide-Preface.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- pref-Security_Guide-Preface.html 21 Jan 2009 20:19:01 -0000 1.5
+++ pref-Security_Guide-Preface.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Preface</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="index.html" title="security-guide"/><link rel="next" href="We_Need_Feedback.html" title="2. We Need Feedback!"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="We_Need_Feedback.html"><st
rong>Next</strong></a></li></ul><div class="preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e101">1. Document Conventions</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Preface</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="index.html" title="security-guide"/><link rel="prev" href="index.html" title="security-guide"/><link rel="next" href="We_Need_Feedback.html" title="2. We Need Feedback!"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="We_Need_Feedback.html"><st
rong>Next</strong></a></li></ul><div class="preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security_Guide-Preface" class="title">Preface</h1></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e101">1. Document Conventions</h2></div></div></div><div class="para">
This manual uses several conventions to highlight certain words and phrases and draw attention to specific pieces of information.
</div><div class="para">
In PDF and paper editions, this manual uses typefaces drawn from the <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> set. The Liberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes the Liberation Fonts set by default.
Index: sect-Security_Guide-Additional_Resources-Related_Books.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Related_Books.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Additional_Resources-Related_Books.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Additional_Resources-Related_Books.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.3. Related Books</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/><link rel="next" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">2.5.5.3. Related Books</h4></div></div></div><a id="d0e9181" class="indexterm"/><a id="d0e9188" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.3. Related Books</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/><link rel="next" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Books">2.5.5.3. Related Books</h4></div></div></div><a id="d0e9181" class="indexterm"/><a id="d0e9188" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<em class="citetitle">Hacking Linux Exposed</em> by Brian Hatch, James Lee, and George Kurtz; Osbourne/McGraw-Hill — An excellent security resource with information about TCP Wrappers and <code class="systemitem">xinetd</code>.
</div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Prev</strong>2.5.5.2. Useful TCP Wrappers Websites</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos.html"><strong>Next</strong>2.6. Kerberos</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Additional_Resources-Related_Documentation.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Related_Documentation.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Additional_Resources-Related_Documentation.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Additional_Resources-Related_Documentation.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.3. Related Documentation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/><link rel="next" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">2.8.9.3. Related Documentation</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.3. Related Documentation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/><link rel="next" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Related_Documentation">2.8.9.3. Related Documentation</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
<em class="citetitle">Red Hat Linux Firewalls</em>, by Bill McCarty; Red Hat Press — a comprehensive reference to building network and server firewalls using open source packet filtering technology such as Netfilter and <code class="command">iptables</code>. It includes topics that cover analyzing firewall logs, developing firewall rules, and customizing your firewall using various graphical tools.
</div></li><li><div class="para">
<em class="citetitle">Linux Firewalls</em>, by Robert Ziegler; New Riders Press — contains a wealth of information on building firewalls using both 2.2 kernel <code class="command">ipchains</code> as well as Netfilter and <code class="command">iptables</code>. Additional security topics such as remote access issues and intrusion detection systems are also covered.
Index: sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.2. Useful Firewall Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">2.8.9.2. Useful Firewall Websites</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9.2. Useful Firewall Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites">2.8.9.2. Useful Firewall Websites</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The official homepage of the Netfilter and <code class="command">iptables</code> project.
</div></li><li><div class="para">
<a href="http://www.tldp.org/">http://www.tldp.org/</a> — The Linux Documentation Project contains several useful guides relating to firewall creation and administration.
Index: sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7.2. Useful IP Tables Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="prev" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="next" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">2.9.7.2. Useful IP Tables Websites</h4></div></div></div><a id="d0e16307" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7.2. Useful IP Tables Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="prev" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/><link rel="next" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites">2.9.7.2. Useful IP Tables Websites</h4></div></div></div><a id="d0e16307" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.netfilter.org/">http://www.netfilter.org/</a> — The home of the netfilter/iptables project. Contains assorted information about <code class="command">iptables</code>, including a FAQ addressing specific problems and various helpful guides by Rusty Russell, the Linux IP firewall maintainer. The HOWTO documents on the site cover subjects such as basic networking concepts, kernel packet filtering, and NAT configurations.
</div></li><li><div class="para">
<a href="http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html">http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html</a> — An introduction to the way packets move through the Linux kernel, plus an introduction to constructing basic <code class="command">iptables</code> commands.
Index: sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10.2. Useful Kerberos Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">2.6.10.2. Useful Kerberos Websites</h4></div></div></div><a id="d0e10899" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10.2. Useful Kerberos Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites">2.6.10.2. Useful Kerberos Websites</h4></div></div></div><a id="d0e10899" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a> — <em class="citetitle">Kerberos: The Network Authentication Protocol</em> webpage from MIT.
</div></li><li><div class="para">
<a href="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html</a> — The Kerberos Frequently Asked Questions (FAQ).
Index: sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8.2. Useful PAM Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">2.4.8.2. Useful PAM Websites</h4></div></div></div><a id="d0e7154" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8.2. Useful PAM Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites">2.4.8.2. Useful PAM Websites</h4></div></div></div><a id="d0e7154" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a> — The primary distribution website for the Linux-PAM project, containing information on various PAM modules, a FAQ, and additional PAM documentation.
</div><div class="note"><h2>Note</h2><div class="para">
The documentation in the above website is for the last released upstream version of PAM and might not be 100% accurate for the PAM version included in Fedora.
Index: sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.2. Useful TCP Wrappers Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">2.5.5.2. Useful TCP Wrappers Websites</h4></div></div></div><a id="d0e9144" class="indexterm"/><a id="d0e9151" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5.2. Useful TCP Wrappers Websites</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites">2.5.5.2. Useful TCP Wrappers Websites</h4></div></div></div><a id="d0e9144" class="indexterm"/><a id="d0e9151" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<a href="http://www.xinetd.org">http://www.xinetd.org/</a> — The home of <code class="systemitem">xinetd</code>, containing sample configuration files, a full listing of features, and an informative FAQ.
</div></li><li><div class="para">
<a href="http://www.macsecurity.org/resources/xinetd/tutorial.shtml">http://www.macsecurity.org/resources/xinetd/tutorial.shtml</a> — A thorough tutorial that discusses many different ways to optimize default <code class="systemitem">xinetd</code> configuration files to meet specific security goals.
Index: sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.2. Access Control Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.p
ng" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">2.5.4.3.2. Access Control Options</h5></div></div></div><a id="d0e8677" class="indexterm"/><a id="d0e8685" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.2. Access Control Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.p
ng" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options">2.5.4.3.2. Access Control Options</h5></div></div></div><a id="d0e8677" class="indexterm"/><a id="d0e8685" class="indexterm"/><div class="para">
Users of <code class="systemitem">xinetd</code> services can choose to use the TCP Wrappers hosts access rules, provide access control via the <code class="systemitem">xinetd</code> configuration files, or a mixture of both. Refer to <a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files">Section 2.5.2, “TCP Wrappers Configuration Files”</a> for more information about TCP Wrappers hosts access control files.
</div><div class="para">
This section discusses using <code class="systemitem">xinetd</code> to control access to services.
Index: sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.3. Binding and Redirection Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Produ
ct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">2.5.4.3.3. Binding and Redirection Options</h5></div></div></div><a id="d0e8847" class="indexterm"/><a id="d0e8855" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.3. Binding and Redirection Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Produ
ct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options">2.5.4.3.3. Binding and Redirection Options</h5></div></div></div><a id="d0e8847" class="indexterm"/><a id="d0e8855" class="indexterm"/><div class="para">
The service configuration files for <code class="systemitem">xinetd</code> support binding the service to an IP address and redirecting incoming requests for that service to another IP address, hostname, or port.
</div><div class="para">
Binding is controlled with the <code class="option">bind</code> option in the service-specific configuration files and links the service to one IP address on the system. When this is configured, the <code class="option">bind</code> option only allows requests to the correct IP address to access the service. You can use this method to bind different services to different network interfaces based on requirements.
Index: sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.4. Resource Management Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">2.5.4.3.4. Resource Management Options</h5></div></div></div><a id="d0e8937" class="indexterm"/><a id="d0e8945" class="indexterm"/><a id="d0e8951" class="indexterm"/><a id="d0e8956" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3.4. Resource Management Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html" title="2.5.4.3.3. Binding and Redirection Options"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html" title="2.5.5. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Binding_and_Redirection_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options">2.5.4.3.4. Resource Management Options</h5></div></div></div><a id="d0e8937" class="indexterm"/><a id="d0e8945" class="indexterm"/><a id="d0e8951" class="indexterm"/><a id="d0e8956" class="indexterm"/><div class="para">
The <code class="systemitem">xinetd</code> daemon can add a basic level of protection from Denial of Service (DoS) attacks. The following is a list of directives which can aid in limiting the effectiveness of such attacks:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">per_source</code> — Defines the maximum number of instances for a service per source IP address. It accepts only integers as an argument and can be used in both <code class="filename">xinetd.conf</code> and in the service-specific configuration files in the <code class="filename">xinetd.d/</code> directory.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.2. Threats to Network Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conten
t/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</h3></div></div></div><a id="d0e1068" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.2. Threats to Network Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conten
t/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security">1.3.2. Threats to Network Security</h3></div></div></div><a id="d0e1068" class="indexterm"/><div class="para">
Bad practices when configuring the following aspects of a network can increase the risk of attack.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Network_Security-Insecure_Architectures">1.3.2.1. Insecure Architectures</h4></div></div></div><a id="d0e1078" class="indexterm"/><div class="para">
A misconfigured network is a primary entry point for unauthorized users. Leaving a trust-based, open local network vulnerable to the highly-insecure Internet is much like leaving a door ajar in a crime-ridden neighborhood — nothing may happen for an arbitrary amount of time, but <span class="emphasis"><em>eventually</em></span> someone exploits the opportunity.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3. Threats to Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</h3></div></div></div><a id="d0e1109" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3. Threats to Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security">1.3.3. Threats to Server Security</h3></div></div></div><a id="d0e1109" class="indexterm"/><div class="para">
Server security is as important as network security because servers often hold a great deal of an organization's vital information. If a server is compromised, all of its contents may become available for the cracker to steal or manipulate at will. The following sections detail some of the main issues.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unused_Services_and_Open_Ports">1.3.3.1. Unused Services and Open Ports</h4></div></div></div><a id="d0e1119" class="indexterm"/><div class="para">
A full installation of Fedora contains 1000+ application and library packages. However, most server administrators do not opt to install every single package in the distribution, preferring instead to install a base installation of packages, including several server applications.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4. Threats to Workstation and Home PC Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class
="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</h3></div></div></div><a id="d0e1204" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4. Threats to Workstation and Home PC Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class
="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security">1.3.4. Threats to Workstation and Home PC Security</h3></div></div></div><a id="d0e1204" class="indexterm"/><div class="para">
Workstations and home PCs may not be as prone to attack as networks or servers, but since they often contain sensitive data, such as credit card information, they are targeted by system crackers. Workstations can also be co-opted without the user's knowledge and used by attackers as "slave" machines in coordinated attacks. For these reasons, knowing the vulnerabilities of a workstation can save users the headache of reinstalling the operating system, or worse, recovering from data theft.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Bad_Passwords">1.3.4.1. Bad Passwords</h4></div></div></div><a id="d0e1214" class="indexterm"/><div class="para">
Bad passwords are one of the easiest ways for an attacker to gain access to a system. For more on how to avoid common pitfalls when creating a password, refer to <a class="xref" href="chap-Security_Guide-Securing_Your_Network.html#sect-Security_Guide-Workstation_Security-Password_Security" title="2.1.3. Password Security">Section 2.1.3, “Password Security”</a>.
Index: sect-Security_Guide-Attackers_and_Vulnerabilities.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Attackers_and_Vulnerabilities.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Attackers_and_Vulnerabilities.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Attackers_and_Vulnerabilities.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3. Attackers and Vulnerabilities</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
ommon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</h2></div></div></div><a id="d0e968" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3. Attackers and Vulnerabilities</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html" title="1.3.2. Threats to Network Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
ommon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Network_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities">1.3. Attackers and Vulnerabilities</h2></div></div></div><a id="d0e968" class="indexterm"/><div class="para">
To plan and implement a good security strategy, first be aware of some of the issues which determined, motivated attackers exploit to compromise systems. But before detailing these issues, the terminology used when identifying an attacker must be defined.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Attackers_and_Vulnerabilities-A_Quick_History_of_Hackers">1.3.1. A Quick History of Hackers</h3></div></div></div><a id="d0e976" class="indexterm"/><a id="d0e981" class="indexterm"/><div class="para">
The modern meaning of the term <em class="firstterm">hacker</em> has origins dating back to the 1960s and the Massachusetts Institute of Technology (MIT) Tech Model Railroad Club, which designed train sets of large scale and intricate detail. Hacker was a name used for club members who discovered a clever trick or workaround for a problem.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.6. Activating the IPTables Service</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/><link rel="next" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">2.8.2.6. Activating the IPTables Service</h4></div></div></div><a id="d0e13169" class="indexterm"/><a id="d0e13177" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.6. Activating the IPTables Service</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/><link rel="next" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service">2.8.2.6. Activating the IPTables Service</h4></div></div></div><a id="d0e13169" class="indexterm"/><a id="d0e13177" class="indexterm"/><div class="para">
The firewall rules are only active if the <code class="command">iptables</code> service is running. To manually start the service, use the following command:
</div><pre class="screen">[root@myServer ~] # service iptables restart
</pre><div class="para">
Index: sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.2. Enabling and Disabling the Firewall</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">2.8.2.2. Enabling and Disabling the Firewall</h4></div></div></div><a id="d0e12967" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.2. Enabling and Disabling the Firewall</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall">2.8.2.2. Enabling and Disabling the Firewall</h4></div></div></div><a id="d0e12967" class="indexterm"/><div class="para">
Select one of the following options for the firewall:
</div><div class="itemizedlist"><ul><li><div class="para">
<span class="guilabel"><strong>Disabled</strong></span> — Disabling the firewall provides complete access to your system and does no security checking. This should only be selected if you are running on a trusted network (not the Internet) or need to configure a custom firewall using the iptables command line tool.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.4. Other Ports</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">2.8.2.4. Other Ports</h4></div></div></div><a id="d0e13094" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.4. Other Ports</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html" title="2.8.2.3. Trusted Services"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html" title="2.8.2.5. Saving the Settings"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">2.8.2.4. Other Ports</h4></div></div></div><a id="d0e13094" class="indexterm"/><div class="para">
The <span class="application"><strong>Firewall Configuration Tool</strong></span> includes an <span class="guilabel"><strong>Other ports</strong></span> section for specifying custom IP ports as being trusted by <code class="command">iptables</code>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <span class="guilabel"><strong>Other ports</strong></span> section:
</div><div class="para">
<code class="computeroutput">194:tcp,631:tcp</code>
Index: sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.5. Saving the Settings</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
ommon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">2.8.2.5. Saving the Settings</h4></div></div></div><a id="d0e13122" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.5. Saving the Settings</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
ommon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Saving_the_Settings">2.8.2.5. Saving the Settings</h4></div></div></div><a id="d0e13122" class="indexterm"/><div class="para">
Click <span class="guibutton"><strong>OK</strong></span> to save the changes and enable or disable the firewall. If <span class="guilabel"><strong>Enable firewall</strong></span> was selected, the options selected are translated to <code class="command">iptables</code> commands and written to the <code class="filename">/etc/sysconfig/iptables</code> file. The <code class="command">iptables</code> service is also started so that the firewall is activated immediately after saving the selected options. If <span class="guilabel"><strong>Disable firewall</strong></span> was selected, the <code class="filename">/etc/sysconfig/iptables</code> file is removed and the <code class="command">iptables</code> service is stopped immediately.
</div><div class="para">
The selected options are also written to the <code class="filename">/etc/sysconfig/system-config-securitylevel</code> file so that the settings can be restored the next time the application is started. Do not edit this file by hand.
Index: sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.3. Trusted Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img s
rc="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">2.8.2.3. Trusted Services</h4></div></div></div><a id="d0e13007" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2.3. Trusted Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html" title="2.8.2.4. Other Ports"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img s
rc="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Basic_Firewall_Configuration-Trusted_Services">2.8.2.3. Trusted Services</h4></div></div></div><a id="d0e13007" class="indexterm"/><div class="para">
Enabling options in the <span class="guilabel"><strong>Trusted services</strong></span> list allows the specified service to pass through the firewall.
</div><div class="variablelist"><dl><dt><span class="term"><span class="guilabel"><strong>WWW (HTTP)</strong></span></span></dt><dd><div class="para">
The HTTP protocol is used by Apache (and by other Web servers) to serve web pages. If you plan on making your Web server publicly available, select this check box. This option is not required for viewing pages locally or for developing web pages. This service requires that the <code class="filename">httpd</code> package be installed.
Index: sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.2. Command Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">2.9.3.2. Command Options</h4></div></div></div><a id="d0e14521" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.2. Command Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Comm
on_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Command_Options">2.9.3.2. Command Options</h4></div></div></div><a id="d0e14521" class="indexterm"/><div class="para">
Command options instruct <code class="command">iptables</code> to perform a specific action. Only one command option is allowed per <code class="command">iptables</code> command. With the exception of the help command, all commands are written in upper-case characters.
</div><div class="para">
The <code class="command">iptables</code> commands are as follows:
Index: sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4. IPTables Match Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Cont
ent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">2.9.3.4. IPTables Match Options</h4></div></div></div><a id="d0e14918" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4. IPTables Match Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html" title="2.9.3.3. IPTables Parameter Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Cont
ent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options">2.9.3.4. IPTables Match Options</h4></div></div></div><a id="d0e14918" class="indexterm"/><div class="para">
Different network protocols provide specialized matching options which can be configured to match a particular packet using that protocol. However, the protocol must first be specified in the <code class="command">iptables</code> command. For example, <code class="option">-p <em class="replaceable"><code><protocol-name></code></em></code> enables options for the specified protocol. Note that you can also use the protocol ID, instead of the protocol name. Refer to the following examples, each of which have the same effect:
</div><pre class="screen"><code class="command"> iptables -A INPUT -p icmp --icmp-type any -j ACCEPT </code><code class="command"> iptables -A INPUT -p 5813 --icmp-type any -j ACCEPT </code>
</pre><div class="para">
Index: sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.3. IPTables Parameter Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">2.9.3.3. IPTables Parameter Options</h4></div></div></div><a id="d0e14685" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.3. IPTables Parameter Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Parameter_Options">2.9.3.3. IPTables Parameter Options</h4></div></div></div><a id="d0e14685" class="indexterm"/><div class="para">
Certain <code class="command">iptables</code> commands, including those used to add, append, delete, insert, or replace rules within a particular chain, require various parameters to construct a packet filtering rule.
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">-c</code> — Resets the counters for a particular rule. This parameter accepts the <code class="option">PKTS</code> and <code class="option">BYTES</code> options to specify which counter to reset.
Index: sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.6. Listing Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/><link rel="next" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">2.9.3.6. Listing Options</h4></div></div></div><a id="d0e15548" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.6. Listing Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/><link rel="next" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options">2.9.3.6. Listing Options</h4></div></div></div><a id="d0e15548" class="indexterm"/><div class="para">
The default list command, <code class="command">iptables -L [<chain-name>]</code>, provides a very basic overview of the default filter table's current chains. Additional options provide more information:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">-v</code> — Displays verbose output, such as the number of packets and bytes each chain has processed, the number of packets and bytes each rule has matched, and which interfaces apply to a particular rule.
Index: sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.5. Target Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">2.9.3.5. Target Options</h4></div></div></div><a id="d0e15389" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.5. Target Options</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Command_Options_for_IPTables-Target_Options">2.9.3.5. Target Options</h4></div></div></div><a id="d0e15389" class="indexterm"/><div class="para">
When a packet has matched a particular rule, the rule can direct the packet to a number of different targets which determine the appropriate action. Each chain has a default target, which is used if none of the rules on that chain match a packet or if none of the rules which match the packet specify a target.
</div><div class="para">
The following are the standard targets:
Index: sect-Security_Guide-Common_Exploits_and_Attacks.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Common_Exploits_and_Attacks.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Common_Exploits_and_Attacks.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Common_Exploits_and_Attacks.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.4. Common Exploits and Attacks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/><link rel="next" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</h2></div></div></div><a id="d0e1244" class="indexterm"/><a id="d0e1249" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.4. Common Exploits and Attacks</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html" title="1.3.4.2. Vulnerable Client Applications"/><link rel="next" href="sect-Security_Guide-Security_Updates.html" title="1.5. Security Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Security_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Common_Exploits_and_Attacks">1.4. Common Exploits and Attacks</h2></div></div></div><a id="d0e1244" class="indexterm"/><a id="d0e1249" class="indexterm"/><div class="para">
<a class="xref" href="sect-Security_Guide-Common_Exploits_and_Attacks.html#tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits" title="Table 1.1. Common Exploits">Table 1.1, “Common Exploits”</a> details some of the most common exploits and entry points used by intruders to access organizational network resources. Key to these common exploits are the explanations of how they are performed and how administrators can properly safeguard their network against such attacks.
</div><div class="table" id="tabl-Security_Guide-Common_Exploits_and_Attacks-Common_Exploits"><div class="table-contents"><table summary="Common Exploits" border="1"><colgroup><col width="2*"/><col width="4*"/><col width="4*"/></colgroup><thead><tr><th>
Exploit
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.2. Step-by-Step Installation Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</h3></div></div></div><div class="itemizedlist"><ul><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.2. Step-by-Step Installation Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions">3.8.2. Step-by-Step Installation Instructions</h3></div></div></div><div class="itemizedlist"><ul><li><div class="para">
Open a Terminal: <code class="code">Click ''Applications'' -> ''System Tools'' -> ''Terminal''</code>
</div></li><li><div class="para">
Install 7-Zip with sudo access: <code class="code">sudo yum install p7zip</code>
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html 21 Jan 2009 20:19:01 -0000 1.5
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.4. Things of note</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.4. Things of note</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html" title="3.8.3. Step-by-Step Usage Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note">3.8.4. Things of note</h3></div></div></div><div class="para">
7-Zip is not shipped by default with Microsoft Windows or Mac OS X. If you need to use your 7-Zip files on those platforms you will need to install the appropriate version of 7-Zip on those computers. See the 7-Zip <a href="http://www.7-zip.org/download.html">download page</a>.
</div><div class="para">
GNOME's File Roller application will recognize your .7z files and attempt to open them, but it will fail with the error "''An error occurred while loading the archive.''" when it attempts to do so. This is because File Roller does not currently support the extraction of encrypted 7-Zip files. A bug report ([http://bugzilla.gnome.org/show_bug.cgi?id=490732 Gnome Bug 490732]) has been submitted.
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.3. Step-by-Step Usage Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraprojec
t.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8.3. Step-by-Step Usage Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraprojec
t.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Usage_Instructions">3.8.3. Step-by-Step Usage Instructions</h3></div></div></div><div class="para">
By following these instructions you are going to compress and encrypt your "Documents" directory. Your original "Documents" directory will remain unaltered. This technique can be applied to any directory or file you have access to on the filesystem.
</div><div class="itemizedlist"><ul><li><div class="para">
Open a Terminal:<code class="code">Click ''Applications'' -> ''System Tools'' -> ''Terminal''</code>
Index: sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8. 7-Zip Encrypted Archives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right
.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.8. 7-Zip Encrypted Archives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html" title="3.8.2. Step-by-Step Installation Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right
.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation-Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives">3.8. 7-Zip Encrypted Archives</h2></div></div></div><div class="para">
<a href="http://www.7-zip.org/">7-Zip</a> is a cross-platform, next generation, file compression tool that can also use strong encryption (AES-256) to protect the contents of the archive. This is extremely useful when you need to move data between multiple computers that use varying operating systems (i.e. Linux at home, Windows at work) and you want a portable encryption solution.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Installation">3.8.1. 7-Zip Installation in Fedora</h3></div></div></div><div class="para">
7-Zip is not a base package in Fedora, but it is available in the software repository. Once installed, the package will update alongside the rest of the software on the computer with no special attention necessary.
Index: sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.2. Full Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="next" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.2. Full Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="next" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html" title="3.3. File Based Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="chap-Security_Guide-Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Security_Guide-Encryption-Protecting_Data_at_Rest-File_Based_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Protecting_Data_at_Rest-Full_Disk_Encryption">3.2. Full Disk Encryption</h2></div></div></div><div class="para">
Full disk or partition encryption is one of the best ways of protecting your data. Not only is each file protected but also the temporary storage that may contain parts of these files is also protected. Full disk encryption will protect all of your files so you don't have to worry about selecting what you want to protect and possibly missing a file.
</div><div class="para">
Fedora 9 natively supports LUKS Encryption. LUKS will bulk encrypt your hard drive partitions so that while your computer is off your data is protected. This will also protect your computer from attackers attempting to use single-user-mode to login to your computer or otherwise gain access. LUKS can be manually setup on Fedora 8.
Index: sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html 21 Jan 2009 20:19:02 -0000 1.3
+++ sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html 27 Jan 2009 13:50:51 -0000 1.4
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.4. About Public Key Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/><link rel="next" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject
.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.4. About Public Key Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/><link rel="next" href="chap-Security_Guide-General_Principles_of_Information_Security.html" title="Chapter 4. General Principles of Information Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject
.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-General_Principles_of_Information_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption">3.9.4. About Public Key Encryption</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
<a href="http://en.wikipedia.org/wiki/Public-key_cryptography">Wikipedia - Public Key Cryptography</a>
</div></li><li><div class="para">
<a href="http://computer.howstuffworks.com/encryption.htm">HowStuffWorks - Encryption</a>
Index: sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html 21 Jan 2009 20:19:02 -0000 1.3
+++ sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html 27 Jan 2009 13:50:51 -0000 1.4
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.3. Creating GPG Keys Using the Command Line</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.3. Creating GPG Keys Using the Command Line</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html" title="3.9.4. About Public Key Encryption"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="
Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-About_Public_Key_Encryption.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE">3.9.3. Creating GPG Keys Using the Command Line</h3></div></div></div><div class="para">
Use the following shell command: <code class="code">gpg --gen-key</code>
</div><div class="para">
This command generates a key pair that consists of a public and a private key. Other people use your public key to authenticate and/or decrypt your communications. Distribute your public key as widely as possible, especially to people who you know will want to receive authentic communications from you, such as a mailing list. The Fedora Documentation Project, for example, asks participants to include a GPG public key in their self-introduction.
Index: sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html 21 Jan 2009 20:19:02 -0000 1.3
+++ sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html 27 Jan 2009 13:50:51 -0000 1.4
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.2. Creating GPG Keys in KDE</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9.2. Creating GPG Keys in KDE</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="prev" href="sect-Security_Guide-Encryption-Using_GPG.html" title="3.9. Using GNU Privacy Guard (GnuPG)"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html" title="3.9.3. Creating GPG Keys Using the Command Line"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-Using_GPG.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1">3.9.2. Creating GPG Keys in KDE</h3></div></div></div><div class="para">
Start the KGpg program from the main menu by selecting Applications > Utilities > Encryption Tool. If you have never used KGpg before, the program walks you through the process of creating your own GPG keypair. A dialog box appears prompting you to create a new key pair. Enter your name, email address, and an optional comment. You can also choose an expiration time for your key, as well as the key strength (number of bits) and algorithms. The next dialog box prompts you for your passphrase. At this point, your key appears in the main <code class="code">KGpg</code> window.
</div><div class="warning"><h2>Warning</h2><div class="para">
If you forget your passphrase, the key cannot be used and any data encrypted using that key will be lost.
Index: sect-Security_Guide-Encryption-Using_GPG.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Encryption-Using_GPG.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sect-Security_Guide-Encryption-Using_GPG.html 21 Jan 2009 20:19:02 -0000 1.3
+++ sect-Security_Guide-Encryption-Using_GPG.html 27 Jan 2009 13:50:51 -0000 1.4
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9. Using GNU Privacy Guard (GnuPG)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.9. Using GNU Privacy Guard (GnuPG)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html" title="3.8.4. Things of note"/><link rel="next" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html" title="3.9.2. Creating GPG Keys in KDE"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives-Things_of_note.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-Using_GPG-Creating_GPG_Keys_in_KDE1.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Encryption-Using_GPG">3.9. Using GNU Privacy Guard (GnuPG)</h2></div></div></div><div class="para">
GPG is used to identify yourself and authenticate your communications, including those with people you don't know. GPG allows anyone reading a GPG-signed email to verify its authenticity. In other words, GPG allows someone to be reasonably certain that communications signed by you actually are from you. GPG is useful because it helps prevent third parties from altering code or intercepting conversations and altering the message.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Encryption-Using_GPG-Keys_in_GNOME">3.9.1. Creating GPG Keys in GNOME</h3></div></div></div><div class="para">
Install the Seahorse utility, which makes GPG key management easier. From the main menu, select <code class="code">System > Administration > Add/Remove Software</code> and wait for PackageKit to start. Enter <code class="code">Seahorse</code> into the text box and select the Find. Select the checkbox next to the ''seahorse'' package and select ''Apply'' to add the software. You can also install <code class="code">Seahorse</code> at the command line with the command <code class="code">su -c "yum install seahorse"</code>.
Index: sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.5. Anticipating Your Future Needs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.2.3.5. Anticipating Your Future Needs</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.5. Anticipating Your Future Needs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html" title="1.3. Attackers and Vulnerabilities"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs">1.2.3.5. Anticipating Your Future Needs</h4></div></div></div><div class="para">
Depending upon your target and resources, there are many tools available. There are tools for wireless networks, Novell networks, Windows systems, Linux systems, and more. Another essential part of performing assessments may include reviewing physical security, personnel screening, or voice/PBX network assessment. New concepts, such as <em class="firstterm">war walking</em> scanning the perimeter of your enterprise's physical structures for wireless network vulnerabilities are some emerging concepts that you can investigate and, if needed, incorporate into your assessments. Imagination and exposure are the only limits of planning and conducting vulnerability assessments.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Prev</strong>1.2.3.4. VLAD the Scanner</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities.html"><strong>Next</strong>1.3. Attackers and Vulnerabilities</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Evaluating_the_Tools-Nessus.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Nessus.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Evaluating_the_Tools-Nessus.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Evaluating_the_Tools-Nessus.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.2. Nessus</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.2.3.2. Nessus</h4></div></div></div><a id="d0e882" class="indexterm"/><a id="d0e887" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.2. Nessus</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nessus">1.2.3.2. Nessus</h4></div></div></div><a id="d0e882" class="indexterm"/><a id="d0e887" class="indexterm"/><div class="para">
Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.
</div><div class="note"><h2>Note</h2><div class="para">
Nessus is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-Evaluating_the_Tools-Nikto.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-Nikto.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Evaluating_the_Tools-Nikto.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Evaluating_the_Tools-Nikto.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.3. Nikto</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.2.3.3. Nikto</h4></div></div></div><a id="d0e907" class="indexterm"/><a id="d0e912" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.3. Nikto</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html" title="1.2.3.4. VLAD the Scanner"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-Nikto">1.2.3.3. Nikto</h4></div></div></div><a id="d0e907" class="indexterm"/><a id="d0e912" class="indexterm"/><div class="para">
Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems. It comes with thorough documentation which should be carefully reviewed prior to running the program. If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.
</div><div class="note"><h2>Note</h2><div class="para">
Nikto is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.4. VLAD the Scanner</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.p
ng" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.2.3.4. VLAD the Scanner</h4></div></div></div><a id="d0e932" class="indexterm"/><a id="d0e937" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3.4. VLAD the Scanner</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/><link rel="prev" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html" title="1.2.3.3. Nikto"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html" title="1.2.3.5. Anticipating Your Future Needs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.p
ng" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Evaluating_the_Tools-Nikto.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Anticipating_Your_Future_Needs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Evaluating_the_Tools-VLAD_the_Scanner">1.2.3.4. VLAD the Scanner</h4></div></div></div><a id="d0e932" class="indexterm"/><a id="d0e937" class="indexterm"/><div class="para">
VLAD is a vulnerabilities scanner developed by the <acronym class="acronym">RAZOR</acronym> team at Bindview, Inc., which checks for the SANS Top Ten list of common security issues (SNMP issues, file sharing issues, etc.). While not as full-featured as Nessus, VLAD is worth investigating.
</div><div class="note"><h2>Note</h2><div class="para">
VLAD is not included with Fedora and is not supported. It has been included in this document as a reference to users who may be interested in using this popular application.
Index: sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.3. DMZs and IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/><link rel="next" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">2.8.5.3. DMZs and IPTables</h4></div></div></div><a id="d0e13658" class="indexterm"/><a id="d0e13664" class="indexterm"/><a id="d0e13669" class="indexterm"/><a id="d0e13672" class="indexterm"/><a id="d0e13680" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.3. DMZs and IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/><link rel="next" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables">2.8.5.3. DMZs and IPTables</h4></div></div></div><a id="d0e13658" class="indexterm"/><a id="d0e13664" class="indexterm"/><a id="d0e13669" class="indexterm"/><a id="d0e13672" class="indexterm"/><a id="d0e13680" class="indexterm"/><div class="para">
You can create <code class="command">iptables</code> rules to route traffic to certain machines, such as a dedicated HTTP or FTP server, in a <em class="firstterm">demilitarized zone</em> (<acronym class="acronym">DMZ</acronym>). A <acronym class="acronym">DMZ</acronym> is a special local subnetwork dedicated to providing services on a public carrier, such as the Internet.
</div><div class="para">
For example, to set a rule for routing incoming HTTP requests to a dedicated HTTP server at 10.0.4.2 (outside of the 192.168.1.0/24 range of the LAN), NAT uses the <code class="computeroutput">PREROUTING</code> table to forward the packets to the appropriate destination:
Index: sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.2. Prerouting</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">2.8.5.2. Prerouting</h4></div></div></div><a id="d0e13624" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5.2. Prerouting</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="prev" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Si
te"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting">2.8.5.2. Prerouting</h4></div></div></div><a id="d0e13624" class="indexterm"/><div class="para">
If you have a server on your internal network that you want make available externally, you can use the <code class="option">-j DNAT</code> target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded.
</div><div class="para">
For example, if you want to forward incoming HTTP requests to your dedicated Apache HTTP Server at 172.31.0.23, use the following command:
Index: sect-Security_Guide-Firewalls-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Additional_Resources.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-Additional_Resources.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-Additional_Resources.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previo
us"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">2.8.9. Additional Resources</h3></div></div></div><a id="d0e13897" class="indexterm"/><a id="d0e13902" class="indexterm"/><a id="d0e13907" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.9. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html" title="2.8.9.2. Useful Firewall Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previo
us"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Firewall_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Additional_Resources">2.8.9. Additional Resources</h3></div></div></div><a id="d0e13897" class="indexterm"/><a id="d0e13902" class="indexterm"/><a id="d0e13907" class="indexterm"/><div class="para">
There are several aspects to firewalls and the Linux Netfilter subsystem that could not be covered in this chapter. For more information, refer to the following resources.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Firewall_Documentation">2.8.9.1. Installed Firewall Documentation</h4></div></div></div><div class="itemizedlist"><ul><li><div class="para">
Refer to <a class="xref" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables">Section 2.9, “IPTables”</a> for more detailed information on the <code class="command">iptables</code> command, including definitions for many command options.
Index: sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2. Basic Firewall Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p>
<ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.8.2. Basic Firewall Configuration</h3></div></div></div><a id="d0e12900" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.2. Basic Firewall Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="next" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html" title="2.8.2.2. Enabling and Disabling the Firewall"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p>
<ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Basic_Firewall_Configuration-Enabling_and_Disabling_the_Firewall.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration">2.8.2. Basic Firewall Configuration</h3></div></div></div><a id="d0e12900" class="indexterm"/><div class="para">
Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent malicious software from spreading to your computer. It also helps to prevent unauthorized users from accessing your computer.
</div><div class="para">
In a default Fedora installation, a firewall exists between your computer or network and any untrusted networks, for example the Internet. It determines which services on your computer remote users can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any Fedora system with an Internet connection.
@@ -11,8 +11,8 @@
After installation, you can change this preference by using the <span class="application"><strong>Firewall Configuration Tool</strong></span>.
</div><div class="para">
To start this application, use the following command:
- </div><pre class="screen">[root@myServer ~] # system-config-securitylevel
-</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/rh-securitylevel.png" alt="Firewall Configuration Tool"/><div class="longdesc"><div class="para">
+ </div><pre class="screen">[root@myServer ~] # system-config-firewall
+</pre><div class="figure" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL"><div class="figure-contents"><div class="mediaobject"><img src="images/fed-firewallconfig.png" alt="Firewall Configuration Tool"/><div class="longdesc"><div class="para">
Security Level Configuration
</div></div></div></div><h6>Figure 2.15. <span class="application">Firewall Configuration Tool</span></h6></div><br class="figure-break"/><div class="note"><h2>Note</h2><div class="para">
The <span class="application"><strong>Firewall Configuration Tool</strong></span> only configures a basic firewall. If the system needs more complex rules, refer to <a class="xref" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables">Section 2.9, “IPTables”</a> for details on configuring specific <code class="command">iptables</code> rules.
Index: sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.4. Common IPTables Filtering</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/><link rel="next" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentat
ion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.8.4. Common IPTables Filtering</h3></div></div></div><a id="d0e13397" class="indexterm"/><a id="d0e13405" class="indexterm"/><a id="d0e13413" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.4. Common IPTables Filtering</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/><link rel="next" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html" title="2.8.5. FORWARD and NAT Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentat
ion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Common_IPTables_Filtering">2.8.4. Common IPTables Filtering</h3></div></div></div><a id="d0e13397" class="indexterm"/><a id="d0e13405" class="indexterm"/><a id="d0e13413" class="indexterm"/><div class="para">
Preventing remote attackers from accessing a LAN is one of the most important aspects of network security. The integrity of a LAN should be protected from malicious remote users through the use of stringent firewall rules.
</div><div class="para">
However, with a default policy set to block all incoming, outgoing, and forwarded packets, it is impossible for the firewall/gateway and internal LAN users to communicate with each other or with external resources.
Index: sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5. FORWARD and NAT Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><
li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</h3></div></div></div><a id="d0e13489" class="indexterm"/><a id="d0e13494" class="indexterm"/><a id="d0e13497" class="indexterm"/><a id="d0e13504" class="indexterm"/><a id="d0e13512" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.5. FORWARD and NAT Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/><link rel="next" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html" title="2.8.5.2. Prerouting"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><
li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-FORWARD_and_NAT_Rules-Prerouting.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules">2.8.5. <code class="computeroutput">FORWARD</code> and <acronym class="acronym">NAT</acronym> Rules</h3></div></div></div><a id="d0e13489" class="indexterm"/><a id="d0e13494" class="indexterm"/><a id="d0e13497" class="indexterm"/><a id="d0e13504" class="indexterm"/><a id="d0e13512" class="indexterm"/><div class="para">
Most ISPs provide only a limited number of publicly routable IP addresses to the organizations they serve.
</div><div class="para">
Administrators must, therefore, find alternative ways to share access to Internet services without giving public IP addresses to every node on the LAN. Using private IP addresses is the most common way of allowing all nodes on a LAN to properly access internal and external network services.
Index: sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.7. IPTables and Connection Tracking</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/><link rel="next" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.8.7. IPTables and Connection Tracking</h3></div></div></div><a id="d0e13781" class="indexterm"/><a id="d0e13786" class="indexterm"/><a id="d0e13791" class="indexterm"/><a id="d0e13797" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.7. IPTables and Connection Tracking</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html" title="2.8.6. Malicious Software and Spoofed IP Addresses"/><link rel="next" href="sect-Security_Guide-Firewalls-IPv6.html" title="2.8.8. IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking">2.8.7. IPTables and Connection Tracking</h3></div></div></div><a id="d0e13781" class="indexterm"/><a id="d0e13786" class="indexterm"/><a id="d0e13791" class="indexterm"/><a id="d0e13797" class="indexterm"/><div class="para">
You can inspect and restrict connections to services based on their <em class="firstterm">connection state.</em> A module within <code class="command">iptables</code> uses a method called <em class="firstterm">connection tracking</em> to store information about incoming connections. You can allow or deny access based on the following connection states:
</div><a id="d0e13814" class="indexterm"/><a id="d0e13822" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
<code class="option">NEW</code> — A packet requesting a new connection, such as an HTTP request.
Index: sect-Security_Guide-Firewalls-IPv6.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-IPv6.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-IPv6.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-IPv6.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.8. IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/><link rel="next" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">2.8.8. IPv6</h3></div></div></div><a id="d0e13865" class="indexterm"/><a id="d0e13869" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.8. IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/><link rel="next" href="sect-Security_Guide-Firewalls-Additional_Resources.html" title="2.8.9. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav
"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-IPv6">2.8.8. IPv6</h3></div></div></div><a id="d0e13865" class="indexterm"/><a id="d0e13869" class="indexterm"/><div class="para">
The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses, and carrier networks that are IPv6 aware are therefore able to address a larger number of routable addresses than IPv4.
</div><div class="para">
Fedora supports IPv6 firewall rules using the Netfilter 6 subsystem and the <code class="command">ip6tables</code> command. In Fedora 5, both IPv4 and IPv6 services are enabled by default.
Index: sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.6. Malicious Software and Spoofed IP Addresses</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/><link rel="next" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.8.6. Malicious Software and Spoofed IP Addresses</h3></div></div></div><a id="d0e13716" class="indexterm"/><a id="d0e13721" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.6. Malicious Software and Spoofed IP Addresses</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html" title="2.8.5.3. DMZs and IPTables"/><link rel="next" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html" title="2.8.7. IPTables and Connection Tracking"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-FORWARD_and_NAT_Rules-DMZs_and_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-IPTables_and_Connection_Tracking.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Malicious_Software_and_Spoofed_IP_Addresses">2.8.6. Malicious Software and Spoofed IP Addresses</h3></div></div></div><a id="d0e13716" class="indexterm"/><a id="d0e13721" class="indexterm"/><div class="para">
More elaborate rules can be created that control access to specific subnets, or even specific nodes, within a LAN. You can also restrict certain dubious applications or programs such as trojans, worms, and other client/server viruses from contacting their server.
</div><div class="para">
For example, some trojans scan networks for services on ports from 31337 to 31340 (called the <span class="emphasis"><em>elite</em></span> ports in cracking terminology).
Index: sect-Security_Guide-Firewalls-Using_IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls-Using_IPTables.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls-Using_IPTables.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls-Using_IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3. Using IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">2.8.3. Using IPTables</h3></div></div></div><a id="d0e13220" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3. Using IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/><link rel="prev" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html" title="2.8.2.6. Activating the IPTables Service"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Basic_Firewall_Configuration-Activating_the_IPTables_Service.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Firewalls-Using_IPTables">2.8.3. Using IPTables</h3></div></div></div><a id="d0e13220" class="indexterm"/><div class="para">
The first step in using <code class="command">iptables</code> is to start the <code class="command">iptables</code> service. Use the following command to start the <code class="command">iptables</code> service:
</div><pre class="screen">[root@myServer ~] # service iptables start
</pre><div class="note"><h2>Note</h2><div class="para">
Index: sect-Security_Guide-Firewalls.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Firewalls.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Firewalls.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Firewalls.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8. Firewalls</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Firewalls">2.8. Firewalls</h2></div></div></div><a id="d0e12706" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8. Firewalls</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Firewalls">2.8. Firewalls</h2></div></div></div><a id="d0e12706" class="indexterm"/><div class="para">
Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. Fedora includes several tools to assist administrators and security engineers with network-level access control issues.
</div><div class="para">
Firewalls are one of the core components of a network security implementation. Several vendors market firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding vital enterprise information. Firewalls can be stand-alone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint, McAfee, and Symantec have also developed proprietary software firewall solutions for home and business markets.
Index: sect-Security_Guide-IPTables-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Additional_Resources.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables-Additional_Resources.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables-Additional_Resources.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">2.9.7. Additional Resources</h3></div></div></div><a id="d0e16266" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.7. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html" title="2.9.7.2. Useful IP Tables Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="
docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_IP_Tables_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Additional_Resources">2.9.7. Additional Resources</h3></div></div></div><a id="d0e16266" class="indexterm"/><div class="para">
Refer to the following sources for additional information on packet filtering with <code class="command">iptables</code>.
</div><div class="itemizedlist"><ul><li><div class="para">
<a class="xref" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls">Section 2.8, “Firewalls”</a> — Contains a chapter about the role of firewalls within an overall security strategy as well as strategies for constructing firewall rules.
Index: sect-Security_Guide-IPTables-Command_Options_for_IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Command_Options_for_IPTables.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables-Command_Options_for_IPTables.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables-Command_Options_for_IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3. Command Options for IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" a
lt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.9.3. Command Options for IPTables</h3></div></div></div><a id="d0e14384" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3. Command Options for IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html" title="2.9.3.2. Command Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" a
lt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Command_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Command_Options_for_IPTables">2.9.3. Command Options for IPTables</h3></div></div></div><a id="d0e14384" class="indexterm"/><div class="para">
Rules for filtering packets are created using the <code class="command">iptables</code> command. The following aspects of the packet are most often used as criteria:
</div><div class="itemizedlist"><ul><li><div class="para">
<span class="emphasis"><em>Packet Type</em></span> — Specifies the type of packets the command filters.
Index: sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.2. Differences Between IPTables and IPChains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="next" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li clas
s="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains">2.9.2. Differences Between IPTables and IPChains</h3></div></div></div><a id="d0e14285" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.2. Differences Between IPTables and IPChains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="next" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html" title="2.9.3. Command Options for IPTables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li clas
s="previous"><a accesskey="p" href="sect-Security_Guide-IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Command_Options_for_IPTables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains">2.9.2. Differences Between IPTables and IPChains</h3></div></div></div><a id="d0e14285" class="indexterm"/><div class="para">
Both <code class="command">ipchains</code> and <code class="command">iptables</code> use chains of rules that operate within the Linux kernel to filter packets based on matches with specified rules or rule sets. However, <code class="command">iptables</code> offers a more extensible way of filtering packets, giving the administrator greater control without building undue complexity into the system.
</div><div class="para">
You should be aware of the following significant differences between <code class="command">ipchains</code> and <code class="command">iptables</code>:
Index: sect-Security_Guide-IPTables-IPTables_Control_Scripts.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-IPTables_Control_Scripts.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables-IPTables_Control_Scripts.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables-IPTables_Control_Scripts.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.5. IPTables Control Scripts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.9.5. IPTables Control Scripts</h3></div></div></div><a id="d0e15778" class="indexterm"/><a id="d0e15786" class="indexterm"/><a id="d0e15794" class="indexterm"/><a id="d0e15802" class="indexterm"/><a id="d0e15810" class="indexterm"/><a id="d0e15818" class="indexterm"/><a id="d0e15826" class="indexterm"/><a id="d0e15834" class="indexterm"/><a id="d0e15842" class="indexterm"/><a id="d0e15850" class="indexterm"/><a id="d0e15858" class="indexterm"/><a id="d0e15866" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.5. IPTables Control Scripts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html" title="2.9.4. Saving IPTables Rules"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html" title="2.9.6. IPTables and IPv6"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="sect-Security_Guide-IPTables-Saving_IPTables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_and_IPv6.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_Control_Scripts">2.9.5. IPTables Control Scripts</h3></div></div></div><a id="d0e15778" class="indexterm"/><a id="d0e15786" class="indexterm"/><a id="d0e15794" class="indexterm"/><a id="d0e15802" class="indexterm"/><a id="d0e15810" class="indexterm"/><a id="d0e15818" class="indexterm"/><a id="d0e15826" class="indexterm"/><a id="d0e15834" class="indexterm"/><a id="d0e15842" class="indexterm"/><a id="d0e15850" class="indexterm"/><a id="d0e15858" class="indexterm"/><a id="d0e15866" class="indexterm"/><div class="para">
There are two basic methods for controlling <code class="command">iptables</code> in Fedora:
</div><div class="itemizedlist"><ul><li><div class="para">
<span class="application"><strong>Firewall Configuration Tool</strong></span> (<code class="command">system-config-securitylevel</code>) — A graphical interface for creating, activating, and saving basic firewall rules. Refer to <a class="xref" href="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration.html" title="2.8.2. Basic Firewall Configuration">Section 2.8.2, “Basic Firewall Configuration”</a> for more information.
Index: sect-Security_Guide-IPTables-IPTables_and_IPv6.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-IPTables_and_IPv6.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables-IPTables_and_IPv6.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables-IPTables_and_IPv6.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.6. IPTables and IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/><link rel="next" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">2.9.6. IPTables and IPv6</h3></div></div></div><a id="d0e16202" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.6. IPTables and IPv6</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/><link rel="next" href="sect-Security_Guide-IPTables-Additional_Resources.html" title="2.9.7. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li c
lass="previous"><a accesskey="p" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-IPTables_and_IPv6">2.9.6. IPTables and IPv6</h3></div></div></div><a id="d0e16202" class="indexterm"/><div class="para">
If the <code class="filename">iptables-ipv6</code> package is installed, netfilter in Fedora can filter the next-generation IPv6 Internet protocol. The command used to manipulate the IPv6 netfilter is <code class="command">ip6tables</code>.
</div><div class="para">
Most directives for this command are identical to those used for <code class="command">iptables</code>, except the <code class="command">nat</code> table is not yet supported. This means that it is not yet possible to perform IPv6 network address translation tasks, such as masquerading and port forwarding.
Index: sect-Security_Guide-IPTables-Saving_IPTables_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables-Saving_IPTables_Rules.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables-Saving_IPTables_Rules.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables-Saving_IPTables_Rules.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.4. Saving IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.9.4. Saving IPTables Rules</h3></div></div></div><a id="d0e15613" class="indexterm"/><a id="d0e15619" class="indexterm"/><a id="d0e15627" class="indexterm"/><a id="d0e15634" class="indexterm"/><a id="d0e15641" class="indexterm"/><a id="d0e15649" class="indexterm"/><a id="d0e15658" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.4. Saving IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-IPTables.html" title="2.9. IPTables"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html" title="2.9.3.6. Listing Options"/><link rel="next" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html" title="2.9.5. IPTables Control Scripts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-Listing_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-IPTables_Control_Scripts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-IPTables-Saving_IPTables_Rules">2.9.4. Saving IPTables Rules</h3></div></div></div><a id="d0e15613" class="indexterm"/><a id="d0e15619" class="indexterm"/><a id="d0e15627" class="indexterm"/><a id="d0e15634" class="indexterm"/><a id="d0e15641" class="indexterm"/><a id="d0e15649" class="indexterm"/><a id="d0e15658" class="indexterm"/><div class="para">
Rules created with the <code class="command">iptables</code> command are stored in memory. If the system is restarted before saving the <code class="command">iptables</code> rule set, all rules are lost. For netfilter rules to persist through a system reboot, they need to be saved. To save netfilter rules, type the following command as root:
</div><pre class="screen"><code class="command"> /sbin/service iptables save </code>
</pre><div class="para">
Index: sect-Security_Guide-IPTables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9. IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/><link rel="next" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
ge_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-IPTables">2.9. IPTables</h2></div></div></div><a id="d0e13986" class="indexterm"/><a id="d0e13992" class="indexterm"/><a id="d0e13998" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9. IPTables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html" title="2.8.9.3. Related Documentation"/><link rel="next" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html" title="2.9.2. Differences Between IPTables and IPChains"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
ge_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Documentation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables-Differences_Between_IPTables_and_IPChains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-IPTables">2.9. IPTables</h2></div></div></div><a id="d0e13986" class="indexterm"/><a id="d0e13992" class="indexterm"/><a id="d0e13998" class="indexterm"/><div class="para">
Included with Fedora are advanced tools for network <em class="firstterm">packet filtering</em> — the process of controlling network packets as they enter, move through, and exit the network stack within the kernel. Kernel versions prior to 2.4 relied on <code class="command">ipchains</code> for packet filtering and used lists of rules applied to packets at each step of the filtering process. The 2.4 kernel introduced <code class="command">iptables</code> (also called <em class="firstterm">netfilter</em>), which is similar to <code class="command">ipchains</code> but greatly expands the scope and control available for filtering network packets.
</div><div class="para">
This chapter focuses on packet filtering basics, defines the differences between <code class="command">ipchains</code> and <code class="command">iptables</code>, explains various options available with <code class="command">iptables</code> commands, and explains how filtering rules can be preserved between system reboots.
Index: sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.4. Additional Match Option Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conte
nt/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">2.9.3.4.4. Additional Match Option Modules</h5></div></div></div><a id="d0e15221" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.4. Additional Match Option Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/><link rel="next" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html" title="2.9.3.5. Target Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conte
nt/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Command_Options_for_IPTables-Target_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules">2.9.3.4.4. Additional Match Option Modules</h5></div></div></div><a id="d0e15221" class="indexterm"/><div class="para">
Additional match options are available through modules loaded by the <code class="command">iptables</code> command.
</div><div class="para">
To use a match option module, load the module by name using the <code class="option">-m <em class="replaceable"><code><module-name></code></em></code>, where <em class="replaceable"><code><module-name></code></em> is the name of the module.
Index: sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.3. ICMP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">2.9.3.4.3. ICMP Protocol</h5></div></div></div><a id="d0e15195" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.3. ICMP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html" title="2.9.3.4.2. UDP Protocol"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html" title="2.9.3.4.4. Additional Match Option Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-Additional_Match_Option_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol">2.9.3.4.3. ICMP Protocol</h5></div></div></div><a id="d0e15195" class="indexterm"/><div class="para">
The following match options are available for the Internet Control Message Protocol (ICMP) (<code class="option">-p icmp</code>):
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">--icmp-type</code> — Sets the name or number of the ICMP type to match with the rule. A list of valid ICMP names can be retrieved by typing the <code class="command">iptables -p icmp -h</code> command.
Index: sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPTables_Match_Options-UDP_Protocol.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.2. UDP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">2.9.3.4.2. UDP Protocol</h5></div></div></div><a id="d0e15143" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.9.3.4.2. UDP Protocol</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="prev" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html" title="2.9.3.4. IPTables Match Options"/><link rel="next" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html" title="2.9.3.4.3. ICMP Protocol"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/
images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Command_Options_for_IPTables-IPTables_Match_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPTables_Match_Options-ICMP_Protocol.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-IPTables_Match_Options-UDP_Protocol">2.9.3.4.2. UDP Protocol</h5></div></div></div><a id="d0e15143" class="indexterm"/><div class="para">
These match options are available for the UDP protocol (<code class="option">-p udp</code>):
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="option">--dport</code> — Specifies the destination port of the UDP packet, using the service name, port number, or range of port numbers. The <code class="option">--destination-port</code> match option is synonymous with <code class="option">--dport</code>.
Index: sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6.2. Manual IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/ima
ge_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">2.7.6.2. Manual <abbr class="abbrev">IPsec</abbr> Host-to-Host Configuration</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6.2. Manual IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/ima
ge_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration">2.7.6.2. Manual <abbr class="abbrev">IPsec</abbr> Host-to-Host Configuration</h4></div></div></div><div class="para">
The first step in creating a connection is to gather system and network information from each workstation. For a host-to-host connection, you need the following:
</div><div class="itemizedlist"><ul><li><div class="para">
The IP address of each host
Index: sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7.2. Manual IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"
><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">2.7.7.2. Manual <abbr class="abbrev">IPsec</abbr> Network-to-Network Configuration</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7.2. Manual IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html" title="2.7.7. IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html" title="2.7.8. Starting and Stopping an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"
><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration">2.7.7.2. Manual <abbr class="abbrev">IPsec</abbr> Network-to-Network Configuration</h4></div></div></div><div class="para">
Suppose <acronym class="acronym">LAN</acronym> A (lana.example.com) and <acronym class="acronym">LAN</acronym> B (lanb.example.com) want to connect to each other through an <abbr class="abbrev">IPsec</abbr> tunnel. The network address for <acronym class="acronym">LAN</acronym> A is in the 192.168.1.0/24 range, while <acronym class="acronym">LAN</acronym> B uses the 192.168.2.0/24 range. The gateway IP address is 192.168.1.254 for <acronym class="acronym">LAN</acronym> A and 192.168.2.254 for <acronym class="acronym">LAN</acronym> B. The <abbr class="abbrev">IPsec</abbr> routers are separate from each <acronym class="acronym">LAN</acronym> gateway and use two network devices: eth0 is assigned to an externally-accessible static IP address which accesses the Internet, while eth1 acts as a routing point to process and transmit <acronym class="acronym">LAN</acronym> packets from one network node to the remote network nodes.
</div><div class="para">
The <abbr class="abbrev">IPsec</abbr> connection between each network uses a pre-shared key with the value of <code class="computeroutput">r3dh4tl1nux</code>, and the administrators of A and B agree to let <code class="command">racoon</code> automatically generate and share an authentication key between each <abbr class="abbrev">IPsec</abbr> router. The administrator of <acronym class="acronym">LAN</acronym> A decides to name the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec0</code>, while the administrator of <acronym class="acronym">LAN</acronym> B names the <abbr class="abbrev">IPsec</abbr> connection <code class="computeroutput">ipsec1</code>.
Index: sect-Security_Guide-Kerberos-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Additional_Resources.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Additional_Resources.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Additional_Resources.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">2.6.10. Additional Resources</h3></div></div></div><a id="d0e10755" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.10. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="
Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Additional_Resources">2.6.10. Additional Resources</h3></div></div></div><a id="d0e10755" class="indexterm"/><div class="para">
For more information about Kerberos, refer to the following resources.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_Kerberos_Documentation">2.6.10.1. Installed Kerberos Documentation</h4></div></div></div><a id="d0e10765" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
The <em class="citetitle">Kerberos V5 Installation Guide</em> and the <em class="citetitle">Kerberos V5 System Administrator's Guide</em> in PostScript and HTML formats. These can be found in the <code class="filename">/usr/share/doc/krb5-server-<em class="replaceable"><code><version-number></code></em>/</code> directory (where <em class="replaceable"><code><version-number></code></em> is the version number of the <code class="command">krb5-server</code> package installed on your system).
Index: sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.6. Configuring a Kerberos 5 Client</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/><link rel="next" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.6.6. Configuring a Kerberos 5 Client</h3></div></div></div><a id="d0e9821" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.6. Configuring a Kerberos 5 Client</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/><link rel="next" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client">2.6.6. Configuring a Kerberos 5 Client</h3></div></div></div><a id="d0e9821" class="indexterm"/><div class="para">
Setting up a Kerberos 5 client is less involved than setting up a server. At a minimum, install the client packages and provide each client with a valid <code class="filename">krb5.conf</code> configuration file. While <code class="command">ssh</code> and <code class="command">slogin</code> are the preferred method of remotely logging in to client systems, Kerberized versions of <code class="command">rsh</code> and <code class="command">rlogin</code> are still available, though deploying them requires that a few more configuration changes be made.
</div><div class="procedure"><ol class="1"><li><div class="para">
Be sure that time synchronization is in place between the Kerberos client and the KDC. Refer to <a class="xref" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server">Section 2.6.5, “Configuring a Kerberos 5 Server”</a> for more information. In addition, verify that DNS is working properly on the Kerberos client before configuring the Kerberos client programs.
Index: sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html 27 Jan 2009 13:50:51 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.5. Configuring a Kerberos 5 Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.6.5. Configuring a Kerberos 5 Server</h3></div></div></div><a id="d0e9611" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.5. Configuring a Kerberos 5 Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server">2.6.5. Configuring a Kerberos 5 Server</h3></div></div></div><a id="d0e9611" class="indexterm"/><div class="para">
When setting up Kerberos, install the KDC first. If it is necessary to set up slave servers, install the master first.
</div><div class="para">
To configure the first Kerberos KDC, follow these steps:
Index: sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.7. Domain-to-Realm Mapping</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.6.7. Domain-to-Realm Mapping</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.7. Domain-to-Realm Mapping</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html" title="2.6.6. Configuring a Kerberos 5 Client"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Client.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping">2.6.7. Domain-to-Realm Mapping</h3></div></div></div><div class="para">
When a client attempts to access a service running on a particular server, it knows the name of the service (<span class="emphasis"><em>host</em></span>) and the name of the server (<span class="emphasis"><em>foo.example.com</em></span>), but because more than one realm may be deployed on your network, it must guess at the name of the realm in which the service resides.
</div><div class="para">
By default, the name of the realm is taken to be the DNS domain name of the server, upper-cased.
Index: sect-Security_Guide-Kerberos-How_Kerberos_Works.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-How_Kerberos_Works.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-How_Kerberos_Works.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-How_Kerberos_Works.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.3. How Kerberos Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">2.6.3. How Kerberos Works</h3></div></div></div><a id="d0e9472" class="indexterm"/><a id="d0e9477" class="indexterm"/><a id="d0e9482" class="indexterm"/><a id="d0e9487" class="indexterm"/><a id="d0e9492" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.3. How Kerberos Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html" title="2.6.4. Kerberos and PAM"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_and_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-How_Kerberos_Works">2.6.3. How Kerberos Works</h3></div></div></div><a id="d0e9472" class="indexterm"/><a id="d0e9477" class="indexterm"/><a id="d0e9482" class="indexterm"/><a id="d0e9487" class="indexterm"/><a id="d0e9492" class="indexterm"/><div class="para">
Kerberos differs from username/password authentication methods. Instead of authenticating each user to each network service, Kerberos uses symmetric encryption and a trusted third party (a KDC), to authenticate users to a suite of network services. When a user authenticates to the KDC, the KDC sends a ticket specific to that session back to the user's machine, and any Kerberos-aware services look for the ticket on the user's machine rather than requiring the user to authenticate using a password.
</div><div class="para">
When a user on a Kerberos-aware network logs in to their workstation, their principal is sent to the KDC as part of a request for a TGT from the Authentication Server. This request can be sent by the log-in program so that it is transparent to the user, or can be sent by the <code class="command">kinit</code> program after the user logs in.
Index: sect-Security_Guide-Kerberos-Kerberos_Terminology.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Kerberos_Terminology.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Kerberos_Terminology.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Kerberos_Terminology.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.2. Kerberos Terminology</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="next" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-
Security_Guide-Kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">2.6.2. Kerberos Terminology</h3></div></div></div><a id="d0e9305" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.2. Kerberos Terminology</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="next" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-
Security_Guide-Kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_Terminology">2.6.2. Kerberos Terminology</h3></div></div></div><a id="d0e9305" class="indexterm"/><div class="para">
Kerberos has its own terminology to define various aspects of the service. Before learning how Kerberos works, it is important to learn the following terms.
</div><div class="variablelist"><dl><dt><span class="term">authentication server (AS)</span></dt><dd><div class="para">
A server that issues tickets for a desired service which are in turn given to users for access to the service. The AS responds to requests from clients who do not have or do not send credentials with a request. It is usually used to gain access to the ticket-granting server (TGS) service by issuing a ticket-granting ticket (TGT). The AS usually runs on the same host as the key distribution center (KDC).
Index: sect-Security_Guide-Kerberos-Kerberos_and_PAM.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Kerberos_and_PAM.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Kerberos_and_PAM.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Kerberos_and_PAM.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.4. Kerberos and PAM</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.6.4. Kerberos and PAM</h3></div></div></div><a id="d0e9576" class="indexterm"/><a id="d0e9581" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.4. Kerberos and PAM</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html" title="2.6.3. How Kerberos Works"/><link rel="next" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html" title="2.6.5. Configuring a Kerberos 5 Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docn
av"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-How_Kerberos_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Configuring_a_Kerberos_5_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Kerberos_and_PAM">2.6.4. Kerberos and PAM</h3></div></div></div><a id="d0e9576" class="indexterm"/><a id="d0e9581" class="indexterm"/><div class="para">
Kerberos-aware services do not currently make use of Pluggable Authentication Modules (PAM) — these services bypass PAM completely. However, applications that use PAM can make use of Kerberos for authentication if the <code class="filename">pam_krb5</code> module (provided in the <code class="filename">pam_krb5</code> package) is installed. The <code class="filename">pam_krb5</code> package contains sample configuration files that allow services such as <code class="command">login</code> and <code class="command">gdm</code> to authenticate users as well as obtain initial credentials using their passwords. If access to network servers is always performed using Kerberos-aware services or services that use GSS-API, such as IMAP, the network can be considered reasonably safe.
</div><div class="important"><h2>Important</h2><div class="para">
Administrators should be careful not to allow users to authenticate to most network services using Kerberos passwords. Many protocols used by these services do not encrypt the password before sending it over the network, destroying the benefits of the Kerberos system. For example, users should not be allowed to authenticate to Telnet services with the same password they use for Kerberos authentication.
Index: sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.9. Setting Up Cross Realm Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/><link rel="next" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.6.9. Setting Up Cross Realm Authentication</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.9. Setting Up Cross Realm Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html" title="2.6.8. Setting Up Secondary KDCs"/><link rel="next" href="sect-Security_Guide-Kerberos-Additional_Resources.html" title="2.6.10. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><
ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication">2.6.9. Setting Up Cross Realm Authentication</h3></div></div></div><div class="para">
<span class="emphasis"><em>Cross-realm authentication</em></span> is the term which is used to describe situations in which clients (typically users) of one realm use Kerberos to authenticate to services (typically server processes running on a particular server system) which belong to a realm other than their own.
</div><div class="para">
For the simplest case, in order for a client of a realm named <code class="literal">A.EXAMPLE.COM</code> to access a service in the <code class="literal">B.EXAMPLE.COM</code> realm, both realms must share a key for a principal named <code class="literal">krbtgt/B.EXAMPLE.COM(a)A.EXAMPLE.COM</code>, and both keys must have the same key version number associated with them.
Index: sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.8. Setting Up Secondary KDCs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.6.8. Setting Up Secondary KDCs</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6.8. Setting Up Secondary KDCs</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos"/><link rel="prev" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html" title="2.6.7. Domain-to-Realm Mapping"/><link rel="next" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html" title="2.6.9. Setting Up Cross Realm Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation
Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Kerberos-Domain_to_Realm_Mapping.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Setting_Up_Cross_Realm_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Kerberos-Setting_Up_Secondary_KDCs">2.6.8. Setting Up Secondary KDCs</h3></div></div></div><div class="para">
For a number of reasons, you may choose to run multiple KDCs for a given realm. In this scenario, one KDC (the <span class="emphasis"><em>master KDC</em></span>) keeps a writable copy of the realm database and runs <code class="command">kadmind</code> (it is also your realm's <span class="emphasis"><em>admin server</em></span>), and one or more KDCs (<span class="emphasis"><em>slave KDCs</em></span>) keep read-only copies of the database and run <code class="command">kpropd</code>.
</div><div class="para">
The master-slave propagation procedure entails the master KDC dumping its database to a temporary dump file and then transmitting that file to each of its slaves, which then overwrite their previously-received read-only copies of the database with the contents of the dump file.
Index: sect-Security_Guide-Kerberos.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Kerberos.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Kerberos.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Kerberos.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6. Kerberos</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Kerberos">2.6. Kerberos</h2></div></div></div><a id="d0e9209" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.6. Kerberos</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Related_Books.html" title="2.5.5.3. Related Books"/><link rel="next" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html" title="2.6.2. Kerberos Terminology"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Related_Books.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Kerberos-Kerberos_Terminology.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Kerberos">2.6. Kerberos</h2></div></div></div><a id="d0e9209" class="indexterm"/><div class="para">
System security and integrity within a network can be unwieldy. It can occupy the time of several administrators just to keep track of what services are being run on a network and the manner in which these services are used.
</div><div class="para">
Further, authenticating users to network services can prove dangerous when the method used by the protocol is inherently insecure, as evidenced by the transfer of unencrypted passwords over a network using the traditional FTP and Telnet protocols.
Index: sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.5. Links of Interest</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links of Interest</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.5. Links of Interest</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/><link rel="next" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html" title="3.8. 7-Zip Encrypted Archives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Encryption-7_Zip_Encrypted_Archives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest">3.7.5. Links of Interest</h3></div></div></div><div class="para">
For additional information on LUKS or encrypting hard drives under Fedora please visit one of the following links:
</div><div class="itemizedlist"><ul><li><div class="para">
<a href="http://luks.endorphin.org/">LUKS - Linux Unified Key Setup</a>
Index: sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.3. Step-by-Step Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.3. Step-by-Step Instructions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html" title="3.7.4. What you have just accomplished."/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions">3.7.3. Step-by-Step Instructions</h3></div></div></div><div class="orderedlist"><ol><li><div class="para">
enter runlevel 1: <code class="code">telinit 1</code>
</div></li><li><div class="para">
unmount your existing /home: <code class="code"> umount /home</code>
Index: sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.4. What you have just accomplished.</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What you have just accomplished.</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.4. What you have just accomplished.</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html" title="3.7.5. Links of Interest"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-What_you_have_just_accomplished">3.7.4. What you have just accomplished.</h3></div></div></div><div class="para">
Congratulations, you now have an encrypted partition for all of your data to safely rest while the computer is off.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Prev</strong>3.7.3. Step-by-Step Instructions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Links_of_Interest.html"><strong>Next</strong>3.7.5. Links of Interest</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.2. Manually Encrypting Directories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/im
age_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</h3></div></div></div><div class="warning"><h2>Warning</h2><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7.2. Manually Encrypting Directories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="prev" href="sect-Security_Guide-LUKS_Disk_Encryption.html" title="3.7. LUKS Disk Encryption"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html" title="3.7.3. Step-by-Step Instructions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/im
age_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-LUKS_Disk_Encryption.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories-Step_by_Step_Instructions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories">3.7.2. Manually Encrypting Directories</h3></div></div></div><div class="warning"><h2>Warning</h2><div class="para">
Following this procedure will remove all data on the partition that you are encrypting. You WILL lose all your information! Make sure you backup your data to an external source before beginning this procedure!
</div></div><div class="para">
If you are running a version of Fedora prior to Fedora 9 and want to encrypt a partition, or you want to encrypt a partition after the installation of the current version of Fedora, the following directions are for you. The below example demonstrates encrypting your /home partition but any partition can be used.
Index: sect-Security_Guide-LUKS_Disk_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-LUKS_Disk_Encryption.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-LUKS_Disk_Encryption.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-LUKS_Disk_Encryption.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7. LUKS Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/>
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.7. LUKS Disk Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Encryption.html" title="Chapter 3. Encryption"/><link rel="prev" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html" title="3.6. Secure Shell"/><link rel="next" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html" title="3.7.2. Manually Encrypting Directories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/>
</a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Security_Guide-Encryption-Data_in_Motion-Secure_Shell.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-LUKS_Disk_Encryption-Manually_Encrypting_Directories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption">3.7. LUKS Disk Encryption</h2></div></div></div><div class="para">
Linux Unified Key Setup-on-disk-format (or LUKS) allows you to encrypt partitions on your Linux computer. This is particularly important when it comes to mobile computers and removable media. LUKS allows multiple user keys to decrypt a master key which is used for the bulk encryption of the partition.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-LUKS_Disk_Encryption-LUKS_Implementation_in_Fedora">3.7.1. LUKS Implementation in Fedora</h3></div></div></div><div class="para">
Fedora 9, and later, utilizes LUKS to perform file system encryption. By default, the option to encrypt the file system is unchecked during the installation. If you select the option to encrypt you hard drive, you will be prompted for a passphrase that will be asked every time you boot the computer. This passphrase "unlocks" the bulk encryption key that is used to decrypt your partition. If you choose to modify the default partition table you can choose which partitions you want to encrypt. This is set in the partition table settings
Index: sect-Security_Guide-Option_Fields-Access_Control.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Access_Control.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Option_Fields-Access_Control.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Option_Fields-Access_Control.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.2. Access Control</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="next" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">2.5.2.2.2. Access Control</h5></div></div></div><a id="d0e7959" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.2. Access Control</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="next" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Access_Control">2.5.2.2.2. Access Control</h5></div></div></div><a id="d0e7959" class="indexterm"/><div class="para">
Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the <code class="option">allow</code> or <code class="option">deny</code> directive as the final option.
</div><div class="para">
For example, the following two rules allow SSH connections from <code class="systemitem">client-1.example.com</code>, but deny connections from <code class="systemitem">client-2.example.com</code>:
Index: sect-Security_Guide-Option_Fields-Expansions.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Expansions.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Option_Fields-Expansions.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Option_Fields-Expansions.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.4. Expansions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">2.5.2.2.4. Expansions</h5></div></div></div><a id="d0e8069" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.4. Expansions</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Shell_Commands.html" title="2.5.2.2.3. Shell Commands"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Shell_Commands.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Expansions">2.5.2.2.4. Expansions</h5></div></div></div><a id="d0e8069" class="indexterm"/><div class="para">
Expansions, when used in conjunction with the <code class="command">spawn</code> and <code class="command">twist</code> directives, provide information about the client, server, and processes involved.
</div><div class="para">
The following is a list of supported expansions:
Index: sect-Security_Guide-Option_Fields-Shell_Commands.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Option_Fields-Shell_Commands.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Option_Fields-Shell_Commands.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Option_Fields-Shell_Commands.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.3. Shell Commands</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/><link rel="next" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">2.5.2.2.3. Shell Commands</h5></div></div></div><a id="d0e7995" class="indexterm"/><a id="d0e8002" class="indexterm"/><a id="d0e8011" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2.3. Shell Commands</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/><link rel="next" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></
p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Shell_Commands">2.5.2.2.3. Shell Commands</h5></div></div></div><a id="d0e7995" class="indexterm"/><a id="d0e8002" class="indexterm"/><a id="d0e8011" class="indexterm"/><div class="para">
Option fields allow access rules to launch shell commands through the following two directives:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="command">spawn</code> — Launches a shell command as a child process. This directive can perform tasks like using <code class="command">/usr/sbin/safe_finger</code> to get more information about the requesting client or create special log files using the <code class="command">echo</code> command.
Index: sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.2. Control Flag</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedor
aproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">2.4.3.2. Control Flag</h4></div></div></div><a id="d0e6295" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.2. Control Flag</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedor
aproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag">2.4.3.2. Control Flag</h4></div></div></div><a id="d0e6295" class="indexterm"/><div class="para">
All PAM modules generate a success or failure result when called. Control flags tell PAM what do with the result. Modules can be stacked in a particular order, and the control flags determine how important the success or failure of a particular module is to the overall goal of authenticating the user to the service.
</div><div class="para">
There are four predefined control flags:
Index: sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.4. Module Arguments</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs
.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">2.4.3.4. Module Arguments</h4></div></div></div><a id="d0e6404" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.4. Module Arguments</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html" title="2.4.3.3. Module Name"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs
.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments">2.4.3.4. Module Arguments</h4></div></div></div><a id="d0e6404" class="indexterm"/><div class="para">
PAM uses <em class="firstterm">arguments</em> to pass information to a pluggable module during authentication for some modules.
</div><div class="para">
For example, the <code class="filename">pam_userdb.so</code> module uses information stored in a Berkeley DB file to authenticate the user. Berkeley DB is an open source database system embedded in many applications. The module takes a <code class="filename">db</code> argument so that Berkeley DB knows which database to use for the requested service.
Index: sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-PAM_Configuration_File_Format-Module_Name.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.3. Module Name</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">2.4.3.3. Module Name</h4></div></div></div><a id="d0e6383" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3.3. Module Name</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">2.4.3.3. Module Name</h4></div></div></div><a id="d0e6383" class="indexterm"/><div class="para">
The module name provides PAM with the name of the pluggable module containing the specified module interface. In older versions of Fedora, the full path to the module was provided in the PAM configuration file. However, since the advent of <em class="firstterm">multilib</em> systems, which store 64-bit PAM modules in the <code class="filename">/lib64/security/</code> directory, the directory name is omitted because the application is linked to the appropriate version of <code class="filename">libpam</code>, which can locate the correct version of the module.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Prev</strong>2.4.3.2. Control Flag</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Next</strong>2.4.3.4. Module Arguments</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6.2. Common pam_timestamp Directives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Comm
on_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">2.4.6.2. Common pam_timestamp Directives</h4></div></div></div><a id="d0e6803" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6.2. Common pam_timestamp Directives</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Comm
on_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives">2.4.6.2. Common pam_timestamp Directives</h4></div></div></div><a id="d0e6803" class="indexterm"/><div class="para">
The <code class="filename">pam_timestamp.so</code> module accepts several directives. The following are the two most commonly used options:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="command">timestamp_timeout</code> — Specifies the period (in seconds) for which the timestamp file is valid. The default value is 300 (five minutes).
Index: sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7.2. Application Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://d
ocs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">2.4.7.2. Application Access</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7.2. Application Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html" title="2.4.7. PAM and Device Ownership"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html" title="2.4.8. Additional Resources"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://d
ocs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access">2.4.7.2. Application Access</h4></div></div></div><div class="para">
The console user also has access to certain programs configured for use in the <code class="filename">/etc/security/console.apps/</code> directory.
</div><div class="para">
This directory contains configuration files which enable the console user to run certain applications in <code class="filename">/sbin</code> and <code class="filename">/usr/sbin</code>.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.4.8. Additional Resources</h3></div></div></div><a id="d0e7033" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.8. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/ima
ges/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Additional_Resources">2.4.8. Additional Resources</h3></div></div></div><a id="d0e7033" class="indexterm"/><div class="para">
The following resources further explain methods to use and configure PAM. In addition to these resources, read the PAM configuration files on the system to better understand how they are structured.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_PAM_Documentation">2.4.8.1. Installed PAM Documentation</h4></div></div></div><a id="d0e7043" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
PAM-related man pages — Several man pages exist for the various applications and configuration files involved with PAM. The following is a list of some of the more important man pages.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.5. Creating PAM Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product S
ite"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.4.5. Creating PAM Modules</h3></div></div></div><a id="d0e6631" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.5. Creating PAM Modules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html" title="2.4.4. Sample PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html" title="2.4.6. PAM and Administrative Credential Caching"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product S
ite"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules">2.4.5. Creating PAM Modules</h3></div></div></div><a id="d0e6631" class="indexterm"/><div class="para">
You can create or add new PAM modules at any time for use by PAM-aware applications.
</div><div class="para">
For example, a developer might create a one-time-password creation method and write a PAM module to support it. PAM-aware programs can immediately use the new module and password method without being recompiled or otherwise modified.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3. PAM Configuration File Format</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.4.3. PAM Configuration File Format</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.3. PAM Configuration File Format</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/><link rel="next" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html" title="2.4.3.2. Control Flag"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img
src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_Configuration_File_Format-Control_Flag.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format">2.4.3. PAM Configuration File Format</h3></div></div></div><div class="para">
Each PAM configuration file contains a group of directives formatted as follows:
</div><pre class="screen"><em class="replaceable"><code><module interface></code></em> <em class="replaceable"><code><control flag></code></em> <em class="replaceable"><code><module name></code></em> <em class="replaceable"><code><module arguments></code></em>
</pre><div class="para">
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.2. PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.4.2. PAM Configuration Files</h3></div></div></div><a id="d0e6066" class="indexterm"/><a id="d0e6072" class="indexterm"/><a id="d0e6078" class="indexterm"/><a id="d0e6084" class="indexterm"/><a id="d0e6090" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.2. PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html" title="2.4.3. PAM Configuration File Format"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.f
edoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_File_Format.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files">2.4.2. PAM Configuration Files</h3></div></div></div><a id="d0e6066" class="indexterm"/><a id="d0e6072" class="indexterm"/><a id="d0e6078" class="indexterm"/><a id="d0e6084" class="indexterm"/><a id="d0e6090" class="indexterm"/><div class="para">
The <code class="filename">/etc/pam.d/</code> directory contains the PAM configuration files for each PAM-aware application. In earlier versions of PAM, the <code class="filename">/etc/pam.conf</code> file was used, but this file is now deprecated and is only used if the <code class="filename">/etc/pam.d/</code> directory does not exist.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_Configuration_Files-PAM_Service_Files">2.4.2.1. PAM Service Files</h4></div></div></div><a id="d0e6109" class="indexterm"/><div class="para">
Each PAM-aware application or <em class="firstterm">service</em> has a file in the <code class="filename">/etc/pam.d/</code> directory. Each file in this directory has the same name as the service to which it controls access.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6. PAM and Administrative Credential Caching</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/><link rel="next" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.4.6. PAM and Administrative Credential Caching</h3></div></div></div><a id="d0e6658" class="indexterm"/><a id="d0e6666" class="indexterm"/><a id="d0e6672" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.6. PAM and Administrative Credential Caching</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/><link rel="next" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a
class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">2.4.6. PAM and Administrative Credential Caching</h3></div></div></div><a id="d0e6658" class="indexterm"/><a id="d0e6666" class="indexterm"/><a id="d0e6672" class="indexterm"/><div class="para">
A number of graphical administrative tools in Fedora provide users with elevated privileges for up to five minutes using the <code class="filename">pam_timestamp.so</code> module. It is important to understand how this mechanism works, because a user who walks away from a terminal while <code class="filename">pam_timestamp.so</code> is in effect leaves the machine open to manipulation by anyone with physical access to the console.
</div><div class="para">
In the PAM timestamp scheme, the graphical administrative application prompts the user for the root password when it is launched. When the user has been authenticated, the <code class="filename">pam_timestamp.so</code> module creates a timestamp file. By default, this is created in the <code class="filename">/var/run/sudo/</code> directory. If the timestamp file already exists, graphical administrative programs do not prompt for a password. Instead, the <code class="filename">pam_timestamp.so</code> module freshens the timestamp file, reserving an extra five minutes of unchallenged administrative access for the user.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7. PAM and Device Ownership</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/><link rel="next" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://doc
s.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.4.7. PAM and Device Ownership</h3></div></div></div><a id="d0e6842" class="indexterm"/><a id="d0e6850" class="indexterm"/><a id="d0e6856" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.7. PAM and Device Ownership</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html" title="2.4.6.2. Common pam_timestamp Directives"/><link rel="next" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html" title="2.4.7.2. Application Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://doc
s.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_and_Administrative_Credential_Caching-Common_pam_timestamp_Directives.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-PAM_and_Device_Ownership-Application_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">2.4.7. PAM and Device Ownership</h3></div></div></div><a id="d0e6842" class="indexterm"/><a id="d0e6850" class="indexterm"/><a id="d0e6856" class="indexterm"/><div class="para">
In Fedora, the first user who logs in at the physical console of the machine can manipulate certain devices and perform certain tasks normally reserved for the root user. This is controlled by a PAM module called <code class="filename">pam_console.so</code>.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">2.4.7.1. Device Ownership</h4></div></div></div><div class="para">
When a user logs in to a Fedora system, the <code class="filename">pam_console.so</code> module is called by <code class="command">login</code> or the graphical login programs, <span class="application"><strong>gdm</strong></span>, <span class="application"><strong>kdm</strong></span>, and <span class="application"><strong>xdm</strong></span>. If this user is the first user to log in at the physical console — referred to as the <em class="firstterm">console user</em> — the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. After this user has logged out, ownership of the devices reverts back to the root user.
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.4. Sample PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.4.4. Sample PAM Configuration Files</h3></div></div></div><a id="d0e6448" class="indexterm"/><a id="d0e6453" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4.4. Sample PAM Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/><link rel="prev" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html" title="2.4.3.4. Module Arguments"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html" title="2.4.5. Creating PAM Modules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-PAM_Configuration_File_Format-Module_Arguments.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Creating_PAM_Modules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-Sample_PAM_Configuration_Files">2.4.4. Sample PAM Configuration Files</h3></div></div></div><a id="d0e6448" class="indexterm"/><a id="d0e6453" class="indexterm"/><div class="para">
The following is a sample PAM application configuration file:
</div><pre class="screen">#%PAM-1.0
auth required pam_securetty.so
Index: sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4. Pluggable Authentication Modules (PAM)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http
://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.4. Pluggable Authentication Modules (PAM)</h2></div></div></div><a id="d0e6014" class="indexterm"/><a id="d0e6019" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4. Pluggable Authentication Modules (PAM)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html" title="2.4.2. PAM Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http
://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM">2.4. Pluggable Authentication Modules (PAM)</h2></div></div></div><a id="d0e6014" class="indexterm"/><a id="d0e6019" class="indexterm"/><div class="para">
Programs that grant users access to a system use <em class="firstterm">authentication</em> to verify each other's identity (that is, to establish that a user is who they say they are).
</div><div class="para">
Historically, each program had its own way of authenticating users. In Fedora, many programs are configured to use a centralized authentication mechanism called <em class="firstterm">Pluggable Authentication Modules</em> (<acronym class="acronym">PAM</acronym>).
Index: sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.2. Utilize LUKS Partition Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="prev" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="next" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encryption</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.2. Utilize LUKS Partition Encryption</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="prev" href="chap-Security_Guide-Secure_Installation.html" title="Chapter 5. Secure Installation"/><link rel="next" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Secure_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Software_Maintenance.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Secure_Installation-Utilize_LUKS_Partition_Encryption">5.2. Utilize LUKS Partition Encryption</h2></div></div></div><div class="para">
Since Fedora 9, implementation of <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption">Linux Unified Key Setup-on-disk-format</a>(LUKS) encryption has become a lot easier. During the installation process an option to encrypt your partitions will be presented to the user. The user must supply a passphrase that will be the key to unlock the bulk encryption key that will be used to secure the partition's data.
</div><div class="para">
Fedora 8, however, does not have LUKS support built-in; however it is easily implemented. <a href="http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption#Step-by...">Step-by-step procedures</a> are available that allow the user to implement partition encryption on their Fedora 8 installation.
Index: sect-Security_Guide-Securing_FTP-Anonymous_Access.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-Anonymous_Access.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_FTP-Anonymous_Access.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_FTP-Anonymous_Access.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.2. Anonymous Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="next" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">2.2.6.2. Anonymous Access</h4></div></div></div><a id="d0e5177" class="indexterm"/><a id="d0e5182" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.2. Anonymous Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="next" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li
class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Anonymous_Access">2.2.6.2. Anonymous Access</h4></div></div></div><a id="d0e5177" class="indexterm"/><a id="d0e5182" class="indexterm"/><div class="para">
The presence of the <code class="filename">/var/ftp/</code> directory activates the anonymous account.
</div><div class="para">
The easiest way to create this directory is to install the <code class="filename">vsftpd</code> package. This package establishes a directory tree for anonymous users and configures the permissions on directories to read-only for anonymous users.
Index: sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.4. Use TCP Wrappers To Control Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">2.2.6.4. Use TCP Wrappers To Control Access</h4></div></div></div><a id="d0e5309" class="indexterm"/><a id="d0e5314" class="indexterm"/><a id="d0e5319" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.4. Use TCP Wrappers To Control Access</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-User_Accounts.html" title="2.2.6.3. User Accounts"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access">2.2.6.4. Use TCP Wrappers To Control Access</h4></div></div></div><a id="d0e5309" class="indexterm"/><a id="d0e5314" class="indexterm"/><a id="d0e5319" class="indexterm"/><div class="para">
Use TCP Wrappers to control access to either FTP daemon as outlined in <a class="xref" href="sect-Security_Guide-Server_Security.html#sect-Security_Guide-Securing_Services_With_TCP_Wrappers_and_xinetd-Enhancing_Security_With_TCP_Wrappers" title="2.2.1.1. Enhancing Security With TCP Wrappers">Section 2.2.1.1, “Enhancing Security With TCP Wrappers”</a>.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-User_Accounts.html"><strong>Prev</strong>2.2.6.3. User Accounts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Next</strong>2.2.7. Securing Sendmail</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_FTP-User_Accounts.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_FTP-User_Accounts.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_FTP-User_Accounts.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_FTP-User_Accounts.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.3. User Accounts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">2.2.6.3. User Accounts</h4></div></div></div><a id="d0e5256" class="indexterm"/><a id="d0e5261" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6.3. User Accounts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_FTP-User_Accounts">2.2.6.3. User Accounts</h4></div></div></div><a id="d0e5256" class="indexterm"/><a id="d0e5261" class="indexterm"/><div class="para">
Because FTP transmits unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.
</div><div class="para">
To disable all user accounts in <code class="command">vsftpd</code>, add the following directive to <code class="filename">/etc/vsftpd/vsftpd.conf</code>:
Index: sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.2. Beware of Syntax Errors</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">2.2.4.2. Beware of Syntax Errors</h4></div></div></div><a id="d0e4863" class="indexterm"/><a id="d0e4868" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.2. Beware of Syntax Errors</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors">2.2.4.2. Beware of Syntax Errors</h4></div></div></div><a id="d0e4863" class="indexterm"/><a id="d0e4868" class="indexterm"/><div class="para">
The NFS server determines which file systems to export and which hosts to export these directories to by consulting the <code class="filename">/etc/exports</code> file. Be careful not to add extraneous spaces when editing this file.
</div><div class="para">
For instance, the following line in the <code class="filename">/etc/exports</code> file shares the directory <code class="command">/tmp/nfs/</code> to the host <code class="command">bob.example.com</code> with read/write permissions.
Index: sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.3. Do Not Use the no_root_squash Option</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">2.2.4.3. Do Not Use the <code class="command">no_root_squash</code> Option</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.3. Do Not Use the no_root_squash Option</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option">2.2.4.3. Do Not Use the <code class="command">no_root_squash</code> Option</h4></div></div></div><div class="para">
By default, NFS shares change the root user to the <code class="command">nfsnobody</code> user, an unprivileged user account. This changes the owner of all root-created files to <code class="command">nfsnobody</code>, which prevents uploading of programs with the setuid bit set.
</div><div class="para">
If <code class="command">no_root_squash</code> is used, remote root users are able to change any file on the shared file system and leave applications infected by trojans for other users to inadvertently execute.
Index: sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.4. Assign Static Ports and Use iptables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">2.2.3.4. Assign Static Ports and Use iptables Rules</h4></div></div></div><a id="d0e4729" class="indexterm"/><a id="d0e4734" class="indexterm"/><a id="d0e4741" class="indexterm"/><a id="d0e4746" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.4. Assign Static Ports and Use iptables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules">2.2.3.4. Assign Static Ports and Use iptables Rules</h4></div></div></div><a id="d0e4729" class="indexterm"/><a id="d0e4734" class="indexterm"/><a id="d0e4741" class="indexterm"/><a id="d0e4746" class="indexterm"/><div class="para">
All of the servers related to NIS can be assigned specific ports except for <code class="command">rpc.yppasswdd</code> — the daemon that allows users to change their login passwords. Assigning ports to the other two NIS server daemons, <code class="command">rpc.ypxfrd</code> and <code class="command">ypserv</code>, allows for the creation of firewall rules to further protect the NIS server daemons from intruders.
</div><div class="para">
To do this, add the following lines to <code class="filename">/etc/sysconfig/network</code>:
Index: sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.3. Edit the /var/yp/securenets File</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="righ
t" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">2.2.3.3. Edit the <code class="filename">/var/yp/securenets</code> File</h4></div></div></div><a id="d0e4687" class="indexterm"/><a id="d0e4693" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.3. Edit the /var/yp/securenets File</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="righ
t" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File">2.2.3.3. Edit the <code class="filename">/var/yp/securenets</code> File</h4></div></div></div><a id="d0e4687" class="indexterm"/><a id="d0e4693" class="indexterm"/><div class="para">
If the <code class="filename">/var/yp/securenets</code> file is blank or does not exist (as is the case after a default installation), NIS listens to all networks. One of the first things to do is to put netmask/network pairs in the file so that <code class="command">ypserv</code> only responds to requests from the appropriate network.
</div><div class="para">
Below is a sample entry from a <code class="filename">/var/yp/securenets</code> file:
Index: sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.5. Use Kerberos Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">2.2.3.5. Use Kerberos Authentication</h4></div></div></div><a id="d0e4787" class="indexterm"/><a id="d0e4792" class="indexterm"/><a id="d0e4799" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.5. Use Kerberos Authentication</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html" title="2.2.3.4. Assign Static Ports and Use iptables Rules"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/imag
e_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Assign_Static_Ports_and_Use_iptables_Rules.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NFS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication">2.2.3.5. Use Kerberos Authentication</h4></div></div></div><a id="d0e4787" class="indexterm"/><a id="d0e4792" class="indexterm"/><a id="d0e4799" class="indexterm"/><div class="para">
One of the issues to consider when NIS is used for authentication is that whenever a user logs into a machine, a password hash from the <code class="filename">/etc/shadow</code> map is sent over the network. If an intruder gains access to an NIS domain and sniffs network traffic, they can collect usernames and password hashes. With enough time, a password cracking program can guess weak passwords, and an attacker can gain access to a valid account on the network.
</div><div class="para">
Since Kerberos uses secret-key cryptography, no password hashes are ever sent over the network, making the system far more secure. Refer to <a class="xref" href="sect-Security_Guide-Kerberos.html" title="2.6. Kerberos">Section 2.6, “Kerberos”</a> for more information about Kerberos.
Index: sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.2. Use a Password-like NIS Domain Name and Hostname</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">2.2.3.2. Use a Password-like NIS Domain Name and Hostname</h4></div></div></div><a id="d0e4625" class="indexterm"/><a id="d0e4630" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3.2. Use a Password-like NIS Domain Name and Hostname</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html" title="2.2.3.3. Edit the /var/yp/securenets File"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Edit_the_varypsecurenets_File.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname">2.2.3.2. Use a Password-like NIS Domain Name and Hostname</h4></div></div></div><a id="d0e4625" class="indexterm"/><a id="d0e4630" class="indexterm"/><div class="para">
Any machine within an NIS domain can use commands to extract information from the server without authentication, as long as the user knows the NIS server's DNS hostname and NIS domain name.
</div><div class="para">
For instance, if someone either connects a laptop computer into the network or breaks into the network from outside (and manages to spoof an internal IP address), the following command reveals the <code class="command">/etc/passwd</code> map:
Index: sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2.2. Protect portmap With iptables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">2.2.2.2. Protect portmap With iptables</h4></div></div></div><a id="d0e4501" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2.2. Protect portmap With iptables</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_NIS.html" title="2.2.3. Securing NIS"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></
a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_NIS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables">2.2.2.2. Protect portmap With iptables</h4></div></div></div><a id="d0e4501" class="indexterm"/><div class="para">
To further restrict access to the <code class="command">portmap</code> service, it is a good idea to add iptables rules to the server and restrict access to specific networks.
</div><div class="para">
Below are two example iptables commands. The first allows TCP connections to the port 111 (used by the <code class="command">portmap</code> service) from the 192.168.0.0/24 network. The second allows TCP connections to the same port from the localhost. This is necessary for the <code class="command">sgi_fam</code> service used by <span class="application"><strong>Nautilus</strong></span>. All other packets are dropped.
Index: sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.3. Mail-only Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/><link rel="next" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">2.2.7.3. Mail-only Users</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.3. Mail-only Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/><link rel="next" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_r
ight.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Mail_only_Users">2.2.7.3. Mail-only Users</h4></div></div></div><div class="para">
To help prevent local user exploits on the Sendmail server, it is best for mail users to only access the Sendmail server using an email program. Shell accounts on the mail server should not be allowed and all user shells in the <code class="filename">/etc/passwd</code> file should be set to <code class="command">/sbin/nologin</code> (with the possible exception of the root user).
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Prev</strong>2.2.7.2. NFS and Sendmail</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Next</strong>2.2.8. Verifying Which Ports Are Listening</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.2. NFS and Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/><
/a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">2.2.7.2. NFS and Sendmail</h4></div></div></div><a id="d0e5401" class="indexterm"/><a id="d0e5406" class="indexterm"/><a id="d0e5411" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7.2. NFS and Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html" title="2.2.7. Securing Sendmail"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/><
/a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail">2.2.7.2. NFS and Sendmail</h4></div></div></div><a id="d0e5401" class="indexterm"/><a id="d0e5406" class="indexterm"/><a id="d0e5411" class="indexterm"/><div class="para">
Never put the mail spool directory, <code class="filename">/var/spool/mail/</code>, on an NFS shared volume.
</div><div class="para">
Because NFSv2 and NFSv3 do not maintain control over user and group IDs, two or more users can have the same UID, and receive and read each other's mail.
</div><div class="note"><h2>Note</h2><div class="para">
- With NFSv4 using Kerberos, this is not the case, since the <code class="filename">SECRPC_GSS</code> kernel module does not utilize UID-based authentication. However, it is considered good practice <span class="emphasis"><em>not</em></span> to put the mail spool directory on NFS shared volumes.
+ With NFSv4 using Kerberos, this is not the case, since the <code class="filename">SECRPC_GSS</code> kernel module does not utilize UID-based authentication. However, it is still considered good practice <span class="emphasis"><em>not</em></span> to put the mail spool directory on NFS shared volumes.
</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_Sendmail.html"><strong>Prev</strong>2.2.7. Securing Sendmail</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Next</strong>2.2.7.3. Mail-only Users</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Security_Updates.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Security_Updates.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Security_Updates.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Security_Updates.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.5. Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/><link rel="next" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Security Updates</h2></div></div></div><a id="d0e1399" class="indexterm"/><a id="d0e1404" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.5. Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/><link rel="next" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Security_Updates">1.5. Security Updates</h2></div></div></div><a id="d0e1399" class="indexterm"/><a id="d0e1404" class="indexterm"/><div class="para">
As security vulnerabilities are discovered, the affected software must be updated in order to limit any potential security risks. If the software is part of a package within a Fedora distribution that is currently supported, Fedora. is committed to releasing updated packages that fix the vulnerability as soon as possible. Often, announcements about a given security exploit are accompanied with a patch (or source code that fixes the problem). This patch is then applied to the Fedora package, tested by the Red Hat quality assurance team, and released as an errata update. However, if an announcement does not include a patch, a Red Hat developer works with the maintainer of the software to fix the problem. Once the problem is fixed, the package is tested and released as an errata update.
</div><div class="para">
If an errata update is released for software used on your system, it is highly recommended that you update the effected packages as soon as possible to minimize the amount of time the system is potentially vulnerable.
Index: sect-Security_Guide-Server_Security-Securing_FTP.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_FTP.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security-Securing_FTP.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security-Securing_FTP.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6. Securing FTP</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">2.2.6. Securing FTP</h3></div></div></div><a id="d0e5041" class="indexterm"/><a id="d0e5046" class="indexterm"/><div class="para">
- The <em class="firstterm">File Transport Protocol</em> (<abbr class="abbrev">FTP</abbr>) is an older TCP protocol designed to transfer files over a network. Because all transactions with the server, including user authentication, are unencrypted, it is considered an insecure protocol and should be carefully configured.
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.6. Securing FTP</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/><link rel="next" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html" title="2.2.6.2. Anonymous Access"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a>
</p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_FTP-Anonymous_Access.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_FTP">2.2.6. Securing FTP</h3></div></div></div><a id="d0e5041" class="indexterm"/><a id="d0e5046" class="indexterm"/><div class="para">
+ The <em class="firstterm">File Transfer Protocol</em> (<abbr class="abbrev">FTP</abbr>) is an older TCP protocol designed to transfer files over a network. Because all transactions with the server, including user authentication, are unencrypted, it is considered an insecure protocol and should be carefully configured.
</div><div class="para">
Fedora provides three FTP servers.
</div><a id="d0e5061" class="indexterm"/><a id="d0e5067" class="indexterm"/><div class="itemizedlist"><ul><li><div class="para">
Index: sect-Security_Guide-Server_Security-Securing_NFS.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_NFS.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security-Securing_NFS.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security-Securing_NFS.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4. Securing NFS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/
></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">2.2.4. Securing NFS</h3></div></div></div><a id="d0e4816" class="indexterm"/><a id="d0e4821" class="indexterm"/><div class="important"><h2>Important</h2><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4. Securing NFS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html" title="2.2.3.5. Use Kerberos Authentication"/><link rel="next" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html" title="2.2.4.2. Beware of Syntax Errors"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/
></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NIS-Use_Kerberos_Authentication.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NFS-Beware_of_Syntax_Errors.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NFS">2.2.4. Securing NFS</h3></div></div></div><a id="d0e4816" class="indexterm"/><a id="d0e4821" class="indexterm"/><div class="important"><h2>Important</h2><div class="para">
The version of NFS included in Fedora, NFSv4, no longer requires the <code class="command">portmap</code> service as outlined in <a class="xref" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap">Section 2.2.2, “Securing Portmap”</a>. NFS traffic now utilizes TCP in all versions, rather than UDP, and requires it when using NFSv4. NFSv4 now includes Kerberos user and group authentication, as part of the <code class="filename">RPCSEC_GSS</code> kernel module. Information on <code class="command">portmap</code> is still included, since Fedora supports NFSv2 and NFSv3, both of which utilize <code class="command">portmap</code>.
</div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-Carefully_Plan_the_Network">2.2.4.1. Carefully Plan the Network</h4></div></div></div><a id="d0e4846" class="indexterm"/><a id="d0e4851" class="indexterm"/><div class="para">
Now that NFSv4 has the ability to pass all information encrypted using Kerberos over a network, it is important that the service be configured correctly if it is behind a firewall or on a segmented network. NFSv2 and NFSv3 still pass data insecurely, and this should be taken into consideration. Careful network design in all of these regards can help prevent security breaches.
Index: sect-Security_Guide-Server_Security-Securing_NIS.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_NIS.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security-Securing_NIS.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security-Securing_NIS.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3. Securing NIS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">2.2.3. Securing NIS</h3></div></div></div><a id="d0e4539" class="indexterm"/><a id="d0e4544" class="indexterm"/><div class="para">
- The <em class="firstterm">Network Information Service</em> (<acronym class="acronym">NIS</acronym>) is an RPC service, called <code class="command">ypserv</code>,--> which is used in conjunction with <code class="command">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.3. Securing NIS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/><link rel="next" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html" title="2.2.3.2. Use a Password-like NIS Domain Name and Hostname"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common
_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_NIS-Use_a_Password_like_NIS_Domain_Name_and_Hostname.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_NIS">2.2.3. Securing NIS</h3></div></div></div><a id="d0e4539" class="indexterm"/><a id="d0e4544" class="indexterm"/><div class="para">
+ The <em class="firstterm">Network Information Service</em> (<acronym class="acronym">NIS</acronym>) is an RPC service, called <code class="command">ypserv</code>, which is used in conjunction with <code class="command">portmap</code> and other related services to distribute maps of usernames, passwords, and other sensitive information to any computer claiming to be within its domain.
</div><div class="para">
An NIS server is comprised of several applications. They include the following:
</div><div class="itemizedlist"><ul><li><div class="para">
Index: sect-Security_Guide-Server_Security-Securing_Portmap.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_Portmap.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security-Securing_Portmap.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security-Securing_Portmap.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2. Securing Portmap</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="next" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">2.2.2. Securing Portmap</h3></div></div></div><a id="d0e4448" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.2. Securing Portmap</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="next" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html" title="2.2.2.2. Protect portmap With iptables"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Portmap-Protect_portmap_With_iptables.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Portmap">2.2.2. Securing Portmap</h3></div></div></div><a id="d0e4448" class="indexterm"/><div class="para">
The <code class="command">portmap</code> service is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.
</div><div class="note"><h2>Note</h2><div class="para">
Securing <code class="command">portmap</code> only affects NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to implement an NFSv2 or NFSv3 server, then <code class="command">portmap</code> is required, and the following section applies.
Index: sect-Security_Guide-Server_Security-Securing_Sendmail.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_Sendmail.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security-Securing_Sendmail.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security-Securing_Sendmail.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7. Securing Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentat
ion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">2.2.7. Securing Sendmail</h3></div></div></div><a id="d0e5333" class="indexterm"/><a id="d0e5338" class="indexterm"/><div class="para">
- Sendmail is a Mail Transport Agent (MTA) that uses the Simple Mail Transport Protocol (SMTP) to deliver electronic messages between other MTAs and to email clients or delivery agents. Although many MTAs are capable of encrypting traffic between one another, most do not, so sending email over any public networks is considered an inherently insecure form of communication.
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.7. Securing Sendmail</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html" title="2.2.6.4. Use TCP Wrappers To Control Access"/><link rel="next" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html" title="2.2.7.2. NFS and Sendmail"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentat
ion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_FTP-Use_TCP_Wrappers_To_Control_Access.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Securing_Sendmail-NFS_and_Sendmail.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_Sendmail">2.2.7. Securing Sendmail</h3></div></div></div><a id="d0e5333" class="indexterm"/><a id="d0e5338" class="indexterm"/><div class="para">
+ Sendmail is a Mail Transfer Agent (MTA) that uses the Simple Mail Transfer Protocol (SMTP) to deliver electronic messages between other MTAs and to email clients or delivery agents. Although many MTAs are capable of encrypting traffic between one another, most do not, so sending email over any public networks is considered an inherently insecure form of communication.
</div><div class="para">
It is recommended that anyone planning to implement a Sendmail server address the following issues.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_Sendmail-Limiting_a_Denial_of_Service_Attack">2.2.7.1. Limiting a Denial of Service Attack</h4></div></div></div><a id="d0e5350" class="indexterm"/><a id="d0e5355" class="indexterm"/><div class="para">
Index: sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.5. Securing the Apache HTTP Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.2.5. Securing the Apache HTTP Server</h3></div></div></div><a id="d0e4938" class="indexterm"/><a id="d0e4943" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.5. Securing the Apache HTTP Server</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_FTP.html" title="2.2.6. Securing FTP"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docu
mentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_FTP.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server">2.2.5. Securing the Apache HTTP Server</h3></div></div></div><a id="d0e4938" class="indexterm"/><a id="d0e4943" class="indexterm"/><div class="para">
The Apache HTTP Server is one of the most stable and secure services that ships with Fedora. A large number of options and techniques are available to secure the Apache HTTP Server — too numerous to delve into deeply here. The following section briefly explains good practices when running the Apache HTTP Server.
</div><div class="para">
Always verify that any scripts running on the system work as intended <span class="emphasis"><em>before</em></span> putting them into production. Also, ensure that only the root user has write permissions to any directory containing scripts or CGIs. To do this, run the following commands as the root user:
Index: sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.8. Verifying Which Ports Are Listening</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.2.8. Verifying Which Ports Are Listening</h3></div></div></div><a id="d0e5450" class="indexterm"/><a id="d0e5455" class="indexterm"/><a id="d0e5462" class="indexterm"/><a id="d0e5466" class="indexterm"/><a id="d0e5470" class="indexterm"/><a id="d0e5473" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.8. Verifying Which Ports Are Listening</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security.html" title="2.2. Server Security"/><link rel="prev" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html" title="2.2.7.3. Mail-only Users"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="d
ocnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_Sendmail-Mail_only_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening">2.2.8. Verifying Which Ports Are Listening</h3></div></div></div><a id="d0e5450" class="indexterm"/><a id="d0e5455" class="indexterm"/><a id="d0e5462" class="indexterm"/><a id="d0e5466" class="indexterm"/><a id="d0e5470" class="indexterm"/><a id="d0e5473" class="indexterm"/><div class="para">
After configuring network services, it is important to pay attention to which ports are actually listening on the system's network interfaces. Any open ports can be evidence of an intrusion.
</div><div class="para">
There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack using commands such as <code class="command">netstat -an</code> or <code class="command">lsof -i</code>. This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system. For this reason, these applications are frequent targets for replacement by attackers. Crackers attempt to cover their tracks if they open unauthorized network ports by replacing <code class="command">netstat</code> and <code class="command">lsof</code> with their own, modified versions.
Index: sect-Security_Guide-Server_Security.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Server_Security.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Server_Security.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Server_Security.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2. Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Server_Security">2.2. Server Security</h2></div></div></div><a id="d0e4031" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2. Server Security</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_Portmap.html" title="2.2.2. Securing Portmap"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Securing_Your_Network.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_Portmap.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Server_Security">2.2. Server Security</h2></div></div></div><a id="d0e4031" class="indexterm"/><div class="para">
When a system is used as a server on a public network, it becomes a target for attacks. Hardening the system and locking down services is therefore of paramount importance for the system administrator.
</div><div class="para">
Before delving into specific issues, review the following general tips for enhancing server security:
@@ -43,7 +43,7 @@
</div><div class="para">
To allow the connection and log it, place the <code class="command">spawn</code> directive in the <code class="filename">/etc/hosts.allow</code> file.
</div><div class="note"><h2>Note</h2><div class="para">
- Because the <code class="command">spawn</code> directive executes any shell command, create a special script to notify the administrator or execute a chain of commands in the event that a particular client attempts to connect to the server.
+ Because the <code class="command">spawn</code> directive executes any shell command, it is a good idea to create a special script to notify the administrator or execute a chain of commands in the event that a particular client attempts to connect to the server.
</div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Enhancing_Security_With_TCP_Wrappers-TCP_Wrappers_and_Enhanced_Logging">2.2.1.1.3. TCP Wrappers and Enhanced Logging</h5></div></div></div><a id="d0e4190" class="indexterm"/><a id="d0e4195" class="indexterm"/><div class="para">
If certain types of connections are of more concern than others, the log level can be elevated for that service using the <code class="command">severity</code> option.
</div><div class="para">
Index: sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.5. Configuring Firefox to use Kerberos for SSO</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conte
nt/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.3.5. Configuring Firefox to use Kerberos for SSO</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.5. Configuring Firefox to use Kerberos for SSO</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/><link rel="next" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html" title="2.4. Pluggable Authentication Modules (PAM)"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Conte
nt/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Pluggable_Authentication_Modules_PAM.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO">2.3.5. Configuring Firefox to use Kerberos for SSO</h3></div></div></div><div class="para">
You can configure Firefox to use Kerberos for Single Sign-on. In order for this functionality to work correctly, you need to configure your web browser to send your Kerberos credentials to the appropriate <abbr class="abbrev">KDC</abbr>.The following section describes the configuration changes and other requirements to achieve this.
</div><div class="orderedlist"><ol><li><div class="para">
In the address bar of Firefox, type <strong class="userinput"><code>about:config</code></strong> to display the list of current configuration options.
Index: sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.2. Getting Started with your new Smart Card</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" al
t="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.3.2. Getting Started with your new Smart Card</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.2. Getting Started with your new Smart Card</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" al
t="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card">2.3.2. Getting Started with your new Smart Card</h3></div></div></div><div class="para">
Before you can use your smart card to log in to your system and take advantage of the increased security options this technology provides, you need to perform some basic installation and configuration steps. These are described below.
</div><div class="note"><h2>Note</h2><div class="para">
This section provides a high-level view of getting started with your smart card. More detailed information is available in the Red Hat Certificate System Enterprise Security Client Guide.
Index: sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.3. How Smart Card Enrollment Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.3.3. How Smart Card Enrollment Works</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.3. How Smart Card Enrollment Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html" title="2.3.4. How Smart Card Login Works"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works">2.3.3. How Smart Card Enrollment Works</h3></div></div></div><div class="para">
Smart cards are said to be <em class="firstterm">enrolled</em> when they have received an appropriate certificate signed by a valid Certificate Authority (<abbr class="abbrev">CA</abbr>). This involves several steps, described below:
</div><div class="orderedlist"><ol><li><div class="para">
The user inserts their smart card into the smart card reader on their workstation. This event is recognized by the Enterprise Security Client (<abbr class="abbrev">ESC</abbr>).
Index: sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.4. How Smart Card Login Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.3.4. How Smart Card Login Works</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3.4. How Smart Card Login Works</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Single_Sign_on_SSO.html" title="2.3. Single Sign-on (SSO)"/><link rel="prev" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html" title="2.3.3. How Smart Card Enrollment Works"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html" title="2.3.5. Configuring Firefox to use Kerberos for SSO"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Enrollment_Works.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-How_Smart_Card_Login_Works">2.3.4. How Smart Card Login Works</h3></div></div></div><div class="para">
This section provides a brief overview of the process of logging in using a smart card.
</div><div class="orderedlist"><ol><li><div class="para">
When the user inserts their smart card into the smart card reader, this event is recognized by the PAM facility, which prompts for the user's PIN.
Index: sect-Security_Guide-Single_Sign_on_SSO.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Single_Sign_on_SSO.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Single_Sign_on_SSO.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Single_Sign_on_SSO.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3. Single Sign-on (SSO)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject
.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">2.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3. Single Sign-on (SSO)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html" title="2.2.8. Verifying Which Ports Are Listening"/><link rel="next" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html" title="2.3.2. Getting Started with your new Smart Card"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject
.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Server_Security-Verifying_Which_Ports_Are_Listening.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Single_Sign_on_SSO-Getting_Started_with_your_new_Smart_Card.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Single_Sign_on_SSO">2.3. Single Sign-on (SSO)</h2></div></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">2.3.1. Introduction</h3></div></div></div><div class="para">
The Fedora SSO functionality reduces the number of times Fedora desktop users have to enter their passwords. Several major applications leverage the same underlying authentication and authorization mechanisms so that users can log in to Fedora from the log-in screen, and then not need to re-enter their passwords. These applications are detailed below.
</div><div class="para">
In addition, users can log in to their machines even when there is no network (<em class="firstterm">offline mode</em>) or where network connectivity is unreliable, for example, wireless access. In the latter case, services will degrade gracefully.
Index: sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.4. Install Signed Packages from Well Known Repositories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/><link rel="next" href="chap-Security_Guide-References.html" title="Chapter 7. References"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.4. Install Signed Packages from Well Known Repositories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/><link rel="next" href="chap-Security_Guide-References.html" title="Chapter 7. References"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Commo
n_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security_Guide-References.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories">6.4. Install Signed Packages from Well Known Repositories</h2></div></div></div><div class="para">
Software packages are published through repositories. All well known repositories support package signing. Package signing uses public key technology to prove that the package that was published by the repository has not been changed since the signature was applied. This provides some protection against installing software that may have been maliciously altered after the package was created but before you downloaded it.
</div><div class="para">
Using too many repositories, untrustworthy repositories, or repositories with unsigned packages has a higher risk of introducing malicious or vulnerable code into your system. Use caution when adding repositories to yum/software update.
Index: sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.3. Adjusting Automatic Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.3. Adjusting Automatic Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html" title="6.2. Plan and Configure Security Updates"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html" title="6.4. Install Signed Packages from Well Known Repositories"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Install_Signed_Packages_from_Well_Known_Repositories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates">6.3. Adjusting Automatic Updates</h2></div></div></div><div class="para">
Fedora 9 is configured to apply all updates on a daily schedule. If you want to change the how your system installs updates you must do so via '''Software Update Preferences'''. You can change the schedule, the type of updates to apply or to notify you of available updates.
</div><div class="para">
In Gnome, you can find controls for your updates at: <code class="code">System -> Preferences -> System -> Software Updates</code>. In KDE it is located at: <code class="code">Applications -> Settings -> Software Updates</code>.
Index: sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.2. Plan and Configure Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Security Updates</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.2. Plan and Configure Security Updates</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="prev" href="chap-Security_Guide-Software_Maintenance.html" title="Chapter 6. Software Maintenance"/><link rel="next" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html" title="6.3. Adjusting Automatic Updates"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Software_Maintenance.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates-Adjusting_Automatic_Updates.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Software_Maintenance-Plan_and_Configure_Security_Updates">6.2. Plan and Configure Security Updates</h2></div></div></div><div class="para">
All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Unpatched systems are a common cause of computer intrusions. You should have a plan to install security patches in a timely manner to close those vulnerabilities so they can not be exploited.
</div><div class="para">
For home users, security updates should be installed as soon as possible. Configuring automatic installation of security updates is one way to avoid having to remember, but does carry a slight risk that something can cause a conflict with your configuration or with other software on the system.
Index: sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2. Option Fields</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="next" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">2.5.2.2. Option Fields</h4></div></div></div><a id="d0e7883" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2.2. Option Fields</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/><link rel="next" href="sect-Security_Guide-Option_Fields-Access_Control.html" title="2.5.2.2.2. Access Control"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Option_Fields-Access_Control.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">2.5.2.2. Option Fields</h4></div></div></div><a id="d0e7883" class="indexterm"/><div class="para">
In addition to basic rules that allow and deny access, the Fedora implementation of TCP Wrappers supports extensions to the access control language through <em class="firstterm">option fields</em>. By using option fields in hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Option_Fields-Logging">2.5.2.2.1. Logging</h5></div></div></div><a id="d0e7898" class="indexterm"/><div class="para">
Option fields let administrators easily change the log facility and priority level for a rule by using the <code class="option">severity</code> directive.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.5.5. Additional Resources</h3></div></div></div><a id="d0e9027" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.5. Additional Resources</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html" title="2.5.4.3.4. Resource Management Options"/><link rel="next" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html" title="2.5.5.2. Useful TCP Wrappers Websites"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img sr
c="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Resource_Management_Options.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Additional_Resources-Useful_TCP_Wrappers_Websites.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-Additional_Resources">2.5.5. Additional Resources</h3></div></div></div><a id="d0e9027" class="indexterm"/><div class="para">
More information about TCP Wrappers and <code class="systemitem">xinetd</code> is available from system documentation and on the Internet.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Additional_Resources-Installed_TCP_Wrappers_Documentation">2.5.5.1. Installed TCP Wrappers Documentation</h4></div></div></div><a id="d0e9040" class="indexterm"/><a id="d0e9047" class="indexterm"/><div class="para">
The documentation on your system is a good place to start looking for additional configuration options for TCP Wrappers, <code class="systemitem">xinetd</code>, and access control.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2. TCP Wrappers Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documenta
tion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.5.2. TCP Wrappers Configuration Files</h3></div></div></div><a id="d0e7364" class="indexterm"/><a id="d0e7372" class="indexterm"/><a id="d0e7380" class="indexterm"/><a id="d0e7386" class="indexterm"/><a id="d0e7392" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.2. TCP Wrappers Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html" title="2.5.2.2. Option Fields"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documenta
tion Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files">2.5.2. TCP Wrappers Configuration Files</h3></div></div></div><a id="d0e7364" class="indexterm"/><a id="d0e7372" class="indexterm"/><a id="d0e7380" class="indexterm"/><a id="d0e7386" class="indexterm"/><a id="d0e7392" class="indexterm"/><div class="para">
To determine if a client is allowed to connect to a service, TCP Wrappers reference the following two files, which are commonly referred to as <em class="firstterm">hosts access</em> files:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="filename">/etc/hosts.allow</code>
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.3. xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a><
/p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.5.3. xinetd</h3></div></div></div><a id="d0e8214" class="indexterm"/><a id="d0e8220" class="indexterm"/><a id="d0e8226" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.3. xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-Option_Fields-Expansions.html" title="2.5.2.2.4. Expansions"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a><
/p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Option_Fields-Expansions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd">2.5.3. xinetd</h3></div></div></div><a id="d0e8214" class="indexterm"/><a id="d0e8220" class="indexterm"/><a id="d0e8226" class="indexterm"/><div class="para">
The <code class="systemitem">xinetd</code> daemon is a TCP-wrapped <em class="firstterm">super service</em> which controls access to a subset of popular network services, including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
</div><div class="para">
When a client attempts to connect to a network service controlled by <code class="systemitem">xinetd</code>, the super service receives the request and checks for any TCP Wrappers access control rules.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4. xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.5.4. xinetd Configuration Files</h3></div></div></div><a id="d0e8261" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4. xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html" title="2.5. TCP Wrappers and xinetd"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html" title="2.5.3. xinetd"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files">2.5.4. xinetd Configuration Files</h3></div></div></div><a id="d0e8261" class="indexterm"/><div class="para">
The configuration files for <code class="systemitem">xinetd</code> are as follows:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="filename">/etc/xinetd.conf</code> — The global <code class="systemitem">xinetd</code> configuration file.
Index: sect-Security_Guide-TCP_Wrappers_and_xinetd.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-TCP_Wrappers_and_xinetd.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-TCP_Wrappers_and_xinetd.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-TCP_Wrappers_and_xinetd.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5. TCP Wrappers and xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">2.5. TCP Wrappers and xinetd</h2></div></div></div><a id="d0e7176" class="indexterm"/><a id="d0e7181" class="indexterm"/><a id="d0e7187" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5. TCP Wrappers and xinetd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html" title="2.4.8.2. Useful PAM Websites"/><link rel="next" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html" title="2.5.2. TCP Wrappers Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_PAM_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-TCP_Wrappers_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-TCP_Wrappers_and_xinetd">2.5. TCP Wrappers and xinetd</h2></div></div></div><a id="d0e7176" class="indexterm"/><a id="d0e7181" class="indexterm"/><a id="d0e7187" class="indexterm"/><div class="para">
Controlling access to network services is one of the most important security tasks facing a server administrator. Fedora provides several tools for this purpose. For example, an <code class="command">iptables</code>-based firewall filters out unwelcome network packets within the kernel's network stack. For network services that utilize it, <em class="firstterm">TCP Wrappers</em> add an additional layer of protection by defining which hosts are or are not allowed to connect to "<span class="emphasis"><em>wrapped</em></span>" network services. One such wrapped network service is the <code class="systemitem">xinetd</code> <span class="emphasis"><em>super server</em></span>. This service is called a super server because it controls connections to a subset of network services and further refines access control.
</div><div class="para">
<a class="xref" href="sect-Security_Guide-TCP_Wrappers_and_xinetd.html#figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services" title="Figure 2.9. Access Control to Network Services">Figure 2.9, “Access Control to Network Services”</a> is a basic illustration of how these tools work together to protect network services.
@@ -29,7 +29,7 @@
</div><div class="para">
The following example indicates that <code class="systemitem">/usr/sbin/sshd</code> is linked to <code class="filename">libwrap.a</code>:
</div><pre class="screen">[root@myserver ~]# ldd /usr/sbin/sshd | grep libwrap
- libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00655000)
+ libwrap.so.0 => /lib/libwrap.so.0 (0x00655000)
[root@myserver ~]#
</pre></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-TCP_Wrappers-Advantages_of_TCP_Wrappers">2.5.1.1. Advantages of TCP Wrappers</h4></div></div></div><a id="d0e7341" class="indexterm"/><div class="para">
TCP Wrappers provide the following advantages over other network service control techniques:
Index: sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.3. Inattentive Administration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fed
oraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive Administration</h4></div></div></div><a id="d0e1157" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.3. Inattentive Administration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html" title="1.3.3.2. Unpatched Services"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html" title="1.3.3.4. Inherently Insecure Services"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fed
oraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration">1.3.3.3. Inattentive Administration</h4></div></div></div><a id="d0e1157" class="indexterm"/><div class="para">
Administrators who fail to patch their systems are one of the greatest threats to server security. According to the <em class="firstterm">SysAdmin, Audit, Network, Security Institute</em> (<em class="firstterm">SANS</em>), the primary cause of computer security vulnerability is to "assign untrained people to maintain security and provide neither the training nor the time to make it possible to do the job."<sup>[<a id="d0e1172" href="#ftn.d0e1172" class="footnote">10</a>]</sup> This applies as much to inexperienced administrators as it does to overconfident or amotivated administrators.
</div><div class="para">
Some administrators fail to patch their servers and workstations, while others fail to watch log messages from the system kernel or network traffic. Another common error is when default passwords or keys to services are left unchanged. For example, some databases have default administration passwords because the database developers assume that the system administrator changes these passwords immediately after installation. If a database administrator fails to change this password, even an inexperienced cracker can use a widely-known default password to gain administrative privileges to the database. These are only a few examples of how inattentive administration can lead to compromised servers.
Index: sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.4. Inherently Insecure Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently Insecure Services</h4></div></div></div><a id="d0e1181" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.4. Inherently Insecure Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/><link rel="next" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product
Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Inherently_Insecure_Services">1.3.3.4. Inherently Insecure Services</h4></div></div></div><a id="d0e1181" class="indexterm"/><div class="para">
Even the most vigilant organization can fall victim to vulnerabilities if the network services they choose are inherently insecure. For instance, there are many services developed under the assumption that they are used over trusted networks; however, this assumption fails as soon as the service becomes available over the Internet — which is itself inherently untrusted.
</div><div class="para">
One category of insecure network services are those that require unencrypted usernames and passwords for authentication. Telnet and FTP are two such services. If packet sniffing software is monitoring traffic between the remote user and such a service usernames and passwords can be easily intercepted.
Index: sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.2. Unpatched Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://doc
s.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.3.3.2. Unpatched Services</h4></div></div></div><a id="d0e1133" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.3.2. Unpatched Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html" title="1.3.3. Threats to Server Security"/><link rel="next" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html" title="1.3.3.3. Inattentive Administration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://doc
s.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Server_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Threats_to_Server_Security-Inattentive_Administration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Server_Security-Unpatched_Services">1.3.3.2. Unpatched Services</h4></div></div></div><a id="d0e1133" class="indexterm"/><div class="para">
Most server applications that are included in a default installation are solid, thoroughly tested pieces of software. Having been in use in production environments for many years, their code has been thoroughly refined and many of the bugs have been found and fixed.
</div><div class="para">
However, there is no such thing as perfect software and there is always room for further refinement. Moreover, newer software is often not as rigorously tested as one might expect, because of its recent arrival to production environments or because it may not be as popular as other server software.
Index: sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4.2. Vulnerable Client Applications</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="P
roduct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.3.4.2. Vulnerable Client Applications</h4></div></div></div><a id="d0e1226" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.3.4.2. Vulnerable Client Applications</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="prev" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html" title="1.3.4. Threats to Workstation and Home PC Security"/><link rel="next" href="sect-Security_Guide-Common_Exploits_and_Attacks.html" title="1.4. Common Exploits and Attacks"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="P
roduct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Attackers_and_Vulnerabilities-Threats_to_Workstation_and_Home_PC_Security.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Common_Exploits_and_Attacks.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Threats_to_Workstation_and_Home_PC_Security-Vulnerable_Client_Applications">1.3.4.2. Vulnerable Client Applications</h4></div></div></div><a id="d0e1226" class="indexterm"/><div class="para">
Although an administrator may have a fully secure and patched server, that does not mean remote users are secure when accessing it. For instance, if the server offers Telnet or FTP services over a public network, an attacker can capture the plain text usernames and passwords as they pass over the network, and then use the account information to access the remote user's workstation.
</div><div class="para">
Even when using secure protocols, such as SSH, a remote user may be vulnerable to certain attacks if they do not keep their client applications updated. For instance, v.1 SSH clients are vulnerable to an X-forwarding attack from malicious SSH servers. Once connected to the server, the attacker can quietly capture any keystrokes and mouse clicks made by the client over the network. This problem was fixed in the v.2 SSH protocol, but it is up to the user to keep track of what applications have such vulnerabilities and update them as necessary.
Index: sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.2. Basic Firewall Policies</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">2.8.3.2. Basic Firewall Policies</h4></div></div></div><a id="d0e13318" class="indexterm"/><a id="d0e13323" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.2. Basic Firewall Policies</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="next" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html" title="2.8.3.3. Saving and Restoring IPTables Rules"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Firewalls-Using_IPTables.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies">2.8.3.2. Basic Firewall Policies</h4></div></div></div><a id="d0e13318" class="indexterm"/><a id="d0e13323" class="indexterm"/><div class="para">
Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules.
</div><div class="para">
Each <code class="command">iptables</code> chain is comprised of a default policy, and zero or more rules which work in concert with the default policy to define the overall ruleset for the firewall.
Index: sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.3. Saving and Restoring IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/><link rel="next" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.pn
g" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">2.8.3.3. Saving and Restoring IPTables Rules</h4></div></div></div><a id="d0e13354" class="indexterm"/><a id="d0e13360" class="indexterm"/><a id="d0e13368" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.8.3.3. Saving and Restoring IPTables Rules</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Firewalls-Using_IPTables.html" title="2.8.3. Using IPTables"/><link rel="prev" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html" title="2.8.3.2. Basic Firewall Policies"/><link rel="next" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html" title="2.8.4. Common IPTables Filtering"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.pn
g" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Using_IPTables-Basic_Firewall_Policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls-Common_IPTables_Filtering.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Using_IPTables-Saving_and_Restoring_IPTables_Rules">2.8.3.3. Saving and Restoring IPTables Rules</h4></div></div></div><a id="d0e13354" class="indexterm"/><a id="d0e13360" class="indexterm"/><a id="d0e13368" class="indexterm"/><div class="para">
Changes to <code class="command">iptables</code> are transitory; if the system is rebooted or if the <code class="command">iptables</code> service is restarted, the rules are automatically flushed and reset. To save the rules so that they are loaded when the <code class="command">iptables</code> service is started, use the following command:
</div><pre class="screen">[root@myServer ~ ] # service iptables save
</pre><div class="para">
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.4. Creating an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.7.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.4. Creating an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt
="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection">2.7.4. Creating an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
An <abbr class="abbrev">IPsec</abbr> connection is split into two logical phases. In phase 1, an <abbr class="abbrev">IPsec</abbr> node initializes the connection with the remote node or network. The remote node or network checks the requesting node's credentials and both parties negotiate the authentication method for the connection.
</div><div class="para">
On Fedora systems, an <abbr class="abbrev">IPsec</abbr> connection uses the <em class="firstterm">pre-shared key</em> method of <abbr class="abbrev">IPsec</abbr> node authentication. In a pre-shared key <abbr class="abbrev">IPsec</abbr> connection, both hosts must use the same key in order to move to Phase 2 of the <abbr class="abbrev">IPsec</abbr> connection.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.3. IPsec</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.7.3. IPsec</h3></div></div></div><a id="d0e11080" class="indexterm"/><a id="d0e11085" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.3. IPsec</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image
_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">2.7.3. IPsec</h3></div></div></div><a id="d0e11080" class="indexterm"/><a id="d0e11085" class="indexterm"/><div class="para">
Fedora supports <abbr class="abbrev">IPsec</abbr> for connecting remote hosts and networks to each other using a secure tunnel on a common carrier network such as the Internet. <abbr class="abbrev">IPsec</abbr> can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one <acronym class="acronym">LAN</acronym>/<acronym class="acronym">WAN</acronym> to another) configuration.
</div><div class="para">
The <abbr class="abbrev">IPsec</abbr> implementation in Fedora uses <em class="firstterm">Internet Key Exchange</em> (<em class="firstterm">IKE</em>), a protocol implemented by the Internet Engineering Task Force (<acronym class="acronym">IETF</acronym>), used for mutual authentication and secure associations between connecting systems.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6. IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/><link rel="next" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http:/
/docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.7.6. IPsec Host-to-Host Configuration</h3></div></div></div><a id="d0e11280" class="indexterm"/><a id="d0e11287" class="indexterm"/><a id="d0e11294" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.6. IPsec Host-to-Host Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html" title="2.7.5. IPsec Installation"/><link rel="next" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http:/
/docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">2.7.6. IPsec Host-to-Host Configuration</h3></div></div></div><a id="d0e11280" class="indexterm"/><a id="d0e11287" class="indexterm"/><a id="d0e11294" class="indexterm"/><div class="para">
IPsec can be configured to connect one desktop or workstation (host) to another using a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between each host. The requirements of a host-to-host connection are minimal, as is the configuration of <abbr class="abbrev">IPsec</abbr> on each host. The hosts need only a dedicated connection to a carrier network (such as the Internet) and Fedora to create the <abbr class="abbrev">IPsec</abbr> connection.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">2.7.6.1. Host-to-Host Connection</h4></div></div></div><a id="d0e11310" class="indexterm"/><a id="d0e11315" class="indexterm"/><div class="para">
A host-to-host <abbr class="abbrev">IPsec</abbr> connection is an encrypted connection between two systems, both running <abbr class="abbrev">IPsec</abbr> with the same authentication key. With the <abbr class="abbrev">IPsec</abbr> connection active, any network traffic between the two hosts is encrypted.
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,12 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.5. IPsec Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedorap
roject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.7.5. IPsec Installation</h3></div></div></div><a id="d0e11186" class="indexterm"/><a id="d0e11193" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.5. IPsec Installation</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html" title="2.7.4. Creating an IPsec Connection"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html" title="2.7.6. IPsec Host-to-Host Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedorap
roject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-Creating_an_IPsec_Connection.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Installation">2.7.5. IPsec Installation</h3></div></div></div><a id="d0e11186" class="indexterm"/><a id="d0e11193" class="indexterm"/><div class="para">
Implementing <abbr class="abbrev">IPsec</abbr> requires that the <code class="filename">ipsec-tools</code> RPM package be installed on all <abbr class="abbrev">IPsec</abbr> hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files for setting up the <abbr class="abbrev">IPsec</abbr> connection, including:
</div><div class="itemizedlist"><ul><li><div class="para">
<code class="command">/sbin/setkey</code> — manipulates the key management and security attributes of <abbr class="abbrev">IPsec</abbr> in the kernel. This executable is controlled by the <code class="command">racoon</code> key management daemon. Refer to the <code class="command">setkey</code>(8) man page for more information.
</div></li><li><div class="para">
- <code class="command">/sbin/racoon</code> — the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
+ <code class="command">/usr/sbin/racoon</code> — the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
</div></li><li><div class="para">
<code class="filename">/etc/racoon/racoon.conf</code> — the <code class="command">racoon</code> daemon configuration file used to configure various aspects of the <abbr class="abbrev">IPsec</abbr> connection, including authentication methods and encryption algorithms used in the connection. Refer to the <code class="filename">racoon.conf</code>(5) man page for a complete listing of available directives.
</div></li></ul></div><div class="para">
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7. IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/image
s/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.7.7. IPsec Network-to-Network Configuration</h3></div></div></div><a id="d0e11927" class="indexterm"/><a id="d0e11934" class="indexterm"/><a id="d0e11939" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.7. IPsec Network-to-Network Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html" title="2.7.6.2. Manual IPsec Host-to-Host Configuration"/><link rel="next" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/image
s/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Manual_IPsec_Host_to_Host_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration">2.7.7. IPsec Network-to-Network Configuration</h3></div></div></div><a id="d0e11927" class="indexterm"/><a id="d0e11934" class="indexterm"/><a id="d0e11939" class="indexterm"/><div class="para">
IPsec can also be configured to connect an entire network (such as a <acronym class="acronym">LAN</acronym> or <acronym class="acronym">WAN</acronym>) to a remote network using a network-to-network connection. A network-to-network connection requires the setup of <abbr class="abbrev">IPsec</abbr> routers on each side of the connecting networks to transparently process and route information from one node on a <acronym class="acronym">LAN</acronym> to a node on a remote <acronym class="acronym">LAN</acronym>. <a class="xref" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Network_to_Network_Configuration.html#figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection" title="Figure 2.11. A network-to-network IPsec tunneled connection">Figure 2.11, “A network-to-network IPsec tunneled connection”</a> shows a network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection.
</div><div class="figure" id="figu-Security_Guide-IPsec_Network_to_Network_Configuration-A_network_to_network_IPsec_tunneled_connection"><div class="figure-contents"><div class="mediaobject"><img src="images/n-t-n-ipsec-diagram.png" alt="A network-to-network IPsec tunneled connection"/><div class="longdesc"><div class="para">
A network-to-network <abbr class="abbrev">IPsec</abbr> tunneled connection
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.8. Starting and Stopping an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org
"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.7.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.8. Starting and Stopping an IPsec Connection</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html" title="2.7.7.2. Manual IPsec Network-to-Network Configuration"/><link rel="next" href="sect-Security_Guide-Firewalls.html" title="2.8. Firewalls"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org
"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-IPsec_Network_to_Network_Configuration-Manual_IPsec_Network_to_Network_Configuration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Firewalls.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-Starting_and_Stopping_an_IPsec_Connection">2.7.8. Starting and Stopping an <abbr class="abbrev">IPsec</abbr> Connection</h3></div></div></div><div class="para">
If the <abbr class="abbrev">IPsec</abbr> connection was not configured to activate on boot, you can control it from the command line.
</div><div class="para">
To start the connection, use the following command on each host for host-to-host IPsec, or each <abbr class="abbrev">IPsec</abbr> router for network-to-network IPsec:
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.2. VPNs and Fedora</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.7.2. VPNs and Fedora</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7.2. VPNs and Fedora</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="prev" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html" title="2.7. Virtual Private Networks (VPNs)"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html" title="2.7.3. IPsec"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"
/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">2.7.2. VPNs and Fedora</h3></div></div></div><div class="para">
Fedora provides various options in terms of implementing a software solution to securely connect to a <acronym class="acronym">WAN</acronym>. <em class="firstterm">Internet Protocol Security</em> (<acronym class="acronym">IPsec</acronym>) is the supported <abbr class="abbrev">VPN</abbr> implementation for Fedora, and sufficiently addresses the usability needs of organizations with branch offices or remote users.
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Virtual_Private_Networks_VPNs.html"><strong>Prev</strong>2.7. Virtual Private Networks (VPNs)</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec.html"><strong>Next</strong>2.7.3. IPsec</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security_Guide-Virtual_Private_Networks_VPNs.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Virtual_Private_Networks_VPNs.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Virtual_Private_Networks_VPNs.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Virtual_Private_Networks_VPNs.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7. Virtual Private Networks (VPNs)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">2.7. Virtual Private Networks (VPNs)</h2></div></div></div><a id="d0e10961" class="indexterm"/><a id="d0e10964" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.7. Virtual Private Networks (VPNs)</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Securing_Your_Network.html" title="Chapter 2. Securing Your Network"/><link rel="prev" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html" title="2.6.10.2. Useful Kerberos Websites"/><link rel="next" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html" title="2.7.2. VPNs and Fedora"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Additional_Resources-Useful_Kerberos_Websites.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Virtual_Private_Networks_VPNs">2.7. Virtual Private Networks (VPNs)</h2></div></div></div><a id="d0e10961" class="indexterm"/><a id="d0e10964" class="indexterm"/><div class="para">
Organizations with several satellite offices often connect to each other with dedicated lines for efficiency and protection of sensitive data in transit. For example, many businesses use frame relay or <em class="firstterm">Asynchronous Transfer Mode</em> (<acronym class="acronym">ATM</acronym>) lines as an end-to-end networking solution to link one office with others. This can be an expensive proposition, especially for small to medium sized businesses (<acronym class="acronym">SMB</acronym>s) that want to expand without paying the high costs associated with enterprise-level, dedicated digital circuits.
</div><div class="para">
To address this need, <em class="firstterm">Virtual Private Networks</em> (<abbr class="abbrev">VPN</abbr>s) were developed. Following the same functional principles as dedicated circuits, <abbr class="abbrev">VPN</abbr>s allow for secured digital communication between two parties (or networks), creating a <em class="firstterm">Wide Area Network</em> (<acronym class="acronym">WAN</acronym>) from existing <em class="firstterm">Local Area Networks</em> (<acronym class="acronym">LAN</acronym>s). Where it differs from frame relay or ATM is in its transport medium. <abbr class="abbrev">VPN</abbr>s transmit over IP using datagrams as the transport layer, making it a secure conduit through the Internet to an intended destination. Most free software <abbr class="abbrev">VPN</abbr> implementations incorporate open standard encryption methods to further mask data in transit.
Index: sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.2. Defining Assessment and Testing</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</h3></div></div></div><a id="d0e720" class="indexterm"/><a id="d0e727" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.2. Defining Assessment and Testing</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html" title="1.2.3. Evaluating the Tools"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing">1.2.2. Defining Assessment and Testing</h3></div></div></div><a id="d0e720" class="indexterm"/><a id="d0e727" class="indexterm"/><div class="para">
Vulnerability assessments may be broken down into one of two types: <em class="firstterm">Outside looking in</em> and <em class="firstterm">inside looking around</em>.
</div><div class="para">
When performing an outside looking in vulnerability assessment, you are attempting to compromise your systems from the outside. Being external to your company provides you with the cracker's viewpoint. You see what a cracker sees — publicly-routable IP addresses, systems on your <em class="firstterm">DMZ</em>, external interfaces of your firewall, and more. DMZ stands for "demilitarized zone", which corresponds to a computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
Index: sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3. Evaluating the Tools</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.2.3. Evaluating the Tools</h3></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2.3. Evaluating the Tools</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Vulnerability_Assessment.html" title="1.2. Vulnerability Assessment"/><link rel="prev" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/><link rel="next" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html" title="1.2.3.2. Nessus"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Evaluating_the_Tools-Nessus.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security_Guide-Vulnerability_Assessment-Evaluating_the_Tools">1.2.3. Evaluating the Tools</h3></div></div></div><div class="para">
An assessment can start by using some form of an information gathering tool. When assessing the entire network, map the layout first to find the hosts that are running. Once located, examine each host individually. Focusing on these hosts requires another set of tools. Knowing which tools to use may be the most crucial step in finding vulnerabilities.
</div><div class="para">
Just as in any aspect of everyday life, there are many different tools that perform the same job. This concept applies to performing vulnerability assessments as well. There are tools specific to operating systems, applications, and even networks (based on the protocols used). Some tools are free; others are not. Some tools are intuitive and easy to use, while others are cryptic and poorly documented but have features that other tools do not.
Index: sect-Security_Guide-Vulnerability_Assessment.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-Vulnerability_Assessment.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-Vulnerability_Assessment.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-Vulnerability_Assessment.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2. Vulnerability Assessment</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Doc
umentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</h2></div></div></div><a id="d0e683" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>1.2. Vulnerability Assessment</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="prev" href="chap-Security_Guide-Security_Overview.html" title="Chapter 1. Security Overview"/><link rel="next" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html" title="1.2.2. Defining Assessment and Testing"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Doc
umentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security_Guide-Security_Overview.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Vulnerability_Assessment-Defining_Assessment_and_Testing.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security_Guide-Vulnerability_Assessment">1.2. Vulnerability Assessment</h2></div></div></div><a id="d0e683" class="indexterm"/><div class="para">
Given time, resources, and motivation, a cracker can break into nearly any system. At the end of the day, all of the security procedures and technologies currently available cannot guarantee that any systems are safe from intrusion. Routers help secure gateways to the Internet. Firewalls help secure the edge of the network. Virtual Private Networks safely pass data in an encrypted stream. Intrusion detection systems warn you of malicious activity. However, the success of each of these technologies is dependent upon a number of variables, including:
</div><div class="itemizedlist"><ul><li><div class="para">
The expertise of the staff responsible for configuring, monitoring, and maintaining the technologies.
Index: sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3. Altering xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">2.5.4.3. Altering xinetd Configuration Files</h4></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.3. Altering xinetd Configuration Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html" title="2.5.4.2. The /etc/xinetd.d/ Directory"/><link rel="next" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html" title="2.5.4.3.2. Access Control Options"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Altering_xinetd_Configuration_Files-Access_Control_Options.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files">2.5.4.3. Altering xinetd Configuration Files</h4></div></div></div><div class="para">
A range of directives is available for services protected by <code class="systemitem">xinetd</code>. This section highlights some of the more commonly used options.
</div><div class="section" lang="en-US"><div class="titlepage"><div><div><h5 class="title" id="sect-Security_Guide-Altering_xinetd_Configuration_Files-Logging_Options">2.5.4.3.1. Logging Options</h5></div></div></div><a id="d0e8590" class="indexterm"/><div class="para">
The following logging options are available for both <code class="filename">/etc/xinetd.conf</code> and the service-specific configuration files within the <code class="filename">/etc/xinetd.d/</code> directory.
Index: sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/security-guide/f10/en_US/sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html 21 Jan 2009 20:19:02 -0000 1.5
+++ sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory.html 27 Jan 2009 13:50:52 -0000 1.6
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.2. The /etc/xinetd.d/ Directory</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-8"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">2.5.4.2. The /etc/xinetd.d/ Directory</h4></div></div></div><a id="d0e8429" class="indexterm"/><a id="d0e8439" class="indexterm"/><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.5.4.2. The /etc/xinetd.d/ Directory</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-9"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="prev" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html" title="2.5.4. xinetd Configuration Files"/><link rel="next" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html" title="2.5.4.3. Altering xinetd Configuration Files"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-TCP_Wrappers_and_xinetd-xinetd_Configuration_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-xinetd_Configuration_Files-Altering_xinetd_Configuration_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-xinetd_Configuration_Files-The_etcxinetd.d_Directory">2.5.4.2. The /etc/xinetd.d/ Directory</h4></div></div></div><a id="d0e8429" class="indexterm"/><a id="d0e8439" class="indexterm"/><div class="para">
The <code class="filename">/etc/xinetd.d/</code> directory contains the configuration files for each service managed by <code class="systemitem">xinetd</code> and the names of the files correlate to the service. As with <code class="filename">xinetd.conf</code>, this directory is read only when the <code class="systemitem">xinetd</code> service is started. For any changes to take effect, the administrator must restart the <code class="systemitem">xinetd</code> service.
</div><div class="para">
The format of files in the <code class="filename">/etc/xinetd.d/</code> directory use the same conventions as <code class="filename">/etc/xinetd.conf</code>. The primary reason the configuration for each service is stored in a separate file is to make customization easier and less likely to affect other services.
15 years, 1 month
po/es.po
by Transifex System User
po/es.po | 7001 +++++++++++----------------------------------------------------
1 file changed, 1272 insertions(+), 5729 deletions(-)
New commits:
commit 6d2286573dc186c72e81fb06d9ddfaa64b754b7d
Author: Domingo Becker <domingobecker(a)gmail.com>
Date: Tue Jan 27 12:15:04 2009 +0000
updated Spanish translation
Transmitted-via: Transifex (translate.fedoraproject.org)
diff --git a/po/es.po b/po/es.po
index f2321b4..5b0becf 100644
--- a/po/es.po
+++ b/po/es.po
@@ -4,7 +4,7 @@ msgid ""
msgstr ""
"Project-Id-Version: release-notes.HEAD.es\n"
"POT-Creation-Date: 2008-11-15 19:11-0500\n"
-"PO-Revision-Date: 2008-11-11 21:03-0500\n"
+"PO-Revision-Date: 2009-01-27 10:11-0300\n"
"Last-Translator: Domingo Becker <domingobecker(a)gmail.com>\n"
"Language-Team: Spanish <fedora-trans-es(a)redhat.com>\n"
"MIME-Version: 1.0\n"
@@ -23,11 +23,13 @@ msgstr "OPL"
msgid "1.0"
msgstr "1.0"
-#: en_US/rpm-info.xml:20(year) en_US/Article_Info.xml:20(year)
+#: en_US/rpm-info.xml:20(year)
+#: en_US/Article_Info.xml:20(year)
msgid "2007, 2008"
msgstr "2007, 2008"
-#: en_US/rpm-info.xml:22(holder) en_US/Article_Info.xml:21(holder)
+#: en_US/rpm-info.xml:22(holder)
+#: en_US/Article_Info.xml:21(holder)
msgid "Red Hat, Inc. and others"
msgstr "Red Hat, Inc. y otros"
@@ -35,7 +37,8 @@ msgstr "Red Hat, Inc. y otros"
msgid "Fedora Release Notes"
msgstr "Notas del Lanzamiento de Fedora"
-#: en_US/rpm-info.xml:25(desc) en_US/Article_Info.xml:18(para)
+#: en_US/rpm-info.xml:25(desc)
+#: en_US/Article_Info.xml:18(para)
msgid "Important information about this release of Fedora"
msgstr "Información importante acerca de este lanzamiento de Fedora"
@@ -48,12 +51,8 @@ msgid "X Window system - graphics"
msgstr "Sistema de Ventanas X (Gráficos)"
#: en_US/X_Window_system_-_graphics.xml:6(para)
-msgid ""
-"This section contains information related to the X Window System "
-"implementation, X.Org, provided with Fedora."
-msgstr ""
-"Esta sección contiene información relacionada con la implementación del "
-"Sistema de Ventanas X, X.Org, provista en Fedora."
+msgid "This section contains information related to the X Window System implementation, X.Org, provided with Fedora."
+msgstr "Esta sección contiene información relacionada con la implementación del Sistema de Ventanas X, X.Org, provista en Fedora."
#: en_US/X_Window_system_-_graphics.xml:9(title)
msgid "X Configuration Changes"
@@ -65,29 +64,16 @@ msgid "evdev"
msgstr "evdev"
#: en_US/X_Window_system_-_graphics.xml:10(para)
-msgid ""
-"Fedora 10 uses the <placeholder-1/> input driver as standard mouse and "
-"keyboard driver for the X server. This driver works with HAL to provide a "
-"persistent per-device configuration that allows devices to be added or "
-"removed at runtime."
-msgstr ""
-"Fedora 10 usa el controlador de entrada <placeholder-1/> como el ratón "
-"estándar y el controlador de teclado para el servidor X. Este controlador "
-"funciona con HAL para proveer una configuración por dispositivo que permite "
-"que se agreguen y se eliminen los dispositivos en tiempo de ejecución."
+msgid "Fedora 10 uses the <placeholder-1/> input driver as standard mouse and keyboard driver for the X server. This driver works with HAL to provide a persistent per-device configuration that allows devices to be added or removed at runtime."
+msgstr "Fedora 10 usa el controlador de entrada <placeholder-1/> como el ratón estándar y el controlador de teclado para el servidor X. Este controlador funciona con HAL para proveer una configuración por dispositivo que permite que se agreguen y se eliminen los dispositivos en tiempo de ejecución."
#: en_US/X_Window_system_-_graphics.xml:17(title)
msgid "Third-party Video Drivers"
msgstr "Controladores de Video de Terceros"
#: en_US/X_Window_system_-_graphics.xml:18(para)
-msgid ""
-"Refer to the Xorg third-party drivers page for detailed guidelines on using "
-"third-party video drivers."
-msgstr ""
-"Vaya a <ulink url=\"http://fedoraproject.org/wiki/Xorg/3rdPartyVideoDrivers"
-"\">Controladores de Terceros de Xorg</ulink> para lineamientos detallados "
-"sobre cómo usar controladores de terceros."
+msgid "Refer to the Xorg third-party drivers page for detailed guidelines on using third-party video drivers."
+msgstr "Vaya a <ulink url=\"http://fedoraproject.org/wiki/Xorg/3rdPartyVideoDrivers\">Controladores de Terceros de Xorg</ulink> para lineamientos detallados sobre cómo usar controladores de terceros."
#: en_US/X_Window_system_-_graphics.xml:22(ulink)
msgid "http://fedoraproject.org/wiki/Xorg/3rdPartyVideoDrivers"
@@ -98,26 +84,16 @@ msgid "Resources"
msgstr "Recursos"
#: en_US/X_Window_system_-_graphics.xml:27(para)
-msgid ""
-"<ulink url=\"http://who-t.blogspot.com/2008/07/input-configuration-in-"
-"nutshell.html\">http://who-t.blogspot.com/2008/07/input-configuration-in-"
-"nutshell.html</ulink> -- Evdev configuration."
-msgstr ""
-"<ulink url=\"http://who-t.blogspot.com/2008/07/input-configuration-in-"
-"nutshell.html\">http://who-t.blogspot.com/2008/07/input-configuration-in-"
-"nutshell.html</ulink> -- Configuración de evdev."
+msgid "<ulink url=\"http://who-t.blogspot.com/2008/07/input-configuration-in-nutshell.html\">http://who-t.blogspot.com/2008/07/input-configuration-in-nutshell.html</ulink> -- Evdev configuration."
+msgstr "<ulink url=\"http://who-t.blogspot.com/2008/07/input-configuration-in-nutshell.html\">http://who-t.blogspot.com/2008/07/input-configuration-in-nutshell.html</ulink> -- Configuración de evdev."
#: en_US/x86_specifics_for_Fedora.xml:6(title)
msgid "x86 specifics for Fedora"
msgstr "Fedora en x86"
#: en_US/x86_specifics_for_Fedora.xml:7(para)
-msgid ""
-"This section covers specific information about Fedora and the x86 hardware "
-"platform."
-msgstr ""
-"Esta sección cubre la información específica que pudiera necesitar saber "
-"acerca de Fedora en la plataforma de hardware x86."
+msgid "This section covers specific information about Fedora and the x86 hardware platform."
+msgstr "Esta sección cubre la información específica que pudiera necesitar saber acerca de Fedora en la plataforma de hardware x86."
#: en_US/x86_specifics_for_Fedora.xml:10(title)
msgid "Hardware requirements for x86"
@@ -125,14 +101,8 @@ msgstr "Requerimientos de Hardware para x86"
#: en_US/x86_specifics_for_Fedora.xml:11(para)
#: en_US/x86_64_specifics_for_Fedora.xml:11(para)
-msgid ""
-"In order to use specific features of Fedora 10 during or after installation, "
-"you may need to know details of other hardware components such as video and "
-"network cards."
-msgstr ""
-"Para usar las características específicas de Fedora 9 durante o después de "
-"la instalación, necesitará conocer detalles de otros componentes de hardware "
-"tales como la placa de video y las placas de red."
+msgid "In order to use specific features of Fedora 10 during or after installation, you may need to know details of other hardware components such as video and network cards."
+msgstr "Para usar las características específicas de Fedora 9 durante o después de la instalación, necesitará conocer detalles de otros componentes de hardware tales como la placa de video y las placas de red."
#: en_US/x86_specifics_for_Fedora.xml:15(title)
#: en_US/PPC_specifics_for_Fedora.xml:11(title)
@@ -140,24 +110,12 @@ msgid "Processor and memory"
msgstr "Procesador y Memoria"
#: en_US/x86_specifics_for_Fedora.xml:16(para)
-msgid ""
-"The following CPU specifications are stated in terms of Intel processors. "
-"Other processors, such as those from AMD, Cyrix, and VIA that are compatible "
-"with and equivalent to the following Intel processors, may also be used with "
-"Fedora."
-msgstr ""
-"Las siguientes especificaciones de CPU se pusieron en términos de "
-"procesadores Intel. Los demás procesadores, tales como los de AMD, Cyrix y "
-"VIA, que son compatibles y equivalentes a los procesadores de Intel, también "
-"se pueden usar con Fedora."
+msgid "The following CPU specifications are stated in terms of Intel processors. Other processors, such as those from AMD, Cyrix, and VIA that are compatible with and equivalent to the following Intel processors, may also be used with Fedora."
+msgstr "Las siguientes especificaciones de CPU se pusieron en términos de procesadores Intel. Los demás procesadores, tales como los de AMD, Cyrix y VIA, que son compatibles y equivalentes a los procesadores de Intel, también se pueden usar con Fedora."
#: en_US/x86_specifics_for_Fedora.xml:20(para)
-msgid ""
-"Fedora 10 requires an Intel Pentium or better processor, and is optimized "
-"for Pentium 4 and later processors."
-msgstr ""
-"Fedora 9 requiere un procesador Pentium de Intel o uno mejor, y está "
-"optimizado para usar procesadores Pentium 4 y posteriores."
+msgid "Fedora 10 requires an Intel Pentium or better processor, and is optimized for Pentium 4 and later processors."
+msgstr "Fedora 9 requiere un procesador Pentium de Intel o uno mejor, y está optimizado para usar procesadores Pentium 4 y posteriores."
#: en_US/x86_specifics_for_Fedora.xml:24(para)
msgid "Recommended for text-mode: 200 MHz Pentium-class or better"
@@ -186,55 +144,26 @@ msgstr "Espacio en Disco Rígido"
#: en_US/x86_specifics_for_Fedora.xml:40(para)
#: en_US/x86_64_specifics_for_Fedora.xml:28(para)
-msgid ""
-"All of the packages from a DVD install can occupy over 9 GB of disk space. "
-"The final install size is determined by the installing spin and the packages "
-"selected during installation. Additional disk space is required during "
-"installation to support the installation environment. The additional disk "
-"space corresponds to the size of <filename>/Fedora/base/stage2.img</"
-"filename> plus the size of the files in <filename>/var/lib/rpm</filename> on "
-"the installed system."
-msgstr ""
-"Todos los paquetes pueden ocupar hasta 9 GB de espacio en disco. El tamaño "
-"final está determinado por el medio de instalación y los paquetes que se "
-"hayan seleccionado. Se requerirá espacio de disco adicional para dar soporte "
-"al entorno de instalación. Éste espacio adicional corresponde al tamaño de "
-"<filename>/Fedora/base/stage2.img</filename> (en el Disco 1 de Instalación) "
-"más el tamaño de los archivos en <filename class=\"directory\">/var/lib/rpm</"
-"filename> en el sistema instalado."
+msgid "All of the packages from a DVD install can occupy over 9 GB of disk space. The final install size is determined by the installing spin and the packages selected during installation. Additional disk space is required during installation to support the installation environment. The additional disk space corresponds to the size of <filename>/Fedora/base/stage2.img</filename> plus the size of the files in <filename>/var/lib/rpm</filename> on the installed system."
+msgstr "Todos los paquetes pueden ocupar hasta 9 GB de espacio en disco. El tamaño final está determinado por el medio de instalación y los paquetes que se hayan seleccionado. Se requerirá espacio de disco adicional para dar soporte al entorno de instalación. Éste espacio adicional corresponde al tamaño de <filename>/Fedora/base/stage2.img</filename> (en el Disco 1 de Instalación) más el tamaño de los archivos en <filename class=\"directory\">/var/lib/rpm</filename> en el sistema instalado."
#: en_US/x86_specifics_for_Fedora.xml:48(para)
#: en_US/x86_64_specifics_for_Fedora.xml:35(para)
-msgid ""
-"In practical terms the additional space requirements may range from as "
-"little as 90 MiB for a minimal installation to as much as an additional 175 "
-"MiB for a larger installation."
-msgstr ""
-"En términos prácticos, los requerimientos de espacio adicional puede ir "
-"desde 90MB para una instalación mínima hasta 175MB para una instalación más "
-"grande."
+msgid "In practical terms the additional space requirements may range from as little as 90 MiB for a minimal installation to as much as an additional 175 MiB for a larger installation."
+msgstr "En términos prácticos, los requerimientos de espacio adicional puede ir desde 90MB para una instalación mínima hasta 175MB para una instalación más grande."
#: en_US/x86_specifics_for_Fedora.xml:51(para)
#: en_US/x86_64_specifics_for_Fedora.xml:38(para)
-msgid ""
-"Additional space is also required for any user data and at least 5% free "
-"space should be maintained for proper system operation."
-msgstr ""
-"También se necesita espacio adicional para los datos del usuario, y se debe "
-"reservar al menos un 5% de espacio libre para el funcionamiento adecuado del "
-"sistema."
+msgid "Additional space is also required for any user data and at least 5% free space should be maintained for proper system operation."
+msgstr "También se necesita espacio adicional para los datos del usuario, y se debe reservar al menos un 5% de espacio libre para el funcionamiento adecuado del sistema."
#: en_US/x86_64_specifics_for_Fedora.xml:6(title)
msgid "x86_64 specifics for Fedora"
msgstr "Fedora en x86_64"
#: en_US/x86_64_specifics_for_Fedora.xml:7(para)
-msgid ""
-"This section covers specific information about Fedora and the x86_64 "
-"hardware platform."
-msgstr ""
-"Esta sección cubre cualquier información específica que pudiera necesitar "
-"conocer acerca de Fedora y la plataforma de hardware x86_64."
+msgid "This section covers specific information about Fedora and the x86_64 hardware platform."
+msgstr "Esta sección cubre cualquier información específica que pudiera necesitar conocer acerca de Fedora y la plataforma de hardware x86_64."
#: en_US/x86_64_specifics_for_Fedora.xml:10(title)
msgid "Hardware requirements for x86_64"
@@ -281,87 +210,40 @@ msgid "Welcome to Fedora"
msgstr "Bienvenido a Fedora"
#: en_US/Welcome_to_Fedora.xml:6(para)
-msgid ""
-"Fedora is a Linux-based operating system that showcases the latest in free "
-"and open source software. Fedora is always free for anyone to use, modify, "
-"and distribute. It is built by people across the globe who work together as "
-"a community: the Fedora Project. The Fedora Project is open and anyone is "
-"welcome to join. The Fedora Project is out front for you, leading the "
-"advancement of free, open software and content."
-msgstr ""
-"Fedora es un sistema operativo basado en Linux que trae lo último en "
-"software libre y de código abierto. Fedora es siempre libre para que "
-"cualquiera lo use, modifique o distribuya. Lo construyen personas de todo el "
-"planeta que trabajan juntos como una comunidad: el Proyecto Fedora. El "
-"Proyecto Fedora es abierto y todos son bienvenidos a unirse. El Proyecto "
-"Fedora es lo más nuevo, con lo mejor en software y contenido libre y abierto."
+msgid "Fedora is a Linux-based operating system that showcases the latest in free and open source software. Fedora is always free for anyone to use, modify, and distribute. It is built by people across the globe who work together as a community: the Fedora Project. The Fedora Project is open and anyone is welcome to join. The Fedora Project is out front for you, leading the advancement of free, open software and content."
+msgstr "Fedora es un sistema operativo basado en Linux que trae lo último en software libre y de código abierto. Fedora es siempre libre para que cualquiera lo use, modifique o distribuya. Lo construyen personas de todo el planeta que trabajan juntos como una comunidad: el Proyecto Fedora. El Proyecto Fedora es abierto y todos son bienvenidos a unirse. El Proyecto Fedora es lo más nuevo, con lo mejor en software y contenido libre y abierto."
#: en_US/Welcome_to_Fedora.xml:14(title)
-msgid ""
-"Visit <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/> to view "
-"the latest release notes for Fedora, especially if you are upgrading."
-msgstr ""
-"Visite <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/> para "
-"ver las últimas notas del lanzamiento de Fedora, especialmente si está "
-"actualizando."
+msgid "Visit <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/> to view the latest release notes for Fedora, especially if you are upgrading."
+msgstr "Visite <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/> para ver las últimas notas del lanzamiento de Fedora, especialmente si está actualizando."
#: en_US/Welcome_to_Fedora.xml:18(para)
-msgid ""
-"If you are migrating from a release of Fedora older than the immediately "
-"previous one, you should refer to older Release Notes for additional "
-"information. You can find older Release Notes at <ulink url=\"http://docs."
-"fedoraproject.org/release-notes/\"/>"
-msgstr ""
-"Si está migrando desde una versión de Fedora más vieja que la inmediatamente "
-"anterior, debe leer las Notas del Lanzamiento anteriores para información "
-"adicional. Puede encontrar las Notas de la Versión anteriores en <ulink url="
-"\"http://docs.fedoraproject.org/release-notes/\"/>."
+msgid "If you are migrating from a release of Fedora older than the immediately previous one, you should refer to older Release Notes for additional information. You can find older Release Notes at <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/>"
+msgstr "Si está migrando desde una versión de Fedora más vieja que la inmediatamente anterior, debe leer las Notas del Lanzamiento anteriores para información adicional. Puede encontrar las Notas de la Versión anteriores en <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/>."
#: en_US/Welcome_to_Fedora.xml:25(para)
-msgid ""
-"You can help the Fedora Project community continue to improve Fedora if you "
-"file bug reports and enhancement requests. Refer to <ulink url=\"http://"
-"fedoraproject.org/wiki/BugsAndFeatureRequests\"/> for more information about "
-"bug and feature reporting. Thank you for your participation."
-msgstr ""
-"Ud. puede ayudar a que la comunidad del Proyecto Fedora continúe mejorando "
-"Fedora si informa errores y requerimientos de mejoras. Vaya a <ulink url="
-"\"http://fedoraproject.org/wiki/BugsAndFeatureRequests\"/> para más "
-"información acerca de los errores. Gracias por su participación."
+msgid "You can help the Fedora Project community continue to improve Fedora if you file bug reports and enhancement requests. Refer to <ulink url=\"http://fedoraproject.org/wiki/BugsAndFeatureRequests\"/> for more information about bug and feature reporting. Thank you for your participation."
+msgstr "Ud. puede ayudar a que la comunidad del Proyecto Fedora continúe mejorando Fedora si informa errores y requerimientos de mejoras. Vaya a <ulink url=\"http://fedoraproject.org/wiki/BugsAndFeatureRequests\"/> para más información acerca de los errores. Gracias por su participación."
#: en_US/Welcome_to_Fedora.xml:30(para)
-msgid ""
-"To find out more general information about Fedora, refer to the following "
-"Web pages:"
-msgstr ""
-"Para buscar más información general acerca de Fedora, vaya a las siguientes "
-"páginas web"
+msgid "To find out more general information about Fedora, refer to the following Web pages:"
+msgstr "Para buscar más información general acerca de Fedora, vaya a las siguientes páginas web"
#: en_US/Welcome_to_Fedora.xml:34(para)
-msgid ""
-"Fedora Overview - <ulink url=\"http://fedoraproject.org/wiki/Overview\"/>"
-msgstr ""
-"Repaso de Fedora - <ulink url=\"http://fedoraproject.org/wiki/Overview\"/>"
+msgid "Fedora Overview - <ulink url=\"http://fedoraproject.org/wiki/Overview\"/>"
+msgstr "Repaso de Fedora - <ulink url=\"http://fedoraproject.org/wiki/Overview\"/>"
#: en_US/Welcome_to_Fedora.xml:38(para)
msgid "Fedora FAQ - <ulink url=\"http://fedoraproject.org/wiki/FAQ\"/>"
msgstr "FAQ de Fedora - <ulink url=\"http://fedoraproject.org/wiki/FAQ\"/>"
#: en_US/Welcome_to_Fedora.xml:42(para)
-msgid ""
-"Help and Discussions - <ulink url=\"http://fedoraproject.org/wiki/Communicate"
-"\"/>"
-msgstr ""
-"Ayuda y Discusiones - <ulink url=\"http://fedoraproject.org/wiki/Communicate"
-"\"/>"
+msgid "Help and Discussions - <ulink url=\"http://fedoraproject.org/wiki/Communicate\"/>"
+msgstr "Ayuda y Discusiones - <ulink url=\"http://fedoraproject.org/wiki/Communicate\"/>"
#: en_US/Welcome_to_Fedora.xml:46(para)
-msgid ""
-"Participate in the Fedora Project - <ulink url=\"http://fedoraproject.org/"
-"wiki/Join\"/>"
-msgstr ""
-"Participa en el Proyecto Fedora - <ulink url=\"http://fedoraproject.org/wiki/"
-"Join\"/>"
+msgid "Participate in the Fedora Project - <ulink url=\"http://fedoraproject.org/wiki/Join\"/>"
+msgstr "Participa en el Proyecto Fedora - <ulink url=\"http://fedoraproject.org/wiki/Join\"/>"
#: en_US/Welcome_to_Fedora_10.xml:6(title)
msgid "Welcome to Fedora 10"
@@ -380,105 +262,52 @@ msgid "Drupal has been updated to 6.4. For details, refer to:"
msgstr "Drupal ha sido actualizado a 6.4. Para detalles, vea:"
#: en_US/Web_servers.xml:13(para)
-msgid ""
-"If your installation is updated to the 6.4 version in Fedora 9, skip the "
-"following step."
-msgstr ""
-"Si su instalación es actualizada a la versión 6.4 en Fedora 9, omita el "
-"siguiente paso."
+msgid "If your installation is updated to the 6.4 version in Fedora 9, skip the following step."
+msgstr "Si su instalación es actualizada a la versión 6.4 en Fedora 9, omita el siguiente paso."
#: en_US/Web_servers.xml:15(para)
-msgid ""
-"Before upgrading from earlier versions, remember to log in to your site as "
-"the admin user, and disable any third-party modules. After upgrading the "
-"package:"
-msgstr ""
-"Recuerde entrar a su sitio como usuario administrativo y deshabilitar "
-"cualquier módulo de tercero antes de actualizar este paquete. Luego de "
-"actualizar el paquete:"
+msgid "Before upgrading from earlier versions, remember to log in to your site as the admin user, and disable any third-party modules. After upgrading the package:"
+msgstr "Recuerde entrar a su sitio como usuario administrativo y deshabilitar cualquier módulo de tercero antes de actualizar este paquete. Luego de actualizar el paquete:"
#: en_US/Web_servers.xml:20(para)
-msgid ""
-"Copy <filename>/etc/drupal/default/settings.php.rpmsave</filename> to "
-"<filename>/etc/drupal/default/settings.php</filename>, and repeat for any "
-"additional sites' <filename>settings.php</filename> files."
-msgstr ""
-"Copy <filename>/etc/drupal/default/settings.php.rpmsave</filename> "
-"a<filename>/etc/drupal/default/settings.php</filename>, y repítalo para "
-"cualquier archivo settings.php adicional del sitio."
+msgid "Copy <filename>/etc/drupal/default/settings.php.rpmsave</filename> to <filename>/etc/drupal/default/settings.php</filename>, and repeat for any additional sites' <filename>settings.php</filename> files."
+msgstr "Copy <filename>/etc/drupal/default/settings.php.rpmsave</filename> a<filename>/etc/drupal/default/settings.php</filename>, y repítalo para cualquier archivo settings.php adicional del sitio."
#: en_US/Web_servers.xml:26(para)
-msgid ""
-"Browse to <uri>http://host/drupal/update.php</uri> to run the upgrade script."
-msgstr ""
-"Navege hacia <ulink url=\"http://host/drupal/update.php\"/> para correr el "
-"script de actualización."
+msgid "Browse to <uri>http://host/drupal/update.php</uri> to run the upgrade script."
+msgstr "Navege hacia <ulink url=\"http://host/drupal/update.php\"/> para correr el script de actualización."
#: en_US/Web_servers.xml:30(para)
-msgid ""
-"Several modules are also now available in Fedora 10, including "
-"<package>drupal-date</package>, <package>-cck</package>, <package>-views</"
-"package>, and <package>-service_links</package>."
-msgstr ""
-"Algunos modulos ya stan disponibles en Fedora 10, incluyendo <package>drupal-"
-"date</package>, <package>-cck</package>, <package>-views</package>, y "
-"<package>-service_links</package>."
+msgid "Several modules are also now available in Fedora 10, including <package>drupal-date</package>, <package>-cck</package>, <package>-views</package>, and <package>-service_links</package>."
+msgstr "Algunos modulos ya stan disponibles en Fedora 10, incluyendo <package>drupal-date</package>, <package>-cck</package>, <package>-views</package>, y <package>-service_links</package>."
#: en_US/Virtualization.xml:5(title)
msgid "Virtualization"
msgstr "Virtualización"
#: en_US/Virtualization.xml:6(para)
-msgid ""
-"Virtualization in Fedora 10 includes major changes, and new features, that "
-"continue to support KVM, Xen, and many other virtual machine platforms."
-msgstr ""
-"La virtualización en Fedora 10 incluye cambios principales y nuevas "
-"características, que continúan dando soporte a las plataformas Xen y KVM."
+msgid "Virtualization in Fedora 10 includes major changes, and new features, that continue to support KVM, Xen, and many other virtual machine platforms."
+msgstr "La virtualización en Fedora 10 incluye cambios principales y nuevas características, que continúan dando soporte a las plataformas Xen y KVM."
#: en_US/Virtualization.xml:10(title)
msgid "Unified kernel image"
msgstr "Imagen de kernel unificada"
#: en_US/Virtualization.xml:11(para)
-msgid ""
-"The <package>kernel-xen</package> package has been obsoleted by the "
-"integration of paravirtualization operations in the upstream kernel. The "
-"<package>kernel</package> package in Fedora 10 supports booting as a guest "
-"domU, but will not function as a dom0 until such support is provided "
-"upstream. The most recent Fedora release with dom0 support is Fedora 8."
-msgstr ""
-"El paquete <package>kernel-xen</package> ya es obsoleto debido a la "
-"integración de las operaciones de paravirtualización en el kernel. El "
-"paquete <package>kernel</package> en Fedora 10 da soporte al arranque como "
-"un invitado domU, pero no funcionará como un dom0 hasta que se de el soporte "
-"por parte de los desarrolladores del kernel. El más reciente lanzamiento de "
-"Fedora con soporte dom0 es Fedora 8."
+msgid "The <package>kernel-xen</package> package has been obsoleted by the integration of paravirtualization operations in the upstream kernel. The <package>kernel</package> package in Fedora 10 supports booting as a guest domU, but will not function as a dom0 until such support is provided upstream. The most recent Fedora release with dom0 support is Fedora 8."
+msgstr "El paquete <package>kernel-xen</package> ya es obsoleto debido a la integración de las operaciones de paravirtualización en el kernel. El paquete <package>kernel</package> en Fedora 10 da soporte al arranque como un invitado domU, pero no funcionará como un dom0 hasta que se de el soporte por parte de los desarrolladores del kernel. El más reciente lanzamiento de Fedora con soporte dom0 es Fedora 8."
#: en_US/Virtualization.xml:17(para)
-msgid ""
-"Booting a Xen domU guest within a Fedora 10 host requires the KVM based "
-"<command>xenner</command>. Xenner runs the guest kernel and a small Xen "
-"emulator together as a KVM guest."
-msgstr ""
-"Iniciando un invitado domU de Xen dentro de un anfitrión Fedora 10 requiere "
-"un <command>xenner</command> basado en KVM. Xenner corre como kernel "
-"invitado y un emulador pequeño de Xen a la vez, como si fuera un invitado "
-"KVM."
+msgid "Booting a Xen domU guest within a Fedora 10 host requires the KVM based <command>xenner</command>. Xenner runs the guest kernel and a small Xen emulator together as a KVM guest."
+msgstr "Iniciando un invitado domU de Xen dentro de un anfitrión Fedora 10 requiere un <command>xenner</command> basado en KVM. Xenner corre como kernel invitado y un emulador pequeño de Xen a la vez, como si fuera un invitado KVM."
#: en_US/Virtualization.xml:22(title)
msgid "KVM requires hardware virtualization features in the host system."
-msgstr ""
-"KVM requiere las características de virtualización por hardware en el "
-"sistema anfitrión."
+msgstr "KVM requiere las características de virtualización por hardware en el sistema anfitrión."
#: en_US/Virtualization.xml:24(para)
-msgid ""
-"Systems lacking hardware virtualization do not support Xen guests at this "
-"time."
-msgstr ""
-"Los sistemas que no tengan virtualización por hardware no tendrán soporte "
-"para invitados Xen por el momento."
+msgid "Systems lacking hardware virtualization do not support Xen guests at this time."
+msgstr "Los sistemas que no tengan virtualización por hardware no tendrán soporte para invitados Xen por el momento."
#: en_US/Virtualization.xml:28(para)
msgid "For more information refer to:"
@@ -489,144 +318,72 @@ msgid "Virtualization storage management"
msgstr "Administración de Almacenamiento en Virtualización"
#: en_US/Virtualization.xml:54(para)
-msgid ""
-"Advances in <systemitem class=\"library\">libvirt</systemitem> now provide "
-"the ability to list, create, and delete storage volumes on remote hosts. "
-"This includes the ability to create raw sparse and non-sparse files in a "
-"directory, allocate LVM logical volumes, partition physical disks, and "
-"attach to iSCSI targets."
-msgstr ""
-"Los avances en <systemitem class=\"library\">libvirt</systemitem> ahora "
-"proveen la habilidad de listar, crear y borrar volúmenes de almacenamiento "
-"en equipos remotos. Esto incluye la habilidad de crear un archivo esparcido "
-"y no esparcido crudo en un directorio, asignar volúmenes lógicos LVM, "
-"particionar discos físicos y conectarse a destinos iSCSI."
+msgid "Advances in <systemitem class=\"library\">libvirt</systemitem> now provide the ability to list, create, and delete storage volumes on remote hosts. This includes the ability to create raw sparse and non-sparse files in a directory, allocate LVM logical volumes, partition physical disks, and attach to iSCSI targets."
+msgstr "Los avances en <systemitem class=\"library\">libvirt</systemitem> ahora proveen la habilidad de listar, crear y borrar volúmenes de almacenamiento en equipos remotos. Esto incluye la habilidad de crear un archivo esparcido y no esparcido crudo en un directorio, asignar volúmenes lógicos LVM, particionar discos físicos y conectarse a destinos iSCSI."
#: en_US/Virtualization.xml:60(para)
-msgid ""
-"This enables the <command>virt-manager</command> tool to remotely provision "
-"new guest domains, and manage the storage associated with them. It provides "
-"improved SELinux integration, since the APIs ensure that all storage volumes "
-"have the correct SELinux security context when being assigned to a guest."
-msgstr ""
-"Esto habilita la herramienta <command>virt-manager</command> para proveer "
-"remotamente nuevos dominios de invitado, y administrar el almacenamiento "
-"asociado a ellos. Provee la integración SELinux mejorada, dado que las APIs "
-"aseguran que todos los volúmenes de almacenamiento tengan el contexto de "
-"seguridad SELinux correcto cuando se asignen a un invitado."
+msgid "This enables the <command>virt-manager</command> tool to remotely provision new guest domains, and manage the storage associated with them. It provides improved SELinux integration, since the APIs ensure that all storage volumes have the correct SELinux security context when being assigned to a guest."
+msgstr "Esto habilita la herramienta <command>virt-manager</command> para proveer remotamente nuevos dominios de invitado, y administrar el almacenamiento asociado a ellos. Provee la integración SELinux mejorada, dado que las APIs aseguran que todos los volúmenes de almacenamiento tengan el contexto de seguridad SELinux correcto cuando se asignen a un invitado."
#: en_US/Virtualization.xml:66(emphasis)
msgid "Features"
msgstr "Características"
#: en_US/Virtualization.xml:69(para)
-msgid ""
-"List storage volumes in a directory, and allocate new volumes, raw files "
-"both sparse and non-sparse, and formats supported by <package>qemu-img</"
-"package> (cow, qcow, qcow2, vmdk, etc)"
-msgstr ""
-"Listar los volúmenes de almacenamiento en un directorio, y asignar nuevos "
-"volúmenes, archivos crudo ya sean esparcidos y no esparcidos, y formatos "
-"soportados por <package>qemu-img</package> (cow, qcow, qcow2, vmdk, etc)"
+msgid "List storage volumes in a directory, and allocate new volumes, raw files both sparse and non-sparse, and formats supported by <package>qemu-img</package> (cow, qcow, qcow2, vmdk, etc)"
+msgstr "Listar los volúmenes de almacenamiento en un directorio, y asignar nuevos volúmenes, archivos crudo ya sean esparcidos y no esparcidos, y formatos soportados por <package>qemu-img</package> (cow, qcow, qcow2, vmdk, etc)"
#: en_US/Virtualization.xml:74(para)
msgid "List partitions in a disk, and allocate new partitions from free space"
-msgstr ""
-"Listar particiones en un disco y asignar nuevas particiones en el espacio "
-"libre"
+msgstr "Listar particiones en un disco y asignar nuevas particiones en el espacio libre"
#: en_US/Virtualization.xml:77(para)
-msgid ""
-"Connect to an iSCSI server and list volumes associated with an exported "
-"target"
-msgstr ""
-"Conectar a un servidor iSCSI y listar los volúmenes asociados con un destino "
-"exportado"
+msgid "Connect to an iSCSI server and list volumes associated with an exported target"
+msgstr "Conectar a un servidor iSCSI y listar los volúmenes asociados con un destino exportado"
#: en_US/Virtualization.xml:80(para)
-msgid ""
-"List logical volumes in an LVM volume group, and allocate new LVM logical "
-"volumes"
-msgstr ""
-"Listar los volúmenes lógicos en un grupo de volúmenes LVM, y asignar nuevos "
-"volúmenes lógicos LVM"
+msgid "List logical volumes in an LVM volume group, and allocate new LVM logical volumes"
+msgstr "Listar los volúmenes lógicos en un grupo de volúmenes LVM, y asignar nuevos volúmenes lógicos LVM"
#: en_US/Virtualization.xml:83(para)
-msgid ""
-"Automatically assign correct SELinux security context label "
-"(<option>virt_image_t</option>) to all volumes when associating with a guest."
-msgstr ""
-"Asignar automáticamente las etiquetas de contexto de seguridad SELinux "
-"correctas (<option>virt_image_t</option>) a todos los volúmenes cuando se lo "
-"asocie a un invitado."
-
-#: en_US/Virtualization.xml:86(para) en_US/Virtualization.xml:129(para)
-#: en_US/Virtualization.xml:232(para) en_US/Virtualization.xml:285(para)
-#: en_US/Virtualization.xml:380(para) en_US/Virtualization.xml:438(para)
+msgid "Automatically assign correct SELinux security context label (<option>virt_image_t</option>) to all volumes when associating with a guest."
+msgstr "Asignar automáticamente las etiquetas de contexto de seguridad SELinux correctas (<option>virt_image_t</option>) a todos los volúmenes cuando se lo asocie a un invitado."
+
+#: en_US/Virtualization.xml:86(para)
+#: en_US/Virtualization.xml:129(para)
+#: en_US/Virtualization.xml:232(para)
+#: en_US/Virtualization.xml:285(para)
+#: en_US/Virtualization.xml:380(para)
+#: en_US/Virtualization.xml:438(para)
msgid "For further details refer to:"
msgstr "Para más detalles, vaya a:"
#: en_US/Virtualization.xml:94(para)
-msgid ""
-"<ulink url=\"http://libvirt.org/storage.html\"/> -- libvirt Storage "
-"Management"
-msgstr ""
-"<ulink url=\"http://libvirt.org/storage.html\"/> -- Adminsitración de "
-"Almacenamiento de libvirt"
+msgid "<ulink url=\"http://libvirt.org/storage.html\"/> -- libvirt Storage Management"
+msgstr "<ulink url=\"http://libvirt.org/storage.html\"/> -- Adminsitración de Almacenamiento de libvirt"
#: en_US/Virtualization.xml:99(para)
-msgid ""
-"<ulink url=\"http://virt-manager.et.redhat.com/page/StorageManagement\"/> -- "
-"virt-manager Storage Management"
-msgstr ""
-"<ulink url=\"http://virt-manager.et.redhat.com/page/StorageManagement\"/> -- "
-"Adminsitración de Almacenamiento de virt-manager"
+msgid "<ulink url=\"http://virt-manager.et.redhat.com/page/StorageManagement\"/> -- virt-manager Storage Management"
+msgstr "<ulink url=\"http://virt-manager.et.redhat.com/page/StorageManagement\"/> -- Adminsitración de Almacenamiento de virt-manager"
#: en_US/Virtualization.xml:114(title)
msgid "Remote installation of virtual machines"
msgstr "Instalación remota de máquinas virtuales"
#: en_US/Virtualization.xml:115(para)
-msgid ""
-"Improvements in Virtualization storage management have enabled the creation "
-"of guests on remote host systems. By leveraging Avahi, systems supporting "
-"<systemitem class=\"library\">libvirt</systemitem> can be automatically "
-"detected by <command>virt-manager</command>. Upon detection guests can be "
-"provisioned on the remote system."
-msgstr ""
-"Las mejoras realizadas en la administración de almacenamiento de la "
-"Virtualización permite ahora la creación de invitados en sistemas "
-"anfitriones remotos. Apalancando Avahi, los sistemas que soportan "
-"<systemitem class=\"library\">libvirt</systemitem> se pueden detectar "
-"automáticamente con <command>virt-manager</command>. Después de detectar los "
-"invitados, se puede hacer previsiones en el sistema remoto."
+msgid "Improvements in Virtualization storage management have enabled the creation of guests on remote host systems. By leveraging Avahi, systems supporting <systemitem class=\"library\">libvirt</systemitem> can be automatically detected by <command>virt-manager</command>. Upon detection guests can be provisioned on the remote system."
+msgstr "Las mejoras realizadas en la administración de almacenamiento de la Virtualización permite ahora la creación de invitados en sistemas anfitriones remotos. Apalancando Avahi, los sistemas que soportan <systemitem class=\"library\">libvirt</systemitem> se pueden detectar automáticamente con <command>virt-manager</command>. Después de detectar los invitados, se puede hacer previsiones en el sistema remoto."
#: en_US/Virtualization.xml:121(para)
-msgid ""
-"Installations can be automated with the help of <command>cobbler</command> "
-"and <command>koan</command>. Cobbler is a Linux installation server that "
-"allows for rapid setup of network installation environments. Network "
-"installs can be configured for PXE boot, reinstallations, media-based net-"
-"installs, and virtualized guest installs. Cobbler uses a helper program, "
-"<command>koan</command>, for reinstallation and virtualization support."
-msgstr ""
-"Las instalaciones se pueden automatizar con la ayuda de <command>cobbler</"
-"command> and <command>koan</command>. Cobbler es un servidor de instalación "
-"de Linux que permite la configuración rápida de un entorno de instalación de "
-"red. Las instalaciones de red se pueden configurar para arranque PXE, "
-"reinstalaciones, instalaciones de red basadas en medio e instalaciones de "
-"invitados virtualizados. Cobbler usa un programa de ayuda, <command>koan</"
-"command>, para el soporte de reinstalación y la virtualización."
+msgid "Installations can be automated with the help of <command>cobbler</command> and <command>koan</command>. Cobbler is a Linux installation server that allows for rapid setup of network installation environments. Network installs can be configured for PXE boot, reinstallations, media-based net-installs, and virtualized guest installs. Cobbler uses a helper program, <command>koan</command>, for reinstallation and virtualization support."
+msgstr "Las instalaciones se pueden automatizar con la ayuda de <command>cobbler</command> and <command>koan</command>. Cobbler es un servidor de instalación de Linux que permite la configuración rápida de un entorno de instalación de red. Las instalaciones de red se pueden configurar para arranque PXE, reinstalaciones, instalaciones de red basadas en medio e instalaciones de invitados virtualizados. Cobbler usa un programa de ayuda, <command>koan</command>, para el soporte de reinstalación y la virtualización."
#: en_US/Virtualization.xml:137(para)
-msgid ""
-"<ulink url=\"http://virt-manager.et.redhat.com/page/LibvirtDiscovery\"/> -- "
-"virt-manager Discovery"
-msgstr ""
-"<ulink url=\"http://virt-manager.et.redhat.com/page/LibvirtDiscovery\"/> -- "
-"Descubrimiento de virt-manager "
+msgid "<ulink url=\"http://virt-manager.et.redhat.com/page/LibvirtDiscovery\"/> -- virt-manager Discovery"
+msgstr "<ulink url=\"http://virt-manager.et.redhat.com/page/LibvirtDiscovery\"/> -- Descubrimiento de virt-manager "
-#: en_US/Virtualization.xml:154(title) en_US/Java.xml:108(title)
+#: en_US/Virtualization.xml:154(title)
+#: en_US/Java.xml:108(title)
msgid "Other improvements"
msgstr "Otras Mejoras"
@@ -635,16 +392,8 @@ msgid "Fedora also includes the following virtualization improvements:"
msgstr "Fedora también incluye las siguientes mejoras de virtualización:"
#: en_US/Virtualization.xml:159(para)
-msgid ""
-"Utilities in the new <package>virt-mem</package> package provide access to "
-"process tables, interface information, dmesg, and uname of QEmu and KVM "
-"guests from the host system. For more information, refer to <ulink url="
-"\"http://et.redhat.com/~rjones/virt-mem/\"/>."
-msgstr ""
-"Los utilitarios en el nuevo paquete <package>virt-mem</package> proveen "
-"acceso a tablas de proceso, información de la interfase, dmesg, y uname de "
-"los invitados QEmu y KVM en el sistema anfitrión. Para más información, vaya "
-"a <ulink url=\"http://et.redhat.com/~rjones/virt-mem/\"/>"
+msgid "Utilities in the new <package>virt-mem</package> package provide access to process tables, interface information, dmesg, and uname of QEmu and KVM guests from the host system. For more information, refer to <ulink url=\"http://et.redhat.com/~rjones/virt-mem/\"/>."
+msgstr "Los utilitarios en el nuevo paquete <package>virt-mem</package> proveen acceso a tablas de proceso, información de la interfase, dmesg, y uname de los invitados QEmu y KVM en el sistema anfitrión. Para más información, vaya a <ulink url=\"http://et.redhat.com/~rjones/virt-mem/\"/>"
#: en_US/Virtualization.xml:167(title)
msgid "The <package>virt-mem</package> package is experimental."
@@ -655,44 +404,20 @@ msgid "Only 32-bit guests are supported at this time."
msgstr "Solamente se da soporte a invitados de 32 bit por el momento."
#: en_US/Virtualization.xml:172(para)
-msgid ""
-"The new <command>virt-df</command> tool provides information on the disk "
-"usage of guests from the host system. <ulink url=\"http://et.redhat.com/"
-"~rjones/virt-df\"/>"
-msgstr ""
-"La nueva herramienta <command>virt-df</command> provee información del uso "
-"del disco de los invitados en el sistema anfitrión. <ulink url=\"http://et."
-"redhat.com/~rjones/virt-df\"/>"
+msgid "The new <command>virt-df</command> tool provides information on the disk usage of guests from the host system. <ulink url=\"http://et.redhat.com/~rjones/virt-df\"/>"
+msgstr "La nueva herramienta <command>virt-df</command> provee información del uso del disco de los invitados en el sistema anfitrión. <ulink url=\"http://et.redhat.com/~rjones/virt-df\"/>"
#: en_US/Virtualization.xml:179(para)
-msgid ""
-"The new experimental <package>xenwatch</package> package provides utilities "
-"for interacting with <command>xenstore</command> on Xen-based virtualization "
-"hosts. For more information refer to <ulink url=\"http://kraxel.fedorapeople."
-"org/xenwatch/\"/>"
-msgstr ""
-"El nuevo paquete experimental <package>xenwatch</package> provee utilitarios "
-"para interactuar con <command>xenstore</command> en anfitriones de "
-"virtualización basados en Xen. Para más información vaya a <ulink url="
-"\"http://kraxel.fedorapeople.org/xenwatch/\"/>"
+msgid "The new experimental <package>xenwatch</package> package provides utilities for interacting with <command>xenstore</command> on Xen-based virtualization hosts. For more information refer to <ulink url=\"http://kraxel.fedorapeople.org/xenwatch/\"/>"
+msgstr "El nuevo paquete experimental <package>xenwatch</package> provee utilitarios para interactuar con <command>xenstore</command> en anfitriones de virtualización basados en Xen. Para más información vaya a <ulink url=\"http://kraxel.fedorapeople.org/xenwatch/\"/>"
#: en_US/Virtualization.xml:187(title)
msgid "<package>libvirt</package> updated to 0.4.6"
msgstr "<package>libvirt</package> se actualizó a 0.4.6"
#: en_US/Virtualization.xml:188(para)
-msgid ""
-"The <package>libvirt</package> package provides an API and tools to interact "
-"with the virtualization capabilities of recent versions of Linux (and other "
-"OSes). The <systemitem class=\"library\">libvirt</systemitem> software is "
-"designed to be a common denominator among all virtualization technologies "
-"with support for the following:"
-msgstr ""
-"El paquete <package>libvirt</package> provee un API y herramientas para "
-"interactuar con las capacidades de virtualización el versiones recientes de "
-"Linux (y otros SOs). El software <systemitem class=\"library\">libvirt</"
-"systemitem> fue diseñado como un denominador común entre todas las "
-"tecnologías de virtualización con soporte para las siguientes:"
+msgid "The <package>libvirt</package> package provides an API and tools to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The <systemitem class=\"library\">libvirt</systemitem> software is designed to be a common denominator among all virtualization technologies with support for the following:"
+msgstr "El paquete <package>libvirt</package> provee un API y herramientas para interactuar con las capacidades de virtualización el versiones recientes de Linux (y otros SOs). El software <systemitem class=\"library\">libvirt</systemitem> fue diseñado como un denominador común entre todas las tecnologías de virtualización con soporte para las siguientes:"
#: en_US/Virtualization.xml:196(para)
msgid "The Xen hypervisor on Linux and Solaris hosts."
@@ -752,97 +477,59 @@ msgstr "Soporte para NUMA y pineado de vCPU en QEMU"
#: en_US/Virtualization.xml:228(para)
msgid "Unified XML domain and network parsing for all virtualization drivers"
-msgstr ""
-"Dominio XML unifiocado y examen de la red para buscar todos los "
-"controladores de virtualización"
+msgstr "Dominio XML unifiocado y examen de la red para buscar todos los controladores de virtualización"
#: en_US/Virtualization.xml:238(title)
msgid "<package>virt-manager</package> Updated to 0.6.0"
msgstr "<package>virt-manager</package> Se actualizó a 0.6.0"
#: en_US/Virtualization.xml:239(para)
-msgid ""
-"The <package>virt-manager</package> package provides a GUI implementation of "
-"<command>virtinst</command> and <systemitem class=\"library\">libvirt</"
-"systemitem> functionality."
-msgstr ""
-"El paquete <package>virt-manager</package> provee una implementación GUI de "
-"la funcionalidad de <command>virtinst</command> y <systemitem class="
-"\"library\">libvirt</systemitem>."
+msgid "The <package>virt-manager</package> package provides a GUI implementation of <command>virtinst</command> and <systemitem class=\"library\">libvirt</systemitem> functionality."
+msgstr "El paquete <package>virt-manager</package> provee una implementación GUI de la funcionalidad de <command>virtinst</command> y <systemitem class=\"library\">libvirt</systemitem>."
#: en_US/Virtualization.xml:243(emphasis)
msgid "New features and improvements since 0.5.4:"
msgstr "Nuevas características y mejoras desde 0.5.4:"
#: en_US/Virtualization.xml:247(para)
-msgid ""
-"Remote storage management and provisioning: view, add, remove, and provision "
-"<systemitem class=\"library\">libvirt</systemitem> managed storage. Attach "
-"managed storage to a remote VM."
-msgstr ""
-"Administración de almacenamiento remoto y provisión : ver, agregar, eliminar "
-"y proveer almacenamiento administrado <systemitem class=\"library\">libvirt</"
-"systemitem>. Conectar un almacenamiento administrado a una MV remota."
+msgid "Remote storage management and provisioning: view, add, remove, and provision <systemitem class=\"library\">libvirt</systemitem> managed storage. Attach managed storage to a remote VM."
+msgstr "Administración de almacenamiento remoto y provisión : ver, agregar, eliminar y proveer almacenamiento administrado <systemitem class=\"library\">libvirt</systemitem>. Conectar un almacenamiento administrado a una MV remota."
#: en_US/Virtualization.xml:252(para)
-msgid ""
-"Remote VM installation support: Install from managed media (CDROM) or PXE. "
-"Simple install time storage provisioning."
-msgstr ""
-"Soporte para la instalación de MV remota: instalación desde un medio "
-"administrado (CDROM) o PXE. Provisión de almacenamiento simple al momento de "
-"instalar."
+msgid "Remote VM installation support: Install from managed media (CDROM) or PXE. Simple install time storage provisioning."
+msgstr "Soporte para la instalación de MV remota: instalación desde un medio administrado (CDROM) o PXE. Provisión de almacenamiento simple al momento de instalar."
#: en_US/Virtualization.xml:256(para)
-msgid ""
-"VM details and console windows merged: each VM is now represented by a "
-"single tabbed window."
-msgstr ""
-"Detalles de la MV y la ventana de consola mezclados: cada MV es ahora "
-"representado por una ventana con pestaña."
+msgid "VM details and console windows merged: each VM is now represented by a single tabbed window."
+msgstr "Detalles de la MV y la ventana de consola mezclados: cada MV es ahora representado por una ventana con pestaña."
#: en_US/Virtualization.xml:259(para)
msgid "Use Avahi to list <command>libvirtd</command> instances on network."
-msgstr ""
-"Use Avahi para lsitar las instancias <command>libvirtd</command> en la red."
+msgstr "Use Avahi para lsitar las instancias <command>libvirtd</command> en la red."
#: en_US/Virtualization.xml:262(para)
-msgid ""
-"Hypervisor Autoconnect: Option to connect to hypervisor at <command>virt-"
-"manager</command> start up."
-msgstr ""
-"Autoconectado del Hipervisor: opción para conectar al hipervisor durante el "
-"arranque de <command>virt-manager</command>."
+msgid "Hypervisor Autoconnect: Option to connect to hypervisor at <command>virt-manager</command> start up."
+msgstr "Autoconectado del Hipervisor: opción para conectar al hipervisor durante el arranque de <command>virt-manager</command>."
#: en_US/Virtualization.xml:266(para)
msgid "Option to add sound device emulation when creating new guests."
-msgstr ""
-"Opción para agregar emulación del dispositivo de sonido cuando se crean "
-"nuevos invitados."
+msgstr "Opción para agregar emulación del dispositivo de sonido cuando se crean nuevos invitados."
#: en_US/Virtualization.xml:269(para)
msgid "Virtio and USB options when adding a disk device."
msgstr "Opciones para Virtio y USB cuando se agrega un dispositivo de disco."
#: en_US/Virtualization.xml:272(para)
-msgid ""
-"Allow viewing and removing VM sound, serial, parallel, and console devices."
-msgstr ""
-"Se permite ver y eliminar en la MV el sonido, dispositivos serie, paralelos "
-"y consolas."
+msgid "Allow viewing and removing VM sound, serial, parallel, and console devices."
+msgstr "Se permite ver y eliminar en la MV el sonido, dispositivos serie, paralelos y consolas."
#: en_US/Virtualization.xml:275(para)
msgid "Allow specifying a keymap when adding display device."
-msgstr ""
-"Se permite especificar un mapa de teclado cuando se agrega un dispositivo de "
-"salida."
+msgstr "Se permite especificar un mapa de teclado cuando se agrega un dispositivo de salida."
#: en_US/Virtualization.xml:278(para)
-msgid ""
-"Keep app running if manager window is closed but VM window is still open."
-msgstr ""
-"Mantener la aplicación ejecutándose cuando se cierra la ventana del "
-"administrador pero la ventana de la MV está todavía abierta."
+msgid "Keep app running if manager window is closed but VM window is still open."
+msgstr "Mantener la aplicación ejecutándose cuando se cierra la ventana del administrador pero la ventana de la MV está todavía abierta."
#: en_US/Virtualization.xml:281(para)
msgid "Allow limiting the amount of stored stats history."
@@ -853,50 +540,24 @@ msgid "<package>virtinst</package> updated to 0.400.0"
msgstr "<package>virtinst</package> se actualizó a 0.400.0"
#: en_US/Virtualization.xml:292(para)
-msgid ""
-"The <package>python-virtinst</package> package contains tools for installing "
-"and manipulating multiple VM guest image formats."
-msgstr ""
-"El paquete <package>python-virtinst</package> contiene herramientas para "
-"instalar y manipular múltiples formatos de imágenes de invitado de MV."
+msgid "The <package>python-virtinst</package> package contains tools for installing and manipulating multiple VM guest image formats."
+msgstr "El paquete <package>python-virtinst</package> contiene herramientas para instalar y manipular múltiples formatos de imágenes de invitado de MV."
#: en_US/Virtualization.xml:295(emphasis)
msgid "New features and improvements since 0.300.3:"
msgstr "Nuevas características y mejoras desde 0.300.3:"
#: en_US/Virtualization.xml:299(para)
-msgid ""
-"New tool <command>virt-convert</command>: Allows converting between "
-"different types of virt configuration files. Currently only supports "
-"<filename>vmx</filename> to <filename>virt-image</filename>."
-msgstr ""
-"Nueva herramienta<command>virt-convert</command>: permite convertir entre "
-"diferentes tipo de archivos de configuración de virtualización. Actualmente "
-"sólo se soporta convertir desde <filename>vmx</filename> a <filename>virt-"
-"image</filename>."
+msgid "New tool <command>virt-convert</command>: Allows converting between different types of virt configuration files. Currently only supports <filename>vmx</filename> to <filename>virt-image</filename>."
+msgstr "Nueva herramienta<command>virt-convert</command>: permite convertir entre diferentes tipo de archivos de configuración de virtualización. Actualmente sólo se soporta convertir desde <filename>vmx</filename> a <filename>virt-image</filename>."
#: en_US/Virtualization.xml:305(para)
-msgid ""
-"New tool <command>virt-pack</command>: Converts <filename>virt-image</"
-"filename> xml format to <filename>vmx</filename> and packs in a tar.gz. "
-"(Note this will likely be merged with <command>virt-convert</command> in the "
-"future)."
-msgstr ""
-"Nueva herramienta <command>virt-pack</command>: convierte del formato xml "
-"<filename>virt-image</filename> a <filename>vmx</filename> y lo empaqueta en "
-"un tar.gz. (Tome nota que esto probablemente sea mezclado con <command>virt-"
-"convert</command> en el futuro)."
+msgid "New tool <command>virt-pack</command>: Converts <filename>virt-image</filename> xml format to <filename>vmx</filename> and packs in a tar.gz. (Note this will likely be merged with <command>virt-convert</command> in the future)."
+msgstr "Nueva herramienta <command>virt-pack</command>: convierte del formato xml <filename>virt-image</filename> a <filename>vmx</filename> y lo empaqueta en un tar.gz. (Tome nota que esto probablemente sea mezclado con <command>virt-convert</command> en el futuro)."
#: en_US/Virtualization.xml:315(para)
-msgid ""
-"Support for remote VM installation. Can use install media and disk images on "
-"remote host if shared via <systemitem class=\"library\">libvirt</"
-"systemitem>. Allows provisioning storage on remote pools."
-msgstr ""
-"Soporte para instalación de MV remota. Se puede usar el medio de instalación "
-"y las imágenes de disco en equipos remotos si fueron compartidos a través de "
-"<systemitem class=\"library\">libvirt</systemitem>. Permite la provisión de "
-"almacenamiento en grupos remotos."
+msgid "Support for remote VM installation. Can use install media and disk images on remote host if shared via <systemitem class=\"library\">libvirt</systemitem>. Allows provisioning storage on remote pools."
+msgstr "Soporte para instalación de MV remota. Se puede usar el medio de instalación y las imágenes de disco en equipos remotos si fueron compartidos a través de <systemitem class=\"library\">libvirt</systemitem>. Permite la provisión de almacenamiento en grupos remotos."
#: en_US/Virtualization.xml:320(para)
msgid "Support setting CPU pinning information for QEmu/KVM VMs"
@@ -912,33 +573,19 @@ msgstr "Nuevas opciones:"
#: en_US/Virtualization.xml:330(para)
msgid "<option>--wait</option> allows putting a hard time limit on installs"
-msgstr ""
-"<option>--wait</option> permite poner un límite de tiempo para instalar"
+msgstr "<option>--wait</option> permite poner un límite de tiempo para instalar"
#: en_US/Virtualization.xml:335(para)
msgid "<option>--sound</option> create VM with soundcard emulation"
msgstr "<option>--sound</option> crea una MV con emulación de placa de sonido"
#: en_US/Virtualization.xml:339(para)
-msgid ""
-"<option>--disk</option> allows specifying media as a path, storage volume, "
-"or a pool to provision storage on, device type, and several other options. "
-"Deprecates <option>--file</option>, <option>--size</option>, <option>--"
-"nonsparse</option>."
-msgstr ""
-"<option>--disk</option> le permite especificar si el medio es una dirección, "
-"un volúmen de almacenamiento o un grupo desde donde se provee almacenaje, el "
-"tipo de dispositivo y otras opciones varias. Hace obsoleta las opciones "
-"<option>--file</option>, <option>--size</option>, <option>--nonsparse</"
-"option>."
+msgid "<option>--disk</option> allows specifying media as a path, storage volume, or a pool to provision storage on, device type, and several other options. Deprecates <option>--file</option>, <option>--size</option>, <option>--nonsparse</option>."
+msgstr "<option>--disk</option> le permite especificar si el medio es una dirección, un volúmen de almacenamiento o un grupo desde donde se provee almacenaje, el tipo de dispositivo y otras opciones varias. Hace obsoleta las opciones <option>--file</option>, <option>--size</option>, <option>--nonsparse</option>."
#: en_US/Virtualization.xml:348(para)
-msgid ""
-"<option>--prompt</option> Input prompting is no longer the default, this "
-"option turns it back on."
-msgstr ""
-"<option>--prompt</option> La espera por entrada del usuario ya no es "
-"predeterminada, esta opción la vuelve a activar."
+msgid "<option>--prompt</option> Input prompting is no longer the default, this option turns it back on."
+msgstr "<option>--prompt</option> La espera por entrada del usuario ya no es predeterminada, esta opción la vuelve a activar."
#: en_US/Virtualization.xml:312(para)
msgid "<command>virt-install</command> improvements: <placeholder-1/>"
@@ -950,38 +597,23 @@ msgstr "Mejoras a <command>virt-image</command>:"
#: en_US/Virtualization.xml:365(para)
msgid "<option>--replace</option> option to overwrite existing VM image file"
-msgstr ""
-"Opción <option>--replace</option> para sobreescribir el archivo de imágen de "
-"MV ya existente."
+msgstr "Opción <option>--replace</option> para sobreescribir el archivo de imágen de MV ya existente."
#: en_US/Virtualization.xml:369(para)
-msgid ""
-"Support multiple network interfaces in <filename>virt-image</filename> format"
-msgstr ""
-"Soporte para múltiples interfases de red en formato <filename>virt-image</"
-"filename>"
+msgid "Support multiple network interfaces in <filename>virt-image</filename> format"
+msgstr "Soporte para múltiples interfases de red en formato <filename>virt-image</filename>"
#: en_US/Virtualization.xml:376(para)
-msgid ""
-"Use virtio disk/net drivers if chosen guest OS entry supports it (Fedora 9 "
-"and 10)"
-msgstr ""
-"Use los controladores virtio de disco/red si eligió un SO que de ese soporte "
-"(Fedora 9 y 10)"
+msgid "Use virtio disk/net drivers if chosen guest OS entry supports it (Fedora 9 and 10)"
+msgstr "Use los controladores virtio de disco/red si eligió un SO que de ese soporte (Fedora 9 y 10)"
#: en_US/Virtualization.xml:391(title)
msgid "Xen updated to 3.3.0"
msgstr "Xen actualizado a 3.3.0"
#: en_US/Virtualization.xml:392(para)
-msgid ""
-"Fedora 10 supports booting as a guest domU, but will not function as a dom0 "
-"until such support is provided in the upstream kernel. Support for a "
-"<option>pv_ops</option> dom0 is targeted for Xen 3.4."
-msgstr ""
-"Fedora 10 da soporte al arranque como un domU invitado, pero no funciona "
-"como un dom0 hasta que tal soporte sea provisto en el kernel. El soporte "
-"para <option>pv_ops</option> dom0 está previsto en Xen 3.4."
+msgid "Fedora 10 supports booting as a guest domU, but will not function as a dom0 until such support is provided in the upstream kernel. Support for a <option>pv_ops</option> dom0 is targeted for Xen 3.4."
+msgstr "Fedora 10 da soporte al arranque como un domU invitado, pero no funciona como un dom0 hasta que tal soporte sea provisto en el kernel. El soporte para <option>pv_ops</option> dom0 está previsto en Xen 3.4."
#: en_US/Virtualization.xml:396(emphasis)
msgid "Changes since 3.2.0:"
@@ -992,12 +624,8 @@ msgid "Power management (P & C states) in the hypervisor"
msgstr "Administración de Energía en el hipervisor (estados P & C)"
#: en_US/Virtualization.xml:402(para)
-msgid ""
-"HVM emulation domains (<command>qemu-on-minios</command>) for better "
-"scalability, performance, and security"
-msgstr ""
-"Dominios de emulación HVM (<command>qemu-on-minios</command>) para una mejor "
-"escalabilidad, performance y seguridad"
+msgid "HVM emulation domains (<command>qemu-on-minios</command>) for better scalability, performance, and security"
+msgstr "Dominios de emulación HVM (<command>qemu-on-minios</command>) para una mejor escalabilidad, performance y seguridad"
#: en_US/Virtualization.xml:406(para)
msgid "PVGrub: boot PV kernels using real GRUB inside the PV domain"
@@ -1005,44 +633,27 @@ msgstr "PVGrub: arranca kernels PV usando un GRUB real dentro de un dominio PV"
#: en_US/Virtualization.xml:409(para)
msgid "Better PV performance: domain lock removed from pagetable-update paths"
-msgstr ""
-"Mejor performance de PV: el bloqueo de dominio se eliminó de las direcciones "
-"pagetable-update"
+msgstr "Mejor performance de PV: el bloqueo de dominio se eliminó de las direcciones pagetable-update"
#: en_US/Virtualization.xml:412(para)
-msgid ""
-"Shadow3: optimisations to make this the best shadow pagetable algorithm yet, "
-"making HVM performance better than ever"
-msgstr ""
-"Shadow3: optimizaciones para hacer de éste el mejor algoritmo de tabla de "
-"página, mejorando la performance HVM más que nunca"
+msgid "Shadow3: optimisations to make this the best shadow pagetable algorithm yet, making HVM performance better than ever"
+msgstr "Shadow3: optimizaciones para hacer de éste el mejor algoritmo de tabla de página, mejorando la performance HVM más que nunca"
#: en_US/Virtualization.xml:416(para)
-msgid ""
-"Hardware Assisted Paging enhancements: 2MB page support for better TLB "
-"locality"
-msgstr ""
-"Mejoras de Paginación Asistida por Hardware: soporte para páginas de 2MB "
-"para una mejor localidad TLB"
+msgid "Hardware Assisted Paging enhancements: 2MB page support for better TLB locality"
+msgstr "Mejoras de Paginación Asistida por Hardware: soporte para páginas de 2MB para una mejor localidad TLB"
#: en_US/Virtualization.xml:419(para)
-msgid ""
-"CPUID feature levelling: allows safe domain migration across systems with "
-"different CPU models"
-msgstr ""
-"Característica de nivelado de CPUID: permite la migración segura de dominio "
-"a través de sistemas con distintos modelos de CPU"
+msgid "CPUID feature levelling: allows safe domain migration across systems with different CPU models"
+msgstr "Característica de nivelado de CPUID: permite la migración segura de dominio a través de sistemas con distintos modelos de CPU"
#: en_US/Virtualization.xml:422(para)
msgid "PVSCSI drivers for SCSI access direct into PV guests"
msgstr "Controladores PVSCSI para acceso directo SCSI en invitados PV"
#: en_US/Virtualization.xml:425(para)
-msgid ""
-"HVM framebuffer optimisations: scan for framebuffer updates more efficiently"
-msgstr ""
-"Optimizaciones de framebuffer HVM: se buscan actualizaciones de framebuffer "
-"más eficientemente"
+msgid "HVM framebuffer optimisations: scan for framebuffer updates more efficiently"
+msgstr "Optimizaciones de framebuffer HVM: se buscan actualizaciones de framebuffer más eficientemente"
# Pasarela se usa mucho en otros sistemas operativos en español...
#: en_US/Virtualization.xml:428(para)
@@ -1050,12 +661,8 @@ msgid "Device passthrough enhancements"
msgstr "Mejoras de pasajes de dispositivos"
#: en_US/Virtualization.xml:430(para)
-msgid ""
-"Full x86 real-mode emulation for HVM guests on Intel VT: supports a much "
-"wider range of legacy guest OSes"
-msgstr ""
-"Emulación completa del modo real x86 para invitados HVM en Intel VT: soporte "
-"a un rango más amplio de SOs invitados ancestrales."
+msgid "Full x86 real-mode emulation for HVM guests on Intel VT: supports a much wider range of legacy guest OSes"
+msgstr "Emulación completa del modo real x86 para invitados HVM en Intel VT: soporte a un rango más amplio de SOs invitados ancestrales."
#: en_US/Virtualization.xml:433(para)
msgid "New qemu merge with upstream development"
@@ -1066,19 +673,12 @@ msgid "Many other changes in both x86 and IA64 ports"
msgstr "Muchos otros cambios en portaciones x86 e IA64"
#: en_US/Virtualization.xml:441(para)
-msgid ""
-"<ulink url=\"http://www.xen.org/download/roadmap.html\"/> -- Xen roadmap"
-msgstr ""
-"<ulink url=\"http://www.xen.org/download/roadmap.html\"/> -- Hoja de ruta de "
-"Xen"
+msgid "<ulink url=\"http://www.xen.org/download/roadmap.html\"/> -- Xen roadmap"
+msgstr "<ulink url=\"http://www.xen.org/download/roadmap.html\"/> -- Hoja de ruta de Xen"
#: en_US/Virtualization.xml:446(para)
-msgid ""
-"<ulink url=\"http://xenbits.xen.org/paravirt_ops/patches.hg/\"/> -- "
-"paravirt_ops patch queue"
-msgstr ""
-"<ulink url=\"http://xenbits.xen.org/paravirt_ops/patches.hg/\"/> -- cola de "
-"parches paravirt_ops"
+msgid "<ulink url=\"http://xenbits.xen.org/paravirt_ops/patches.hg/\"/> -- paravirt_ops patch queue"
+msgstr "<ulink url=\"http://xenbits.xen.org/paravirt_ops/patches.hg/\"/> -- cola de parches paravirt_ops"
#: en_US/Upfront_About_Multimedia.xml:6(title)
msgid "Upfront About Multimedia"
@@ -1089,14 +689,8 @@ msgid "Updated packages in Fedora 10"
msgstr "Paquetes actualizados en Fedora 10"
#: en_US/Updated_packages_in_Fedora_10.xml:7(para)
-msgid ""
-"This list is automatically generated by checking the difference between the "
-"(F10)-1 GOLD tree and the F10 tree on a specific date. The content is posted "
-"only on the wiki:"
-msgstr ""
-"Esta lista se genera automáticamente mediante el chequeo de la diferencia "
-"entre el arbol DORADO de (F10)-1 y el árbol de F10 en una fecha específica. "
-"El contenido solamente se muestra en el wiki:"
+msgid "This list is automatically generated by checking the difference between the (F10)-1 GOLD tree and the F10 tree on a specific date. The content is posted only on the wiki:"
+msgstr "Esta lista se genera automáticamente mediante el chequeo de la diferencia entre el arbol DORADO de (F10)-1 y el árbol de F10 en una fecha específica. El contenido solamente se muestra en el wiki:"
#: en_US/Tools.xml:5(title)
msgid "Tools"
@@ -1104,36 +698,23 @@ msgstr "Herramientas"
#: en_US/Tools.xml:6(para)
msgid "This section covers various development tools and features."
-msgstr ""
-"Esta sección cubre las diversas herramientas del desarrollador y sus "
-"características."
+msgstr "Esta sección cubre las diversas herramientas del desarrollador y sus características."
#: en_US/Tools.xml:9(title)
msgid "Eclipse"
msgstr "Eclipse"
#: en_US/Tools.xml:10(para)
-msgid ""
-"This release of Fedora includes Fedora Eclipse, based on the Eclipse SDK "
-"version 3.4. The 3.4 series of releases has a \"What's New in 3.4\" page:"
-msgstr ""
-"Este lanzamiento de Fedora incluye Fedora Eclipse, basado en el SDK de "
-"Eclipse versión 3.4. La serie 3.4 de lanzamientos tiene una nueva página "
-"\"Qué hay de nuevo en 3.4\":"
+msgid "This release of Fedora includes Fedora Eclipse, based on the Eclipse SDK version 3.4. The 3.4 series of releases has a \"What's New in 3.4\" page:"
+msgstr "Este lanzamiento de Fedora incluye Fedora Eclipse, basado en el SDK de Eclipse versión 3.4. La serie 3.4 de lanzamientos tiene una nueva página \"Qué hay de nuevo en 3.4\":"
#: en_US/Tools.xml:15(para)
msgid "Release notes specific to 3.4 are also available."
msgstr "Las notas del lanzamiento específicas a 3.4 están también disponibles."
#: en_US/Tools.xml:18(para)
-msgid ""
-"Some of the notable features in 3.4 include a number of improvements in "
-"handling bookmarks, easier ways to find and install plug-ins, and additional "
-"help with refactoring."
-msgstr ""
-"Algunas de las características notables de 3.4 incluyen un número de mejoras "
-"en el manejo de marcadores, formas fáciles de buscar e instalar "
-"complementos, y ayuda adicional con el refactoring."
+msgid "Some of the notable features in 3.4 include a number of improvements in handling bookmarks, easier ways to find and install plug-ins, and additional help with refactoring."
+msgstr "Algunas de las características notables de 3.4 incluyen un número de mejoras en el manejo de marcadores, formas fáciles de buscar e instalar complementos, y ayuda adicional con el refactoring."
# Complementos? Plugins?
#: en_US/Tools.xml:22(title)
@@ -1141,64 +722,24 @@ msgid "Additional plugins"
msgstr "Complementos adicionales"
#: en_US/Tools.xml:23(para)
-msgid ""
-"This release of Fedora includes plugins for C/C++ (<package>eclipse-cdt</"
-"package>), RPM specfile editing (<package>eclipse-rpm-editor</package>), PHP "
-"(<package>eclipse-phpeclipse</package>), Subversion (<package>eclipse-"
-"subclipse</package>), SELinux (<package>eclipse-slide</package>) and "
-"(<package>eclipse-setools</package>), regular expression testing "
-"(<package>eclipse-quickrex</package>), Fortran (<package>eclipse-photran</"
-"package>), Bugzilla integration (<package>eclipse-mylyn</package>), Git "
-"(<package>eclipse-egit</package>), Perl (<package>eclipse-epic</package>), "
-"Checkstyle (<package>eclipse-checkstyle</package>), and Python "
-"(<package>eclipse-pydev</package>)."
-msgstr ""
-"Este lanzamiento de Fedora incluye complementos para C/C++ <command>eclipse-"
-"cdt</command>, edición de archivos spec de RPM <command>eclipse-rpm-editor</"
-"command>, PHP <command>eclipse-phpeclipse</command>, Subversion "
-"<command>eclipse-subclipse</command>, SELinux <command>eclipse-slide</"
-"command> y <command>eclipse-setools</command>, prueba de expresiones "
-"regulares <command>eclipse-quickrex</command>, Fortran <command>eclipse-"
-"photran</command>, Integración con Bugzilla <command>eclipse-mylyn</"
-"command>, Git <command>eclipse-egit</command>, Perl <command>eclipse-epic</"
-"command>, Checkstyle <command>eclipse-checkstyle</command>, y Python "
-"<command>eclipse-pydev</command>."
+msgid "This release of Fedora includes plugins for C/C++ (<package>eclipse-cdt</package>), RPM specfile editing (<package>eclipse-rpm-editor</package>), PHP (<package>eclipse-phpeclipse</package>), Subversion (<package>eclipse-subclipse</package>), SELinux (<package>eclipse-slide</package>) and (<package>eclipse-setools</package>), regular expression testing (<package>eclipse-quickrex</package>), Fortran (<package>eclipse-photran</package>), Bugzilla integration (<package>eclipse-mylyn</package>), Git (<package>eclipse-egit</package>), Perl (<package>eclipse-epic</package>), Checkstyle (<package>eclipse-checkstyle</package>), and Python (<package>eclipse-pydev</package>)."
+msgstr "Este lanzamiento de Fedora incluye complementos para C/C++ <command>eclipse-cdt</command>, edición de archivos spec de RPM <command>eclipse-rpm-editor</command>, PHP <command>eclipse-phpeclipse</command>, Subversion <command>eclipse-subclipse</command>, SELinux <command>eclipse-slide</command> y <command>eclipse-setools</command>, prueba de expresiones regulares <command>eclipse-quickrex</command>, Fortran <command>eclipse-photran</command>, Integración con Bugzilla <command>eclipse-mylyn</command>, Git <command>eclipse-egit</command>, Perl <command>eclipse-epic</command>, Checkstyle <command>eclipse-checkstyle</command>, y Python <command>eclipse-pydev</command>."
#: en_US/Tools.xml:39(title)
msgid "Translations from the Babel project - eclipse-nls"
msgstr "Traducciones desde el proyecto Babel - eclipse-nls"
#: en_US/Tools.xml:40(para)
-msgid ""
-"This release also includes the Babel language packs, which provide "
-"translations for Eclipse and Eclipse plugins in a number of languages. Note "
-"that some of the languages have very low coverage: even if you have the "
-"translations installed, you will probably still see many strings in English. "
-"The Babel project accepts contributions if you would like to help their "
-"translation efforts."
-msgstr ""
-"Este lanzamiento también incluye los paquetes de idioma de Babel, que "
-"proveen traducciones para Eclipse y sus complementos a varios idiomas. Note "
-"que algunos de los idiomas tienen poca cobertura: aún si tiene instaladas "
-"las traducciones, probablemente verá muchas cadenas en inglés. El proyecto "
-"Babel acepta contribuciones si desea ayudar en los esfuerzos de traducción."
+msgid "This release also includes the Babel language packs, which provide translations for Eclipse and Eclipse plugins in a number of languages. Note that some of the languages have very low coverage: even if you have the translations installed, you will probably still see many strings in English. The Babel project accepts contributions if you would like to help their translation efforts."
+msgstr "Este lanzamiento también incluye los paquetes de idioma de Babel, que proveen traducciones para Eclipse y sus complementos a varios idiomas. Note que algunos de los idiomas tienen poca cobertura: aún si tiene instaladas las traducciones, probablemente verá muchas cadenas en inglés. El proyecto Babel acepta contribuciones si desea ayudar en los esfuerzos de traducción."
#: en_US/Tools.xml:53(title)
msgid "Upgrading from Fedora 9"
msgstr "Actualizando desde Fedora 9"
#: en_US/Tools.xml:54(para)
-msgid ""
-"Users upgrading from Eclipse 3.3 will need to migrate any plug-ins they have "
-"installed from sources other than RPMs. The simplest way to do this is to re-"
-"install. For plug-in developers migrating from 3.3, refer to the \"Plug-in "
-"Migration Guide\":"
-msgstr ""
-"Los usuarios que actualizan desde Eclipse 3.3 necesitarán migrar cualquier "
-"complemento que hayan instalado desde las fuentes o desde los RPMs. La forma "
-"más simple de hacer esto es reinstalar Para los desarrolladores de "
-"complementos, la migración de 3.3, vaya a la \"Guía de Migración de "
-"Complementos\":"
+msgid "Users upgrading from Eclipse 3.3 will need to migrate any plug-ins they have installed from sources other than RPMs. The simplest way to do this is to re-install. For plug-in developers migrating from 3.3, refer to the \"Plug-in Migration Guide\":"
+msgstr "Los usuarios que actualizan desde Eclipse 3.3 necesitarán migrar cualquier complemento que hayan instalado desde las fuentes o desde los RPMs. La forma más simple de hacer esto es reinstalar Para los desarrolladores de complementos, la migración de 3.3, vaya a la \"Guía de Migración de Complementos\":"
#: en_US/Tools.xml:64(title)
msgid "Emacs"
@@ -1209,36 +750,20 @@ msgid "Fedora 10 includes Emacs 22.2."
msgstr "Fedora 10 incluye Emacs 22.2"
#: en_US/Tools.xml:68(para)
-msgid ""
-"In addition to many bugfixes, Emacs 22.2 includes new support for the "
-"Bazaar, Mercurial, Monotone, and Git version control systems, new major "
-"modes for editing CSS, Vera, Verilog, and BibTeX style files, and improved "
-"scrolling support in Image mode."
-msgstr ""
-"Además de corregir errores, Emacs 22.2 incluye soporte para sistemas de "
-"control de versiones como Bazaar, Mercurial, Monotone y Git, nuevos modos de "
-"edición CSS, Vera, Verilog y el estilo de archivos BibTex, y soporte "
-"mejorado en el modo de desplazamiento de Imagenes. "
+msgid "In addition to many bugfixes, Emacs 22.2 includes new support for the Bazaar, Mercurial, Monotone, and Git version control systems, new major modes for editing CSS, Vera, Verilog, and BibTeX style files, and improved scrolling support in Image mode."
+msgstr "Además de corregir errores, Emacs 22.2 incluye soporte para sistemas de control de versiones como Bazaar, Mercurial, Monotone y Git, nuevos modos de edición CSS, Vera, Verilog y el estilo de archivos BibTex, y soporte mejorado en el modo de desplazamiento de Imagenes. "
#: en_US/Tools.xml:75(para)
-msgid ""
-"For a detailed description of the changes see the Emacs news for the release "
-"(<ulink url=\"http://www.gnu.org/software/emacs/NEWS.22.2\"/>)."
-msgstr ""
-"Para una descripción detallada de los cambios, vea el boletín de noticias "
-"Emacs (<ulink url=\"http://www.gnu.org/software/emacs/NEWS.22.2\"/>)."
+msgid "For a detailed description of the changes see the Emacs news for the release (<ulink url=\"http://www.gnu.org/software/emacs/NEWS.22.2\"/>)."
+msgstr "Para una descripción detallada de los cambios, vea el boletín de noticias Emacs (<ulink url=\"http://www.gnu.org/software/emacs/NEWS.22.2\"/>)."
#: en_US/Tools.xml:82(title)
msgid "GCC Compiler Collection"
msgstr "Colección de Compiladores GCC"
#: en_US/Tools.xml:83(para)
-msgid ""
-"This release of Fedora has been built with GCC 4.3.2, which is included with "
-"the distribution."
-msgstr ""
-"Esta versión de Fedora fue contruída usando GCC 4.3.2, el cual también se "
-"incluye en la distribución."
+msgid "This release of Fedora has been built with GCC 4.3.2, which is included with the distribution."
+msgstr "Esta versión de Fedora fue contruída usando GCC 4.3.2, el cual también se incluye en la distribución."
#: en_US/Tools.xml:85(para)
msgid "For more information on GCC 4.3, refer to:"
@@ -1257,196 +782,92 @@ msgid "ABI changes"
msgstr "Cambios ABI"
#: en_US/Tools.xml:97(para)
-msgid ""
-"Starting with GCC 4.3.1, decimal floating point variables are aligned to "
-"their natural boundaries when they are passed on the stack for i386."
-msgstr ""
-"A partir de GCC 4.3.1, las variables de punto flotante decimal están "
-"alineadas a sus límites naturales cuando se las pasan a través de la pila en "
-"i386."
+msgid "Starting with GCC 4.3.1, decimal floating point variables are aligned to their natural boundaries when they are passed on the stack for i386."
+msgstr "A partir de GCC 4.3.1, las variables de punto flotante decimal están alineadas a sus límites naturales cuando se las pasan a través de la pila en i386."
#: en_US/Tools.xml:102(emphasis)
msgid "Command-line changes"
msgstr "Cambios de línea de comandos"
#: en_US/Tools.xml:105(para)
-msgid ""
-"Starting with GCC 4.3.1, the <option>-mcld</option> option has been added to "
-"automatically generate a <computeroutput>cld</computeroutput> instruction in "
-"the prologue of functions that use string instructions. This option is used "
-"for backward compatibility on some operating systems and can be enabled by "
-"default for 32-bit x86 targets by configuring GCC with the <option>--enable-"
-"cld</option> configure option."
-msgstr ""
-"A partir de GCC 4.3.1, la opción <option>-mcld</option> ha sido agregada "
-"para generar automaicamente la instrucción <computeroutput>cld</"
-"computeroutput> en el prólogo de funciones que usen instrucciones de cadenas "
-"de caracteres. Esta opción se usa para compatibilidad hacia atrás en algunos "
-"sistemas operativos y se puede habilitar por defecto en destinos x86 de 32-"
-"bit configurando GCC con la opción <option>--enable-cld</option>."
+msgid "Starting with GCC 4.3.1, the <option>-mcld</option> option has been added to automatically generate a <computeroutput>cld</computeroutput> instruction in the prologue of functions that use string instructions. This option is used for backward compatibility on some operating systems and can be enabled by default for 32-bit x86 targets by configuring GCC with the <option>--enable-cld</option> configure option."
+msgstr "A partir de GCC 4.3.1, la opción <option>-mcld</option> ha sido agregada para generar automaicamente la instrucción <computeroutput>cld</computeroutput> en el prólogo de funciones que usen instrucciones de cadenas de caracteres. Esta opción se usa para compatibilidad hacia atrás en algunos sistemas operativos y se puede habilitar por defecto en destinos x86 de 32-bit configurando GCC con la opción <option>--enable-cld</option>."
#: en_US/Tools.xml:119(title)
msgid "Improved Haskell support"
msgstr "Soporte Haskell mejorado"
#: en_US/Tools.xml:120(para)
-msgid ""
-"Fedora 10 introduces better support for Haskell. With a new set of packaging "
-"guidelines and tools, it is incredibly easy to support any Haskell program "
-"using the Glasgow Haskell Compiler. Package creation and deployment, "
-"leveraging Fedora's quality tools plus a few new friends has never been "
-"easier. As support for Haskell grows there will be continued development for "
-"Haskell as more libraries are introduced."
-msgstr ""
-"Fedora 10 introduce un mejor soporte de Haskell. Con un nuevo lineamiento de "
-"empaquetamiento y herramientas, es realmente fácil dar soporte a cualquier "
-"programa Haskell usando el Compilador de Haskell Glasgow. La creación y "
-"distribución de paquete, que aumenta la calidad de las herramientas de "
-"Fedora así como un pequeño número de amigos, nunca ha sido tan fácil. A "
-"medida que el soporte para Haskell crece, habrá un desarrollo contínuo a "
-"medida que se vayan introduciendo nuevas bibliotecas."
+msgid "Fedora 10 introduces better support for Haskell. With a new set of packaging guidelines and tools, it is incredibly easy to support any Haskell program using the Glasgow Haskell Compiler. Package creation and deployment, leveraging Fedora's quality tools plus a few new friends has never been easier. As support for Haskell grows there will be continued development for Haskell as more libraries are introduced."
+msgstr "Fedora 10 introduce un mejor soporte de Haskell. Con un nuevo lineamiento de empaquetamiento y herramientas, es realmente fácil dar soporte a cualquier programa Haskell usando el Compilador de Haskell Glasgow. La creación y distribución de paquete, que aumenta la calidad de las herramientas de Fedora así como un pequeño número de amigos, nunca ha sido tan fácil. A medida que el soporte para Haskell crece, habrá un desarrollo contínuo a medida que se vayan introduciendo nuevas bibliotecas."
#: en_US/Tools.xml:127(para)
-msgid ""
-"Package creation is quite simple. Haskell already provides the "
-"infrastructure for compiling and deploying packages consistently. Setting up "
-"a package for Fedora takes very little time, meaning code that works in "
-"Haskell works in Fedora too."
-msgstr ""
-"La creación de paquetes es bastante simple. Haskell ya provee la "
-"infraestructura para compilar y distribuir paquetes de manera consistente. "
-"Configurar un paquete para Fedora toma poco tiempo, lo que significa que el "
-"código que funciona para Haskell funciona para Fedora también."
+msgid "Package creation is quite simple. Haskell already provides the infrastructure for compiling and deploying packages consistently. Setting up a package for Fedora takes very little time, meaning code that works in Haskell works in Fedora too."
+msgstr "La creación de paquetes es bastante simple. Haskell ya provee la infraestructura para compilar y distribuir paquetes de manera consistente. Configurar un paquete para Fedora toma poco tiempo, lo que significa que el código que funciona para Haskell funciona para Fedora también."
#: en_US/Tools.xml:132(para)
-msgid ""
-"Fedora also provides tools for enterprise deployment of Fedora packages. "
-"With the inclusion of Haskell in Fedora, the developer is now free to write "
-"enterprise level applications in Haskell and feel secure knowing the code "
-"can be used in Fedora."
-msgstr ""
-"Fedora también provee herramientas para la distribución en la empresa de "
-"paquetes de Fedora. Con la inclusión de Haskell en Fedora, el desarrollador "
-"es libre de escribir aplicaciones a nivel de la empresa en Haskell y "
-"sentirse seguro sabiendo que el código se puede usar en Fedora."
+msgid "Fedora also provides tools for enterprise deployment of Fedora packages. With the inclusion of Haskell in Fedora, the developer is now free to write enterprise level applications in Haskell and feel secure knowing the code can be used in Fedora."
+msgstr "Fedora también provee herramientas para la distribución en la empresa de paquetes de Fedora. Con la inclusión de Haskell en Fedora, el desarrollador es libre de escribir aplicaciones a nivel de la empresa en Haskell y sentirse seguro sabiendo que el código se puede usar en Fedora."
#: en_US/Tools.xml:142(title)
msgid "Extended Objective CAML OCaml Coverage"
msgstr "La cobertura de Objectiv CAML OCaml ampliamente extendida"
#: en_US/Tools.xml:143(para)
-msgid ""
-"Fedora 10 contains the OCaml 3.10.2 advanced programming language and a very "
-"comprehensive list of packages:"
-msgstr ""
-"Fedora 10 continene el lenguaje de programación avanzada OCaml 3.10.2 y una "
-"lista bastante comprensiva de paquetes:"
+msgid "Fedora 10 contains the OCaml 3.10.2 advanced programming language and a very comprehensive list of packages:"
+msgstr "Fedora 10 continene el lenguaje de programación avanzada OCaml 3.10.2 y una lista bastante comprensiva de paquetes:"
#: en_US/Tools.xml:149(para)
-msgid ""
-"OCaml was available as an update to Fedora 9 but not in the initial release."
-msgstr ""
-"OCaml estaba disponible como una actualización en Fedora 9 pero no estaba en "
-"el lanzamiento inicial."
+msgid "OCaml was available as an update to Fedora 9 but not in the initial release."
+msgstr "OCaml estaba disponible como una actualización en Fedora 9 pero no estaba en el lanzamiento inicial."
#: en_US/Tools.xml:155(title)
msgid "NetBeans"
msgstr "NetBeans"
#: en_US/Tools.xml:156(para)
-msgid ""
-"This release of Fedora includes NetBeans IDE, version 6.1. NetBeans IDE is "
-"an Integrated Development Environment (IDE) for Java, C/C++, Ruby, PHP, etc. "
-"Default configuration of the NetBeans IDE (Java SE IDE configuration) "
-"supports development of programs for the Java platform, Standard Edition "
-"(Java SE), including development of the modules for the NetBeans Platform."
-msgstr ""
-"Este lanzamiento de Fedora include el IDE de NetBeans, versión 6.1. El IDE "
-"de NetBeans es un Entorno de Desarrollo Integrado (IDE) para Java, C/C++, "
-"Ruby, PHP, etc. La configuración predeterminada del IDE NetBeans "
-"(configuración del IDE de Java SE) soporta el desarrollo de programas para "
-"la plataforma Java, Edición Estándar (Java SE), que incluye el desarrollo de "
-"los módulos para la plataforma NetBeans."
+msgid "This release of Fedora includes NetBeans IDE, version 6.1. NetBeans IDE is an Integrated Development Environment (IDE) for Java, C/C++, Ruby, PHP, etc. Default configuration of the NetBeans IDE (Java SE IDE configuration) supports development of programs for the Java platform, Standard Edition (Java SE), including development of the modules for the NetBeans Platform."
+msgstr "Este lanzamiento de Fedora include el IDE de NetBeans, versión 6.1. El IDE de NetBeans es un Entorno de Desarrollo Integrado (IDE) para Java, C/C++, Ruby, PHP, etc. La configuración predeterminada del IDE NetBeans (configuración del IDE de Java SE) soporta el desarrollo de programas para la plataforma Java, Edición Estándar (Java SE), que incluye el desarrollo de los módulos para la plataforma NetBeans."
#: en_US/Tools.xml:163(para)
-msgid ""
-"The NetBeans IDE is a modular system and includes facilities for updating "
-"and installing plugins. There is a wide spectrum of plugins for the NetBeans "
-"IDE that are provided by community members and third-party companies."
-msgstr ""
-"El IDE de NetBeans es un sistema modular e incluye infraestructura para la "
-"actualización y la instalación de complementos. Hay un amplio espectro de "
-"complementos para el IDE NetBeans que se proveen por miembros de la "
-"comunidad y otras compañías."
+msgid "The NetBeans IDE is a modular system and includes facilities for updating and installing plugins. There is a wide spectrum of plugins for the NetBeans IDE that are provided by community members and third-party companies."
+msgstr "El IDE de NetBeans es un sistema modular e incluye infraestructura para la actualización y la instalación de complementos. Hay un amplio espectro de complementos para el IDE NetBeans que se proveen por miembros de la comunidad y otras compañías."
#: en_US/Tools.xml:168(title)
msgid "NetBean resources"
msgstr "Recursos NetBean"
#: en_US/Tools.xml:171(para)
-msgid ""
-"<ulink url=\"http://www.netbeans.org/\"/> - Official site of the NetBeans "
-"project."
-msgstr ""
-"<ulink url=\"http://www.netbeans.org/\"/> - Sitio oficial del proyecto "
-"NetBeans."
+msgid "<ulink url=\"http://www.netbeans.org/\"/> - Official site of the NetBeans project."
+msgstr "<ulink url=\"http://www.netbeans.org/\"/> - Sitio oficial del proyecto NetBeans."
#: en_US/Tools.xml:175(para)
msgid "<ulink url=\"http://wiki.netbeans.org/\"/> - NetBeans Wiki pages."
msgstr "<ulink url=\"http://wiki.netbeans.org/\"/> - Páginas Wiki de NetBeans."
#: en_US/Tools.xml:179(para)
-msgid ""
-"<ulink url=\"mailto:linux-packaging@installer.netbeans.org\"/> - Mailing "
-"list for discussion of the packaging issues."
-msgstr ""
-"<ulink url=\"mailto:linux-packaging@installer.netbeans.org\"/> - Lista de "
-"correo para la discusión de cuestiones de empaquetamientos."
+msgid "<ulink url=\"mailto:linux-packaging@installer.netbeans.org\"/> - Mailing list for discussion of the packaging issues."
+msgstr "<ulink url=\"mailto:linux-packaging@installer.netbeans.org\"/> - Lista de correo para la discusión de cuestiones de empaquetamientos."
#: en_US/Tools.xml:184(para)
-msgid ""
-"<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans\"/"
-"> - Bug list for the NetBeans IDE."
-msgstr ""
-"<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans\"/"
-"> - Lista para errores del IDE NetBeans."
+msgid "<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans\"/> - Bug list for the NetBeans IDE."
+msgstr "<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans\"/> - Lista para errores del IDE NetBeans."
#: en_US/Tools.xml:189(para)
-msgid ""
-"<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans-"
-"platform8\"/> - Bug list for the NetBeans Platform."
-msgstr ""
-"<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans-"
-"platform8\"/> - Lista para errores de la Plataforma NetBeans."
+msgid "<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans-platform8\"/> - Bug list for the NetBeans Platform."
+msgstr "<ulink url=\"https://admin.fedoraproject.org/pkgdb/packages/bugs/netbeans-platform8\"/> - Lista para errores de la Plataforma NetBeans."
#: en_US/Tools.xml:194(para)
-msgid ""
-"<ulink url=\"http://www.netbeans.org/issues/\"/> - Issue Tracker of the "
-"NetBeans project. Please, use <menuchoice><guimenuitem>Component: installer</"
-"guimenuitem></menuchoice>, <menuchoice><guimenuitem>OS: Linux</guimenuitem></"
-"menuchoice>, <menuchoice><guimenuitem>Subcomponent: rpm</guimenuitem></"
-"menuchoice> to file the issues related to the NetBeans RPMs."
-msgstr ""
-"<ulink url=\"http://www.netbeans.org/issues/\"/> - Trazador de cuestiones "
-"del proyecto NetBeans. Por favor, use <menuchoice><guimenuitem>Componente: "
-"installer</guimenuitem></menuchoice>, <menuchoice><guimenuitem>OS: Linux</"
-"guimenuitem></menuchoice>, <menuchoice><guimenuitem>Subcomponente: rpm</"
-"guimenuitem></menuchoice> para informar cuestiones relacionadas con los RPMs "
-"de NetBeans."
+msgid "<ulink url=\"http://www.netbeans.org/issues/\"/> - Issue Tracker of the NetBeans project. Please, use <menuchoice><guimenuitem>Component: installer</guimenuitem></menuchoice>, <menuchoice><guimenuitem>OS: Linux</guimenuitem></menuchoice>, <menuchoice><guimenuitem>Subcomponent: rpm</guimenuitem></menuchoice> to file the issues related to the NetBeans RPMs."
+msgstr "<ulink url=\"http://www.netbeans.org/issues/\"/> - Trazador de cuestiones del proyecto NetBeans. Por favor, use <menuchoice><guimenuitem>Componente: installer</guimenuitem></menuchoice>, <menuchoice><guimenuitem>OS: Linux</guimenuitem></menuchoice>, <menuchoice><guimenuitem>Subcomponente: rpm</guimenuitem></menuchoice> para informar cuestiones relacionadas con los RPMs de NetBeans."
#: en_US/Tools.xml:209(title)
msgid "AMQP Infrastructure"
msgstr "Infraestructura AMQP"
#: en_US/Tools.xml:210(para)
-msgid ""
-"The AMQP Infrastructure package is a subset of the Red Hat Enterprise MRG. "
-"The package allows for development of scalable, interoperable, and high-"
-"performance enterprise applications."
-msgstr ""
-"El paquete de Infraestructura de AMQP es un subconjunto del MRG para "
-"Empresas de Red Hat. El paquete le permite el desarrollo de aplicaciones "
-"escalables, interoperables y de alta performance para empresas."
+msgid "The AMQP Infrastructure package is a subset of the Red Hat Enterprise MRG. The package allows for development of scalable, interoperable, and high-performance enterprise applications."
+msgstr "El paquete de Infraestructura de AMQP es un subconjunto del MRG para Empresas de Red Hat. El paquete le permite el desarrollo de aplicaciones escalables, interoperables y de alta performance para empresas."
#: en_US/Tools.xml:214(para)
msgid "More specifically it consists of the following."
@@ -1462,17 +883,11 @@ msgstr "Enlaces de Cliente para C++, Python y Java (usando la interfase JMS)"
#: en_US/Tools.xml:223(para)
msgid "A set of command line interface configuration/management utilities"
-msgstr ""
-"Un conjunto de utilitarios para la configuración/administración en línea de "
-"comando"
+msgstr "Un conjunto de utilitarios para la configuración/administración en línea de comando"
#: en_US/Tools.xml:226(para)
-msgid ""
-"A high-performance asynchronous message store for durable messages and "
-"messaging configuration."
-msgstr ""
-"Un almacén de mensajes asíncronos de alta performance para mensajes durables "
-"y configuración de mensajes."
+msgid "A high-performance asynchronous message store for durable messages and messaging configuration."
+msgstr "Un almacén de mensajes asíncronos de alta performance para mensajes durables y configuración de mensajes."
#: en_US/Tools.xml:231(title)
msgid "AMQP resources"
@@ -1483,12 +898,8 @@ msgid "For more information refer to the following resources:"
msgstr "Para más información, vaya a:"
#: en_US/Tools.xml:236(para)
-msgid ""
-"Red Hat MRG Documentation: <ulink url=\"http://www.redhat.com/mrg/resources"
-"\"/>"
-msgstr ""
-"Documentación de MRG de Red Hat: <ulink url=\"http://www.redhat.com/mrg/"
-"resources\"/>"
+msgid "Red Hat MRG Documentation: <ulink url=\"http://www.redhat.com/mrg/resources\"/>"
+msgstr "Documentación de MRG de Red Hat: <ulink url=\"http://www.redhat.com/mrg/resources\"/>"
#: en_US/Tools.xml:241(para)
msgid "AMQP Project Site: <ulink url=\"http://amqp.org/\"/>"
@@ -1499,68 +910,24 @@ msgid "Appliance building tools"
msgstr "Herramientas de construcción de Aparatos"
#: en_US/Tools.xml:250(para)
-msgid ""
-"Appliances are pre-installed and pre-configured system images. This package "
-"includes tools and meta-data that make it easier for ISVs, developers, OEMS, "
-"etc. to create and deploy virtual appliances. The two components of this "
-"feature are the ACT (Appliance Creation Tool) and the AOS (The Appliance "
-"Operating System). Install the <package>appliance-tools</package> package "
-"with <menuchoice><guimenuitem>Add/Remove Software</guimenuitem></menuchoice> "
-"or <placeholder-1/>yum."
-msgstr ""
-"Los aparatos vienen preinstalados y preconfigurados en las imágenes del "
-"sistema. Este paquete incluye herramientas y metadatos que hacen más fácil a "
-"los ISVs, desarrolladores, OMEs, etc, crear y distribuir aparatos virtuales. "
-"Los dos componentes de esta característica son el ACT (Herramienta de "
-"creación de aparatos) y el AOS (El sistema operativo de aparatos). Instale "
-"el paquete <package>appliance-tools</package> con "
-"<menuchoice><guimenuitem>Agregar/Quitar software</guimenuitem></menuchoice> "
-"o <placeholder-1/>yum."
+msgid "Appliances are pre-installed and pre-configured system images. This package includes tools and meta-data that make it easier for ISVs, developers, OEMS, etc. to create and deploy virtual appliances. The two components of this feature are the ACT (Appliance Creation Tool) and the AOS (The Appliance Operating System). Install the <package>appliance-tools</package> package with <menuchoice><guimenuitem>Add/Remove Software</guimenuitem></menuchoice> or <placeholder-1/>yum."
+msgstr "Los aparatos vienen preinstalados y preconfigurados en las imágenes del sistema. Este paquete incluye herramientas y metadatos que hacen más fácil a los ISVs, desarrolladores, OMEs, etc, crear y distribuir aparatos virtuales. Los dos componentes de esta característica son el ACT (Herramienta de creación de aparatos) y el AOS (El sistema operativo de aparatos). Instale el paquete <package>appliance-tools</package> con <menuchoice><guimenuitem>Agregar/Quitar software</guimenuitem></menuchoice> o <placeholder-1/>yum."
#: en_US/Tools.xml:261(title)
msgid "Appliance Creation Tool"
msgstr "Herramienta de creación de Aparatos "
#: en_US/Tools.xml:262(para)
-msgid ""
-"The Appliance Creation Tool is a tool that creates Appliance Images from a "
-"kickstart file. This tool uses the Live CD creator API as well as patches to "
-"the Live CD API that allow for the creation of multi-partitioned disk "
-"images. These disk images can then be booted in a virtual container such as "
-"Xen, KVM, and VMware. This tool is included in the <package>appliance-tools</"
-"package> package. This package contains tools for building appliance images "
-"on Fedora based systems including derived distributions such as RHEL, "
-"CentOS, and others."
-msgstr ""
-"La Herramienta de Creación de Aparatos es una herramienta que crea una "
-"imagen de Aparato desde un archivo kickstart. Esta herramienta usa un API de "
-"creador de CD vivo así como parches al API de CD vivo que permite la "
-"creación de imágenes de disco con varias particiones. Estas imágenes de "
-"disco pueden ser arrancados desde un contenedor virtual como Xen, KVM y "
-"VMware. Esta herramienta está incluída en el paquete <package>appliance-"
-"tools</package>. Este paquete contiene herramientas para imágenes de "
-"aparatos en sistemas basados en Fedora incluyendo las distribuciones "
-"derivadas como RHEL, CentOS y otros."
+msgid "The Appliance Creation Tool is a tool that creates Appliance Images from a kickstart file. This tool uses the Live CD creator API as well as patches to the Live CD API that allow for the creation of multi-partitioned disk images. These disk images can then be booted in a virtual container such as Xen, KVM, and VMware. This tool is included in the <package>appliance-tools</package> package. This package contains tools for building appliance images on Fedora based systems including derived distributions such as RHEL, CentOS, and others."
+msgstr "La Herramienta de Creación de Aparatos es una herramienta que crea una imagen de Aparato desde un archivo kickstart. Esta herramienta usa un API de creador de CD vivo así como parches al API de CD vivo que permite la creación de imágenes de disco con varias particiones. Estas imágenes de disco pueden ser arrancados desde un contenedor virtual como Xen, KVM y VMware. Esta herramienta está incluída en el paquete <package>appliance-tools</package>. Este paquete contiene herramientas para imágenes de aparatos en sistemas basados en Fedora incluyendo las distribuciones derivadas como RHEL, CentOS y otros."
#: en_US/Tools.xml:274(title)
msgid "Appliance Operating System"
msgstr "Sistema Operativo de Aparatos "
#: en_US/Tools.xml:275(para)
-msgid ""
-"The Appliance Operating System is a scaled down version of Fedora with a "
-"small footprint. It contains only the packages necessary to run an "
-"appliance. The hardware supported by this spin of Fedora would be limited, "
-"primarily focusing on virtual containers such as KVM and VMware. The goal is "
-"to create a base on which developers can build their applications, only "
-"pulling in packages that their software requires."
-msgstr ""
-"El Sistema Operativo para Aparatos es una versión resumida de Fedora con una "
-"pequeña nota al pie. Contiene solamente los paquetes necesarios para correr "
-"la aplicación del aparato. El equipo soportado por este spin de Fedora es "
-"limitado, principalmente para contenedores virtuales como KVM y VMware. El "
-"objetivo es crear una base sobre la que los desarrolladores pueden contruir "
-"sus aplicaciones, solamente sacando los paquetes que sus sistemas necesitan."
+msgid "The Appliance Operating System is a scaled down version of Fedora with a small footprint. It contains only the packages necessary to run an appliance. The hardware supported by this spin of Fedora would be limited, primarily focusing on virtual containers such as KVM and VMware. The goal is to create a base on which developers can build their applications, only pulling in packages that their software requires."
+msgstr "El Sistema Operativo para Aparatos es una versión resumida de Fedora con una pequeña nota al pie. Contiene solamente los paquetes necesarios para correr la aplicación del aparato. El equipo soportado por este spin de Fedora es limitado, principalmente para contenedores virtuales como KVM y VMware. El objetivo es crear una base sobre la que los desarrolladores pueden contruir sus aplicaciones, solamente sacando los paquetes que sus sistemas necesitan."
#: en_US/Tools.xml:284(title)
msgid "Appliance building tools resources"
@@ -1568,9 +935,7 @@ msgstr "Recursos de herramientas para la construcción de aparatos"
#: en_US/Tools.xml:285(para)
msgid "Appliance Tool Project Site: <ulink url=\"http://thincrust.net/\"/>"
-msgstr ""
-"Sitio del Proyecto de Herrramientas para Aparatos: <ulink url=\"http://"
-"thincrust.net/\"/>"
+msgstr "Sitio del Proyecto de Herrramientas para Aparatos: <ulink url=\"http://thincrust.net/\"/>"
#: en_US/System_services.xml:5(title)
msgid "System Services"
@@ -1581,136 +946,56 @@ msgid "Upstart"
msgstr "Upstart"
#: en_US/System_services.xml:8(para)
-msgid ""
-"Fedora 10 features the Upstart initialization system. All System V "
-"<command>init</command> scripts should run fine in compatibility mode. "
-"However, users who have made customizations to their <filename>/etc/inittab</"
-"filename> file need to port those modifications to <command>upstart</"
-"command>. For information on how <command>upstart</command> works, refer to "
-"the <command>init(8)</command> and <command>initctl(8)</command> man pages. "
-"For information on writing upstart scripts, refer to the <command>events(5)</"
-"command> man page, and also the \"Upstart Getting Started Guide\":"
-msgstr ""
-"Fedora 10 incluye el sistema de inicialización Upstart. Todos los scripts de "
-"inicio de System V deberían funcionar bien en el modo de compatibilidad. Sin "
-"embargo, los usuarios que hayan hecho personalizadiones al archivo "
-"<filename>/etc/inittab</filename> necesitarán portar esas modificaciones a "
-"upstart. Para más información sobre cómo funciona upstart, vea las páginas "
-"man de sobre cómo escribir scripts de upstart, vea <command>init(8)</"
-"command> y <command>initctl(8)</command>. Para más información sobre sómo "
-"escribir scripts de upstart, vea la página man de <ulink url=\"http://"
-"upstart.u<command>events(5)</command> y la La Guía de Inicio de Upstart:"
+msgid "Fedora 10 features the Upstart initialization system. All System V <command>init</command> scripts should run fine in compatibility mode. However, users who have made customizations to their <filename>/etc/inittab</filename> file need to port those modifications to <command>upstart</command>. For information on how <command>upstart</command> works, refer to the <command>init(8)</command> and <command>initctl(8)</command> man pages. For information on writing upstart scripts, refer to the <command>events(5)</command> man page, and also the \"Upstart Getting Started Guide\":"
+msgstr "Fedora 10 incluye el sistema de inicialización Upstart. Todos los scripts de inicio de System V deberían funcionar bien en el modo de compatibilidad. Sin embargo, los usuarios que hayan hecho personalizadiones al archivo <filename>/etc/inittab</filename> necesitarán portar esas modificaciones a upstart. Para más información sobre cómo funciona upstart, vea las páginas man de sobre cómo escribir scripts de upstart, vea <command>init(8)</command> y <command>initctl(8)</command>. Para más información sobre sómo escribir scripts de upstart, vea la página man de <ulink url=\"http://upstart.u<command>events(5)</command> y la La Guía de Inicio de Upstart:"
#: en_US/System_services.xml:23(para)
-msgid ""
-"Due to the change of <command>init</command> systems, it is recommended that "
-"users who do an upgrade on a live file system to Fedora 10, reboot soon "
-"afterwards."
-msgstr ""
-"Debido a cambios en el sistema <command>init</command>, se recomienda a los "
-"usuarios que hayan hecho una actualización en un sistema de archivo vivo a "
-"Fedora 10, que reinicien lo más antes posible."
+msgid "Due to the change of <command>init</command> systems, it is recommended that users who do an upgrade on a live file system to Fedora 10, reboot soon afterwards."
+msgstr "Debido a cambios en el sistema <command>init</command>, se recomienda a los usuarios que hayan hecho una actualización en un sistema de archivo vivo a Fedora 10, que reinicien lo más antes posible."
#: en_US/System_services.xml:28(title)
msgid "NetworkManager"
msgstr "NetworkManager"
#: en_US/System_services.xml:29(para)
-msgid ""
-"Fedora 10 features NetworkManager. NetworkManager 0.7 provides improved "
-"mobile broadband support, including GSM and CDMA devices, and now supports "
-"multiple devices, ad-hoc networking for sharing connections, and the use of "
-"system-wide network configuration. It is now enabled by default on all "
-"installations. When using NetworkManager, be aware of the following:"
-msgstr ""
-"Fedora 10 trae <ulink url=\"http://fedoraproject.org/wiki/NetworkManager"
-"\">NetworkManager</ulink> 0.7 que provee soporte mejorado para banda ancha "
-"móvil, incluyendo dispositivos GSM y CDMA, y ahora da soporte para múltiples "
-"dispositivos y redes ad-hoc para compartir conexiones, así como el uso de "
-"configuración a nivel de sistema. Ahora se habilita por defecto en todas las "
-"instalaciones. Cuando use NetworkManager, tenga en cuenta que:"
+msgid "Fedora 10 features NetworkManager. NetworkManager 0.7 provides improved mobile broadband support, including GSM and CDMA devices, and now supports multiple devices, ad-hoc networking for sharing connections, and the use of system-wide network configuration. It is now enabled by default on all installations. When using NetworkManager, be aware of the following:"
+msgstr "Fedora 10 trae <ulink url=\"http://fedoraproject.org/wiki/NetworkManager\">NetworkManager</ulink> 0.7 que provee soporte mejorado para banda ancha móvil, incluyendo dispositivos GSM y CDMA, y ahora da soporte para múltiples dispositivos y redes ad-hoc para compartir conexiones, así como el uso de configuración a nivel de sistema. Ahora se habilita por defecto en todas las instalaciones. Cuando use NetworkManager, tenga en cuenta que:"
#: en_US/System_services.xml:37(para)
-msgid ""
-"NetworkManager does not currently support all virtual device types. Users "
-"who use bridging, bonding, or VLANs may need to switch to the old "
-"<command>network</command> service after configuration of those interfaces."
-msgstr ""
-"NetworkManager todavía no soporta a todos los tipos de dispositivos "
-"virtuales. Los usuarios que usen bridging, bonding o VLANs pueden necesitar "
-"cambiar al servicio de red anterior después de configurar esas interfases."
+msgid "NetworkManager does not currently support all virtual device types. Users who use bridging, bonding, or VLANs may need to switch to the old <command>network</command> service after configuration of those interfaces."
+msgstr "NetworkManager todavía no soporta a todos los tipos de dispositivos virtuales. Los usuarios que usen bridging, bonding o VLANs pueden necesitar cambiar al servicio de red anterior después de configurar esas interfases."
#: en_US/System_services.xml:43(para)
-msgid ""
-"NetworkManager starts the network asynchronously. Users who have "
-"applications that require the network to be fully initialized during boot "
-"should set the <envar>NETWORKWAIT</envar> variable in <filename>/etc/"
-"sysconfig/network</filename>. Please file bugs about cases where this is "
-"necessary, so we can fix the applications in question."
-msgstr ""
-"NetworkManager inicia la red asincrónicamente. Los usuarios que necesiten "
-"que la red esté completamente inicializada durante el arranque deben poner "
-"la variable <option>NETWORKWAIT</option> en <filename>/etc/sysconfig/"
-"network</filename>. Por favor, <ulink url=\"https://bugzilla.redhat.com/"
-"enter_bug.cgi?product=Fedora\">informe los errores</ulink> en los casos en "
-"que esto haya sido necesario, para que se pueda corregir las aplicaciones en "
-"cuestión."
+msgid "NetworkManager starts the network asynchronously. Users who have applications that require the network to be fully initialized during boot should set the <envar>NETWORKWAIT</envar> variable in <filename>/etc/sysconfig/network</filename>. Please file bugs about cases where this is necessary, so we can fix the applications in question."
+msgstr "NetworkManager inicia la red asincrónicamente. Los usuarios que necesiten que la red esté completamente inicializada durante el arranque deben poner la variable <option>NETWORKWAIT</option> en <filename>/etc/sysconfig/network</filename>. Por favor, <ulink url=\"https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora\">informe los errores</ulink> en los casos en que esto haya sido necesario, para que se pueda corregir las aplicaciones en cuestión."
#: en_US/System_services.xml:55(title)
msgid "Autofs"
msgstr "Autofs"
#: en_US/System_services.xml:56(para)
-msgid ""
-"Autofs is no longer installed by default. Users who wish to use Autofs can "
-"choose it from the <menuchoice><guimenuitem>System Tools</guimenuitem></"
-"menuchoice> group in the installer, or with the package installation tools."
-msgstr ""
-"Autofs ya no se instala por defecto. Los usuarios que quieran usar Autofs "
-"pueden elegirlo desde el grupo de <guimenu>Herramientas del Sistema</"
-"guimenu> en el instalador, o con las herramientas de instalación de paquetes."
+msgid "Autofs is no longer installed by default. Users who wish to use Autofs can choose it from the <menuchoice><guimenuitem>System Tools</guimenuitem></menuchoice> group in the installer, or with the package installation tools."
+msgstr "Autofs ya no se instala por defecto. Los usuarios que quieran usar Autofs pueden elegirlo desde el grupo de <guimenu>Herramientas del Sistema</guimenu> en el instalador, o con las herramientas de instalación de paquetes."
#: en_US/System_services.xml:61(title)
msgid "Varnish"
msgstr "Varnish"
#: en_US/System_services.xml:62(para)
-msgid ""
-"Varnish, the high-performance HTTP acclerator, has been updated to version "
-"2.0. The VCL syntax has changed from version 1.x. Users who upgrade from 1.x "
-"must change their <filename>vcl</filename> files according to "
-"<filename>README.redhat</filename>. The most important changes are:"
-msgstr ""
-"Varnish, el acelerador HTTP de alta performance, se actualizó a la versión "
-"2.0. La sintaxis VCL ha cambiado desde la versión 1.x. Los usuarios que "
-"actualicen desde 1.x deben cambiar sus archivos <filename>vcl</filename> "
-"como se indica en <filename>README.redhat</filename>. La mayoría de los "
-"cambios importantes son:"
+msgid "Varnish, the high-performance HTTP acclerator, has been updated to version 2.0. The VCL syntax has changed from version 1.x. Users who upgrade from 1.x must change their <filename>vcl</filename> files according to <filename>README.redhat</filename>. The most important changes are:"
+msgstr "Varnish, el acelerador HTTP de alta performance, se actualizó a la versión 2.0. La sintaxis VCL ha cambiado desde la versión 1.x. Los usuarios que actualicen desde 1.x deben cambiar sus archivos <filename>vcl</filename> como se indica en <filename>README.redhat</filename>. La mayoría de los cambios importantes son:"
#: en_US/System_services.xml:70(para)
-msgid ""
-"In <filename>vcl</filename>, the word <computeroutput>insert</"
-"computeroutput> must be replaced by <computeroutput>deliver</computeroutput>"
-msgstr ""
-"En <filename>vcl</filename>, la palabra <computeroutput>insert</"
-"computeroutput> se debe reemplazar por <computeroutput>deliver</"
-"computeroutput>"
+msgid "In <filename>vcl</filename>, the word <computeroutput>insert</computeroutput> must be replaced by <computeroutput>deliver</computeroutput>"
+msgstr "En <filename>vcl</filename>, la palabra <computeroutput>insert</computeroutput> se debe reemplazar por <computeroutput>deliver</computeroutput>"
#: en_US/System_services.xml:75(para)
msgid ""
-"In the <filename>vcl</filename> declaration of backends, "
-"<computeroutput>set\n"
-"\t backend</computeroutput> has been simplified to "
-"<computeroutput>backend</computeroutput>, and elements within the backend "
-"are now just prefixed with a dot, so the default localhost configuration "
-"looks like this:"
+"In the <filename>vcl</filename> declaration of backends, <computeroutput>set\n"
+"\t backend</computeroutput> has been simplified to <computeroutput>backend</computeroutput>, and elements within the backend are now just prefixed with a dot, so the default localhost configuration looks like this:"
msgstr ""
-"En la declaración de backends de <filename>vcl</filename>, "
-"<computeroutput>set\n"
-"\t backend</computeroutput> se simplificó a <computeroutput>backend</"
-"computeroutput>, y las partes del backend tienen ahora un prefijo con un "
-"punto, por lo que la configuración de localhost predeterminada es parecida a "
-"la que sigue:"
+"En la declaración de backends de <filename>vcl</filename>, <computeroutput>set\n"
+"\t backend</computeroutput> se simplificó a <computeroutput>backend</computeroutput>, y las partes del backend tienen ahora un prefijo con un punto, por lo que la configuración de localhost predeterminada es parecida a la que sigue:"
#: en_US/System_services.xml:82(programlisting)
#, no-wrap
@@ -1728,32 +1013,16 @@ msgid "Server tools"
msgstr "Herramientas de configuración del servidor"
#: en_US/Server_tools.xml:7(para)
-msgid ""
-"This section highlights changes and additions to the various GUI server and "
-"system configuration tools in Fedora 10."
-msgstr ""
-"Esta sección resalta los cambios y agregados a las herramientas gráficas "
-"para configuración del sistema y de servidores en Fedora 10."
+msgid "This section highlights changes and additions to the various GUI server and system configuration tools in Fedora 10."
+msgstr "Esta sección resalta los cambios y agregados a las herramientas gráficas para configuración del sistema y de servidores en Fedora 10."
#: en_US/Server_tools.xml:10(title)
msgid "First Aid Kit"
msgstr "Kit de Primeros Auxilios"
#: en_US/Server_tools.xml:11(para)
-msgid ""
-"<application>Firstaidkit</application> is a fully automated recovery "
-"application that makes subsystem recovery easier for technical and non-"
-"technical users. <application>Firstaidkit</application> is designed to "
-"automatically fix problems while focusing on maintaining user data "
-"integrity. It is available in rescue mode, on the Fedora Live CD, and on "
-"running systems."
-msgstr ""
-"<application>Firstaidkit</application> es una aplicación de recuperación "
-"automatizada que simplifica la recuperación de subsistemas para usuarios "
-"técnicos y no técnicos. <application>Firstaidkit</application> se diseñó "
-"para automáticamente resolver problemas sin perder la integridad de los "
-"datos del usuario. Está disponible en modo rescate, en el CD Vivo de Fedora, "
-"y en sistemas en funcionamiento."
+msgid "<application>Firstaidkit</application> is a fully automated recovery application that makes subsystem recovery easier for technical and non-technical users. <application>Firstaidkit</application> is designed to automatically fix problems while focusing on maintaining user data integrity. It is available in rescue mode, on the Fedora Live CD, and on running systems."
+msgstr "<application>Firstaidkit</application> es una aplicación de recuperación automatizada que simplifica la recuperación de subsistemas para usuarios técnicos y no técnicos. <application>Firstaidkit</application> se diseñó para automáticamente resolver problemas sin perder la integridad de los datos del usuario. Está disponible en modo rescate, en el CD Vivo de Fedora, y en sistemas en funcionamiento."
#: en_US/Server_tools.xml:20(para)
msgid "Project site -- <ulink url=\"https://fedorahosted.org/firstaidkit/\"/>"
@@ -1773,136 +1042,71 @@ msgstr "Mejoras de Seguridad"
#: en_US/Security.xml:10(para)
msgid "Fedora continues to improve its many proactive security features."
-msgstr ""
-"Fedora continúa mejorando sus muchas <ulink url=\"http://fedoraproject.org/"
-"wiki/Security/Features\">características de seguridad</ulink> proactivas."
+msgstr "Fedora continúa mejorando sus muchas <ulink url=\"http://fedoraproject.org/wiki/Security/Features\">características de seguridad</ulink> proactivas."
#: en_US/Security.xml:17(title)
msgid "SELinux"
msgstr "SELinux"
#: en_US/Security.xml:18(para)
-msgid ""
-"The SELinux project pages have troubleshooting tips, explanations, and "
-"pointers to documentation and references. Some useful links include the "
-"following:"
-msgstr ""
-"Las páginas del proyecto SELinux tienen consejos para resolución de "
-"problemas, explicaciones y enlaces a documentación y referencias. Algunos "
-"enlaces útiles incluyen los siguientes:"
+msgid "The SELinux project pages have troubleshooting tips, explanations, and pointers to documentation and references. Some useful links include the following:"
+msgstr "Las páginas del proyecto SELinux tienen consejos para resolución de problemas, explicaciones y enlaces a documentación y referencias. Algunos enlaces útiles incluyen los siguientes:"
#: en_US/Security.xml:23(para)
-msgid ""
-"New SELinux project pages:<ulink url=\"http://fedoraproject.org/wiki/SELinux"
-"\"/>"
-msgstr ""
-"Páginas nuevas del proyecto SELinux: <ulink url=\"http://fedoraproject.org/"
-"wiki/SELinux\"/>"
+msgid "New SELinux project pages:<ulink url=\"http://fedoraproject.org/wiki/SELinux\"/>"
+msgstr "Páginas nuevas del proyecto SELinux: <ulink url=\"http://fedoraproject.org/wiki/SELinux\"/>"
#: en_US/Security.xml:27(para)
-msgid ""
-"Troubleshooting tips:<ulink url=\"http://fedoraproject.org/wiki/SELinux/"
-"Troubleshooting\"/>"
-msgstr ""
-"Consejos para resolución de problemas: <ulink url=\"http://fedoraproject.org/"
-"wiki/SELinux/Troubleshooting\"/>"
+msgid "Troubleshooting tips:<ulink url=\"http://fedoraproject.org/wiki/SELinux/Troubleshooting\"/>"
+msgstr "Consejos para resolución de problemas: <ulink url=\"http://fedoraproject.org/wiki/SELinux/Troubleshooting\"/>"
#: en_US/Security.xml:31(para)
-msgid ""
-"Frequently Asked Questions:<ulink url=\"http://docs.fedoraproject.org/"
-"selinux-faq/\"/>"
-msgstr ""
-"Preguntas más Frecuentes: <ulink url=\"http://docs.fedoraproject.org/selinux-"
-"faq/\"/>"
+msgid "Frequently Asked Questions:<ulink url=\"http://docs.fedoraproject.org/selinux-faq/\"/>"
+msgstr "Preguntas más Frecuentes: <ulink url=\"http://docs.fedoraproject.org/selinux-faq/\"/>"
#: en_US/Security.xml:35(para)
-msgid ""
-"Listing of SELinux commands:<ulink url=\"http://fedoraproject.org/wiki/"
-"SELinux/Commands\"/>"
-msgstr ""
-"Listado de los comandos SELinux: <ulink url=\"http://fedoraproject.org/wiki/"
-"SELinux/Commands\"/>"
+msgid "Listing of SELinux commands:<ulink url=\"http://fedoraproject.org/wiki/SELinux/Commands\"/>"
+msgstr "Listado de los comandos SELinux: <ulink url=\"http://fedoraproject.org/wiki/SELinux/Commands\"/>"
#: en_US/Security.xml:39(para)
-msgid ""
-"Details of confined domains:<ulink url=\"http://fedoraproject.org/wiki/"
-"SELinux/Domains\"/>"
-msgstr ""
-"Detalles de los dominios confinados: <ulink url=\"http://fedoraproject.org/"
-"wiki/SELinux/Domains\"/>"
+msgid "Details of confined domains:<ulink url=\"http://fedoraproject.org/wiki/SELinux/Domains\"/>"
+msgstr "Detalles de los dominios confinados: <ulink url=\"http://fedoraproject.org/wiki/SELinux/Domains\"/>"
#: en_US/Security.xml:45(title)
msgid "SELinux enhancements"
msgstr "Mejoras en SELinux"
#: en_US/Security.xml:46(para)
-msgid ""
-"Different roles are now available, to allow finer-grained access control:"
-msgstr ""
-"Ahora hay disponibles diferentes roles, para permitir una granularidad más "
-"fina en el control de acceso:"
+msgid "Different roles are now available, to allow finer-grained access control:"
+msgstr "Ahora hay disponibles diferentes roles, para permitir una granularidad más fina en el control de acceso:"
#: en_US/Security.xml:50(para)
-msgid ""
-"<filename>guest_t</filename> does not allow running <command>setuid</"
-"command> binaries, making network connections, or using a GUI."
-msgstr ""
-"<systemitem>guest_t</systemitem> no permite correr binarios setuid, crear "
-"conexiones de red o usar la GUI."
+msgid "<filename>guest_t</filename> does not allow running <command>setuid</command> binaries, making network connections, or using a GUI."
+msgstr "<systemitem>guest_t</systemitem> no permite correr binarios setuid, crear conexiones de red o usar la GUI."
#: en_US/Security.xml:55(para)
-msgid ""
-"<filename>xguest_t</filename> disallows network access except for HTTP via a "
-"Web browser, and no <command>setuid</command> binaries."
-msgstr ""
-"<systemitem>xguest_t</systemitem> deshabilita el acceso a la red excepto el "
-"HTTP vía un navegador Web, y sin binarios setuid."
+msgid "<filename>xguest_t</filename> disallows network access except for HTTP via a Web browser, and no <command>setuid</command> binaries."
+msgstr "<systemitem>xguest_t</systemitem> deshabilita el acceso a la red excepto el HTTP vía un navegador Web, y sin binarios setuid."
#: en_US/Security.xml:61(para)
-msgid ""
-"<filename>user_t</filename> is ideal for office users: prevents becoming "
-"root via <command>setuid</command> applications."
-msgstr ""
-"<systemitem>user_t</systemitem> es ideal para usuarios de oficina: lo que "
-"evita convertirse a root vía aplicaciones setuid."
+msgid "<filename>user_t</filename> is ideal for office users: prevents becoming root via <command>setuid</command> applications."
+msgstr "<systemitem>user_t</systemitem> es ideal para usuarios de oficina: lo que evita convertirse a root vía aplicaciones setuid."
#: en_US/Security.xml:66(para)
-msgid ""
-"<filename>staff_t</filename> is same as <filename>user_t</filename>, except "
-"that root-level access via <command>sudo</command> is allowed."
-msgstr ""
-"<systemitem>staff_t</systemitem> es similar a <systemitem>user_t</"
-"systemitem>, excepto que el acceso de root vía <command>sudo</command> está "
-"permitido."
+msgid "<filename>staff_t</filename> is same as <filename>user_t</filename>, except that root-level access via <command>sudo</command> is allowed."
+msgstr "<systemitem>staff_t</systemitem> es similar a <systemitem>user_t</systemitem>, excepto que el acceso de root vía <command>sudo</command> está permitido."
#: en_US/Security.xml:71(para)
-msgid ""
-"<filename>unconfined_t</filename> provides full access, the same as when not "
-"using SELinux."
-msgstr ""
-"<systemitem>unconfined_t</systemitem> provee acceso completo, como si fuera "
-"que no usa SELinux."
+msgid "<filename>unconfined_t</filename> provides full access, the same as when not using SELinux."
+msgstr "<systemitem>unconfined_t</systemitem> provee acceso completo, como si fuera que no usa SELinux."
#: en_US/Security.xml:75(para)
-msgid ""
-"Browser plug-ins wrapped with <command>nspluginwrapper</command>, which is "
-"the default, are confined by SELinux policy."
-msgstr ""
-"También, los complementos del navegador encapsulados con "
-"<package>nspluginwrapper</package>, que es el predeterminado, ahora corren "
-"confinados."
+msgid "Browser plug-ins wrapped with <command>nspluginwrapper</command>, which is the default, are confined by SELinux policy."
+msgstr "También, los complementos del navegador encapsulados con <package>nspluginwrapper</package>, que es el predeterminado, ahora corren confinados."
#: en_US/Security.xml:78(para)
-msgid ""
-"SELinux and the Firefox <command>mozplugger</command> infrastructure may not "
-"work together as expected, due to fundamentally different goals for each. As "
-"a test or solution, to turn off SELinux confinement of <command>nsplugin</"
-"command>, run this command:"
-msgstr ""
-"SELinux y la infraestructura <command>mozplugger</command> de Firefox pueden "
-"no funcionar como se espera, debido a objetivos totalmente distintos entre "
-"ellos. Como prueba o solución, deshabilite el confinamiento de "
-"<command>nsplugin</command> en SELinux, con este comando:"
+msgid "SELinux and the Firefox <command>mozplugger</command> infrastructure may not work together as expected, due to fundamentally different goals for each. As a test or solution, to turn off SELinux confinement of <command>nsplugin</command>, run this command:"
+msgstr "SELinux y la infraestructura <command>mozplugger</command> de Firefox pueden no funcionar como se espera, debido a objetivos totalmente distintos entre ellos. Como prueba o solución, deshabilite el confinamiento de <command>nsplugin</command> en SELinux, con este comando:"
#: en_US/Security.xml:84(userinput)
#, no-wrap
@@ -1914,66 +1118,32 @@ msgid "Security audit package"
msgstr "Paquete que contiene el programa"
#: en_US/Security.xml:88(para)
-msgid ""
-"The new <application>sectool</application> provides users with a tool to "
-"check their systems for security issues. Included libraries allow for the "
-"customization of system tests. More information can be found at the project "
-"home:"
-msgstr ""
-"<application>Sectool</application> provee a los usuarios de una herramienta "
-"que puede chequear las cuestiones de seguridad de sus sistemas. Hay "
-"bibliotecas que se incluyen para permitir la personalización de las pruebas "
-"de sistema. Más información se puede encontrar en la página del proyecto:"
+msgid "The new <application>sectool</application> provides users with a tool to check their systems for security issues. Included libraries allow for the customization of system tests. More information can be found at the project home:"
+msgstr "<application>Sectool</application> provee a los usuarios de una herramienta que puede chequear las cuestiones de seguridad de sus sistemas. Hay bibliotecas que se incluyen para permitir la personalización de las pruebas de sistema. Más información se puede encontrar en la página del proyecto:"
#: en_US/Security.xml:97(title)
msgid "General information"
msgstr "Información general"
#: en_US/Security.xml:98(para)
-msgid ""
-"A general introduction to the many proactive security features in Fedora, "
-"current status, and policies is available at <ulink url=\"http://"
-"fedoraproject.org/wiki/Security\"/>."
-msgstr ""
-"Una introducción general a las muchas características de seguridad proactiva "
-"en Fedora, el estado actual y las políticas disponibles en <ulink url="
-"\"http://fedoraproject.org/wiki/Security\"/>."
+msgid "A general introduction to the many proactive security features in Fedora, current status, and policies is available at <ulink url=\"http://fedoraproject.org/wiki/Security\"/>."
+msgstr "Una introducción general a las muchas características de seguridad proactiva en Fedora, el estado actual y las políticas disponibles en <ulink url=\"http://fedoraproject.org/wiki/Security\"/>."
#: en_US/Samba_-_Windows_compatibility.xml:6(title)
msgid "Samba - Windows compatibility"
msgstr "Samba - Compatibilidad Windows"
#: en_US/Samba_-_Windows_compatibility.xml:7(para)
-msgid ""
-"This section contains information related to Samba, the suite of software "
-"Fedora uses to interact with Microsoft Windows systems."
-msgstr ""
-"Esta sección contiene información relacionada con la implementación de "
-"Samba, la suite de software que Fedora utiliza para interactuar con los "
-"sistemas de Windows de Microsoft."
+msgid "This section contains information related to Samba, the suite of software Fedora uses to interact with Microsoft Windows systems."
+msgstr "Esta sección contiene información relacionada con la implementación de Samba, la suite de software que Fedora utiliza para interactuar con los sistemas de Windows de Microsoft."
#: en_US/Samba_-_Windows_compatibility.xml:10(para)
-msgid ""
-"Fedora 10 includes <package>samba-3.2.1</package>. This is only a minor "
-"release over the version included in Fedora 9, 3.2.0, so users upgrading "
-"from Fedora 9 should see no specific issues. However, users upgrading from "
-"earlier versions of Samba are advised to carefully review the Samba 3.2 "
-"release notes:"
-msgstr ""
-"Fedora 10 incluye <package>samba-3.2.1</package>. Este es solamente un "
-"lanzamiento menor a diferencia del que se incluyó en Fedora 9, el 3.2.0, por "
-"lo que los usuarios que actualicen desde Fedora 9 no deberían tener "
-"inconvenientes. Sin embargo, a los usuarios que actualicen desde versiones "
-"anteriores de Samba, se les avisa que revisen cuidadosamente las notas del "
-"lanzamiento de Samba 3.2:"
+msgid "Fedora 10 includes <package>samba-3.2.1</package>. This is only a minor release over the version included in Fedora 9, 3.2.0, so users upgrading from Fedora 9 should see no specific issues. However, users upgrading from earlier versions of Samba are advised to carefully review the Samba 3.2 release notes:"
+msgstr "Fedora 10 incluye <package>samba-3.2.1</package>. Este es solamente un lanzamiento menor a diferencia del que se incluyó en Fedora 9, el 3.2.0, por lo que los usuarios que actualicen desde Fedora 9 no deberían tener inconvenientes. Sin embargo, a los usuarios que actualicen desde versiones anteriores de Samba, se les avisa que revisen cuidadosamente las notas del lanzamiento de Samba 3.2:"
#: en_US/Samba_-_Windows_compatibility.xml:20(para)
-msgid ""
-"In addition, the news articles on Samba 3.2 also highlight some of the major "
-"changes:"
-msgstr ""
-"Además, las noticias sobre Samba 3.2 también denotan algunos cambios "
-"importantes:"
+msgid "In addition, the news articles on Samba 3.2 also highlight some of the major changes:"
+msgstr "Además, las noticias sobre Samba 3.2 también denotan algunos cambios importantes:"
#: en_US/Runtime.xml:6(title)
msgid "Runtime"
@@ -1984,51 +1154,27 @@ msgid "Python NSS bindings"
msgstr "Enlaces NSS para Python"
#: en_US/Runtime.xml:9(para)
-msgid ""
-"Python bindings for NSS/NSPR allow Python programs to utilize the NSS "
-"cryptographic libraries for SSL/TLS and PKI certificate management. The "
-"<package>python-nss</package> package provides a Python binding to the NSS "
-"and NSPR support libraries."
-msgstr ""
-"Los enlaces a Python para NSS/NSPR permiten a los programas en Python "
-"utilizar las bibliotecas de criptografía para la administración de "
-"certificados SSL/TLS y PKI. El paquete <package>python-nss</package> provee "
-"un enlace a Python a las bibliotecas de soporte NSS y NSPR."
+msgid "Python bindings for NSS/NSPR allow Python programs to utilize the NSS cryptographic libraries for SSL/TLS and PKI certificate management. The <package>python-nss</package> package provides a Python binding to the NSS and NSPR support libraries."
+msgstr "Los enlaces a Python para NSS/NSPR permiten a los programas en Python utilizar las bibliotecas de criptografía para la administración de certificados SSL/TLS y PKI. El paquete <package>python-nss</package> provee un enlace a Python a las bibliotecas de soporte NSS y NSPR."
#: en_US/Runtime.xml:15(para)
-msgid ""
-"Network Security Services (NSS) is a set of libraries supporting security-"
-"enabled client and server applications. Applications built with NSS can "
-"support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, "
-"X.509 v3 certificates and other security standards. NSS has received FIPS "
-"140 validation from NIST."
-msgstr ""
-"Los Servicios de Seguridad de Red (NSS en inglés) son un conjunto de "
-"bibliotecas que soportan clientes con seguridad habilitada y aplicaciones "
-"servidores. Las aplicaciones construídas con NSS pueden soportar "
-"certificados SSL v2 y v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, "
-"X.509 v3, así como otros estándares. NSS ha recibido la validación FIPS 140 "
-"de NIST."
+msgid "Network Security Services (NSS) is a set of libraries supporting security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates and other security standards. NSS has received FIPS 140 validation from NIST."
+msgstr "Los Servicios de Seguridad de Red (NSS en inglés) son un conjunto de bibliotecas que soportan clientes con seguridad habilitada y aplicaciones servidores. Las aplicaciones construídas con NSS pueden soportar certificados SSL v2 y v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3, así como otros estándares. NSS ha recibido la validación FIPS 140 de NIST."
#: en_US/Runtime.xml:25(para)
-msgid ""
-"<ulink url=\"http://people.redhat.com/jdennis/python-nss/doc/api/html/index."
-"html\"/> -- Library Documentation"
-msgstr ""
-"<ulink url=\"http://people.redhat.com/jdennis/python-nss/doc/api/html/index."
-"html\"/> -- Documentación de la Biblioteca"
+msgid "<ulink url=\"http://people.redhat.com/jdennis/python-nss/doc/api/html/index.html\"/> -- Library Documentation"
+msgstr "<ulink url=\"http://people.redhat.com/jdennis/python-nss/doc/api/html/index.html\"/> -- Documentación de la Biblioteca"
#. edition is used for RPM version
-#: en_US/Revision_History.xml:7(revnumber) en_US/Article_Info.xml:12(issuenum)
+#: en_US/Revision_History.xml:7(revnumber)
+#: en_US/Article_Info.xml:12(issuenum)
#: en_US/Article_Info.xml:14(edition)
-#, fuzzy
msgid "10.0.0"
-msgstr "1.0"
+msgstr "10.0.0"
#: en_US/Revision_History.xml:8(date)
-#, fuzzy
msgid "2008-11-15"
-msgstr "2008-10-15"
+msgstr "2008-11-15"
#: en_US/Revision_History.xml:10(firstname)
#: en_US/Revision_History.xml:37(firstname)
@@ -2044,7 +1190,7 @@ msgstr "Frields"
#: en_US/Revision_History.xml:15(member)
msgid "Collected final changes for F10 GA"
-msgstr ""
+msgstr "Cambios finales juntados para F10 GA"
#: en_US/Revision_History.xml:20(revnumber)
msgid "9.92.1"
@@ -2064,9 +1210,7 @@ msgstr "Wade"
#: en_US/Revision_History.xml:28(member)
msgid "Content pulled from wiki; changes to match Publican; cruft removed"
-msgstr ""
-"Contenido extraído de la wiki; los cambios coinciden con Publican; se "
-"eliminó lo innecesario"
+msgstr "Contenido extraído de la wiki; los cambios coinciden con Publican; se eliminó lo innecesario"
#: en_US/Revision_History.xml:34(revnumber)
msgid "9.92"
@@ -2106,117 +1250,48 @@ msgid "Printing"
msgstr "Impresión"
#: en_US/Printing.xml:7(para)
-msgid ""
-"The print manager (<command>system-config-printer</command> or "
-"<guimenu>System</guimenu><guisubmenu>Administration</"
-"guisubmenu><guimenuitem>Printing</guimenuitem>) user interface has been "
-"overhauled to look friendlier and be more in line with modern desktop "
-"applications. The <command>system-config-printer</command> application no "
-"longer needs to be run as the root user."
-msgstr ""
-"La interfase del usuario del administrador de impresión (<command>system-"
-"config-printer</command> o <guimenu>System</"
-"guimenu><guisubmenu>Administration</guisubmenu><guimenuitem>Printing</"
-"guimenuitem>) se rediseñó para que sea más amigable y más en línea con las "
-"aplicaciones de escritorio modernas. La aplicación <command>system-config-"
-"printer</command> ya no necesita ejecutarse como root."
+msgid "The print manager (<command>system-config-printer</command> or <guimenu>System</guimenu><guisubmenu>Administration</guisubmenu><guimenuitem>Printing</guimenuitem>) user interface has been overhauled to look friendlier and be more in line with modern desktop applications. The <command>system-config-printer</command> application no longer needs to be run as the root user."
+msgstr "La interfase del usuario del administrador de impresión (<command>system-config-printer</command> o <guimenu>System</guimenu><guisubmenu>Administration</guisubmenu><guimenuitem>Printing</guimenuitem>) se rediseñó para que sea más amigable y más en línea con las aplicaciones de escritorio modernas. La aplicación <command>system-config-printer</command> ya no necesita ejecutarse como root."
#: en_US/Printing.xml:12(para)
msgid "Other changes include:"
msgstr "Otros cambios incluyen:"
#: en_US/Printing.xml:16(para)
-msgid ""
-"The configuration tool window has been made easier to use. Double-clicking "
-"on a printer icon opens a properties dialog window. This replaces the old "
-"behavior of a list of printer names on the left and properties for the "
-"selected printer on the right."
-msgstr ""
-"La ventana de la herramienta de configuración se hizo más fácil de usar. El "
-"doble clic sobre el ícono de una impresora abre una ventana de diálogo con "
-"las propieades. Esto reemplaza el comportamiento anterior de una lista de "
-"nombres de impresora a la izquierda y las propiedades de la impresora a la "
-"derecha."
+msgid "The configuration tool window has been made easier to use. Double-clicking on a printer icon opens a properties dialog window. This replaces the old behavior of a list of printer names on the left and properties for the selected printer on the right."
+msgstr "La ventana de la herramienta de configuración se hizo más fácil de usar. El doble clic sobre el ícono de una impresora abre una ventana de diálogo con las propieades. Esto reemplaza el comportamiento anterior de una lista de nombres de impresora a la izquierda y las propiedades de la impresora a la derecha."
#: en_US/Printing.xml:22(para)
-msgid ""
-"The CUPS authentication dialog selects the appropriate user-name and allows "
-"it to be altered mid-operation."
-msgstr ""
-"El diálogo de autenticación de CUPS selecciona el nombre de usuario "
-"apropiado y le permite modificarlo a mitad de la operación."
+msgid "The CUPS authentication dialog selects the appropriate user-name and allows it to be altered mid-operation."
+msgstr "El diálogo de autenticación de CUPS selecciona el nombre de usuario apropiado y le permite modificarlo a mitad de la operación."
#: en_US/Printing.xml:25(para)
-msgid ""
-"When the configuration tool is running, the list of printers is updated "
-"dynamically."
-msgstr ""
-"Cuando la herramienta de configuración está corriendo, la lista de "
-"impresoras se actualiza dinámicamente."
+msgid "When the configuration tool is running, the list of printers is updated dynamically."
+msgstr "Cuando la herramienta de configuración está corriendo, la lista de impresoras se actualiza dinámicamente."
#: en_US/Printing.xml:28(para)
-msgid ""
-"All jobs queued for a specific printer can be seen by right-clicking on a "
-"printer icon and selecting <guimenuitem>View Print Queue</guimenuitem>. To "
-"see jobs queued on several printers, select the desired printers first "
-"before right-clicking. To see all jobs, right-click with no printers "
-"selected."
-msgstr ""
-"Todos los trabajos encolados para una impresora específica se puede ver "
-"haciendo clic con el botón de la derecha en un ícono de impresora y "
-"seleccionado <guimenuitem>Ver la Cola de Impresión</guimenuitem>. Para ver "
-"los trabajos encolados en varias impresoras, seleccione las impresoras "
-"deseadas, antes de hacer clic con el botón de la derecha. Para ver todos los "
-"trabajos, haga clic con el botón de la derecha cuando no haya ninguna "
-"impresora seleccionada."
+msgid "All jobs queued for a specific printer can be seen by right-clicking on a printer icon and selecting <guimenuitem>View Print Queue</guimenuitem>. To see jobs queued on several printers, select the desired printers first before right-clicking. To see all jobs, right-click with no printers selected."
+msgstr "Todos los trabajos encolados para una impresora específica se puede ver haciendo clic con el botón de la derecha en un ícono de impresora y seleccionado <guimenuitem>Ver la Cola de Impresión</guimenuitem>. Para ver los trabajos encolados en varias impresoras, seleccione las impresoras deseadas, antes de hacer clic con el botón de la derecha. Para ver todos los trabajos, haga clic con el botón de la derecha cuando no haya ninguna impresora seleccionada."
#: en_US/Printing.xml:35(para)
-msgid ""
-"The job monitoring tool displays a message when a job has failed. The "
-"message indicates whether the printer has been stopped as a result shown in "
-"the message. A <guibutton>Diagnose</guibutton> button starts the trouble-"
-"shooter."
-msgstr ""
-"La herramienta monitora de trabajo muestra un mensaje cuando un trabajo ha "
-"fallado. Si la impresora se detuvo, se muestra en un mensaje. Un botón "
-"<guibutton>Diagnosticar</guibutton> inicia el asistente de problemas."
+msgid "The job monitoring tool displays a message when a job has failed. The message indicates whether the printer has been stopped as a result shown in the message. A <guibutton>Diagnose</guibutton> button starts the trouble-shooter."
+msgstr "La herramienta monitora de trabajo muestra un mensaje cuando un trabajo ha fallado. Si la impresora se detuvo, se muestra en un mensaje. Un botón <guibutton>Diagnosticar</guibutton> inicia el asistente de problemas."
#: en_US/Printing.xml:41(para)
-msgid ""
-"The job monitoring tool now performs proxy authentication. A submitted job "
-"that requires authentication on the CUPS backend now displays an "
-"authentication dialog so the job can proceed."
-msgstr ""
-"La herramienta de monitoreo de trabajos ahora realiza la autenticación de "
-"proxy. Un trabajo ingresado que requiera autenticación en los servicios de "
-"CUPS, ahora muestra un diálogo de autenticación para que el trabajo pueda "
-"proceder."
+msgid "The job monitoring tool now performs proxy authentication. A submitted job that requires authentication on the CUPS backend now displays an authentication dialog so the job can proceed."
+msgstr "La herramienta de monitoreo de trabajos ahora realiza la autenticación de proxy. Un trabajo ingresado que requiera autenticación en los servicios de CUPS, ahora muestra un diálogo de autenticación para que el trabajo pueda proceder."
#: en_US/Printing.xml:46(para)
-msgid ""
-"The print status dialog (for GTK+) gives more feedback about the status of "
-"printers. For example, printers that are out of paper show a small warning "
-"emblem on their icon. Paused printers also show an emblem, and printers that "
-"are rejecting jobs are shown as grayed-out to signify they are not available."
-msgstr ""
-"El diálogo de estado de la impresora (para GTK+) da más información acerca "
-"del estado de las impresoras, por ejemplo, las impresoras que no tengan "
-"papel muestran un pequeño emblema de aviso en su ícono. Las impresoras "
-"detenidas también muestran un emblema, y las impresoras que están rechazando "
-"trabajos se muestran en grisado con lo que se denota que no están "
-"disponibles."
+msgid "The print status dialog (for GTK+) gives more feedback about the status of printers. For example, printers that are out of paper show a small warning emblem on their icon. Paused printers also show an emblem, and printers that are rejecting jobs are shown as grayed-out to signify they are not available."
+msgstr "El diálogo de estado de la impresora (para GTK+) da más información acerca del estado de las impresoras, por ejemplo, las impresoras que no tengan papel muestran un pequeño emblema de aviso en su ícono. Las impresoras detenidas también muestran un emblema, y las impresoras que están rechazando trabajos se muestran en grisado con lo que se denota que no están disponibles."
#: en_US/PPC_specifics_for_Fedora.xml:5(title)
msgid "PPC specifics for Fedora"
msgstr "PPC en Fedora"
#: en_US/PPC_specifics_for_Fedora.xml:6(para)
-msgid ""
-"This section covers specific information about Fedora and the PPC (Power PC) "
-"hardware platform."
-msgstr ""
-"Esta sección cubre cualquier información específica de Fedora y la "
-"plataforma de hardware PPC."
+msgid "This section covers specific information about Fedora and the PPC (Power PC) hardware platform."
+msgstr "Esta sección cubre cualquier información específica de Fedora y la plataforma de hardware PPC."
#: en_US/PPC_specifics_for_Fedora.xml:9(title)
msgid "Hardware requirements for PPC"
@@ -2227,45 +1302,24 @@ msgid "Minimum CPU: PowerPC G3 / POWER3"
msgstr "CPU mínimo; PowerPC G3 / POWER3"
#: en_US/PPC_specifics_for_Fedora.xml:16(para)
-msgid ""
-"Fedora 10 supports the New World generation of Apple Power Macintosh, "
-"shipped from circa 1999 onward. Although Old World machines should work, "
-"they require a special bootloader which is not included in the Fedora "
-"distribution. Fedora has also been installed and tested on POWER5 and POWER6 "
-"machines."
-msgstr ""
-"Fedora 10 soporta sólo la generación \"Mundo Nuevo\" de la Apple Power "
-"Macintosh, que viene desde circa 1999 en adelante. A pesar que debería "
-"funcionar en las máquinas del \"Viejo Mundo\", se requiere un cargador de "
-"arranque especial que no se incluye en la distribución de Fedora."
+msgid "Fedora 10 supports the New World generation of Apple Power Macintosh, shipped from circa 1999 onward. Although Old World machines should work, they require a special bootloader which is not included in the Fedora distribution. Fedora has also been installed and tested on POWER5 and POWER6 machines."
+msgstr "Fedora 10 soporta sólo la generación \"Mundo Nuevo\" de la Apple Power Macintosh, que viene desde circa 1999 en adelante. A pesar que debería funcionar en las máquinas del \"Viejo Mundo\", se requiere un cargador de arranque especial que no se incluye en la distribución de Fedora."
#: en_US/PPC_specifics_for_Fedora.xml:23(para)
msgid "Fedora 10 supports pSeries and Cell Broadband Engine machines."
-msgstr ""
-"Fedora 10 también soporta IBM pSeries, y equipos IBM Cell Broadband Engine."
+msgstr "Fedora 10 también soporta IBM pSeries, y equipos IBM Cell Broadband Engine."
#: en_US/PPC_specifics_for_Fedora.xml:26(para)
-msgid ""
-"Fedora 10 also supports the Sony PlayStation 3 and Genesi Pegasos II and "
-"Efika."
-msgstr ""
-"Fedora 10 también soporta la Sony PlayStation 3 y Genesi Pegasos II y Efika."
+msgid "Fedora 10 also supports the Sony PlayStation 3 and Genesi Pegasos II and Efika."
+msgstr "Fedora 10 también soporta la Sony PlayStation 3 y Genesi Pegasos II y Efika."
#: en_US/PPC_specifics_for_Fedora.xml:29(para)
-msgid ""
-"Fedora 10 includes new hardware support for the P.A. Semiconductor 'Electra' "
-"machines."
-msgstr ""
-"Fedora 10 incluye un nuevo soporte de hardware para máquinas P.A. "
-"Semiconductor 'Electra'."
+msgid "Fedora 10 includes new hardware support for the P.A. Semiconductor 'Electra' machines."
+msgstr "Fedora 10 incluye un nuevo soporte de hardware para máquinas P.A. Semiconductor 'Electra'."
#: en_US/PPC_specifics_for_Fedora.xml:32(para)
-msgid ""
-"Fedora 10 also includes support for Terrasoft Solutions powerstation "
-"workstations."
-msgstr ""
-"Fedora 10 también incluye soporte para las estaciones de trabajo Terrasoft "
-"Solutions powerstation."
+msgid "Fedora 10 also includes support for Terrasoft Solutions powerstation workstations."
+msgstr "Fedora 10 también incluye soporte para las estaciones de trabajo Terrasoft Solutions powerstation."
#: en_US/PPC_specifics_for_Fedora.xml:35(para)
msgid "Recommended for text-mode: 233 MHz G3 or better, 128MiB RAM."
@@ -2276,144 +1330,56 @@ msgid "Recommended for graphical: 400 MHz G3 or better, 256MiB RAM."
msgstr "Para gráficos: 400 MHz G3 o mejor, 256 MB RAM."
#: en_US/PPC_specifics_for_Fedora.xml:44(para)
-msgid ""
-"The complete packages can occupy over 9 GiB of disk space. Final size is "
-"entirely determined by the installing spin and the packages selected during "
-"installation. Additional disk space is required during installation to "
-"support the installation environment. This additional disk space corresponds "
-"to the size of <filename>/Fedora/base/stage2.img</filename> (on Installation "
-"Disc 1) plus the size of the files in <filename>/var/lib/rpm</filename> on "
-"the installed system."
-msgstr ""
-"Todos los paquetes pueden ocupar hasta 9 GB de espacio en disco. El tamaño "
-"final está determinado por el medio de instalación y los paquetes que se "
-"hayan seleccionado. Se requerirá espacio de disco adicional para dar soporte "
-"al entorno de instalación. Este espacio adicional corresponde al tamaño de "
-"<filename>/Fedora/base/stage2.img</filename> (en el Disco 1 de Instalación) "
-"más el tamaño de los archivos en <filename class=\"directory\">/var/lib/rpm</"
-"filename> en el sistema instalado."
+msgid "The complete packages can occupy over 9 GiB of disk space. Final size is entirely determined by the installing spin and the packages selected during installation. Additional disk space is required during installation to support the installation environment. This additional disk space corresponds to the size of <filename>/Fedora/base/stage2.img</filename> (on Installation Disc 1) plus the size of the files in <filename>/var/lib/rpm</filename> on the installed system."
+msgstr "Todos los paquetes pueden ocupar hasta 9 GB de espacio en disco. El tamaño final está determinado por el medio de instalación y los paquetes que se hayan seleccionado. Se requerirá espacio de disco adicional para dar soporte al entorno de instalación. Este espacio adicional corresponde al tamaño de <filename>/Fedora/base/stage2.img</filename> (en el Disco 1 de Instalación) más el tamaño de los archivos en <filename class=\"directory\">/var/lib/rpm</filename> en el sistema instalado."
#: en_US/PPC_specifics_for_Fedora.xml:52(para)
-msgid ""
-"In practical terms, additional space requirements may range from as little "
-"as 90 MiB for a minimal installation to as much as an additional 175 MiB for "
-"a larger installation."
-msgstr ""
-"En términos prácticos, los requerimientos de espacio adicional puede ir "
-"desde 90MB para una instalación mínima hasta 175MB para una instalación más "
-"grande."
+msgid "In practical terms, additional space requirements may range from as little as 90 MiB for a minimal installation to as much as an additional 175 MiB for a larger installation."
+msgstr "En términos prácticos, los requerimientos de espacio adicional puede ir desde 90MB para una instalación mínima hasta 175MB para una instalación más grande."
#: en_US/PPC_specifics_for_Fedora.xml:56(para)
-msgid ""
-"Additional space is also required for any user data, and at least 5% free "
-"space should be maintained for proper system operation."
-msgstr ""
-"También se necesita espacio adicional para los datos del usuario, y se debe "
-"reservar al menos un 5% de espacio libre para el funcionamiento adecuado del "
-"sistema."
+msgid "Additional space is also required for any user data, and at least 5% free space should be maintained for proper system operation."
+msgstr "También se necesita espacio adicional para los datos del usuario, y se debe reservar al menos un 5% de espacio libre para el funcionamiento adecuado del sistema."
#: en_US/PPC_specifics_for_Fedora.xml:61(title)
msgid "4 KiB pages on 64-bit machines"
msgstr "Páginas de 4 KiB en máquinas de 64-bit"
#: en_US/PPC_specifics_for_Fedora.xml:62(para)
-msgid ""
-"After a brief experiment with 64KiB pages in Fedora Core 6, the PowerPC64 "
-"kernel has now been switched back to 4KiB pages. The installer should "
-"reformat any swap partitions automatically during an upgrade."
-msgstr ""
-"Después de un breve experimento con páginas de 64KiB en Fedora Core 6, el "
-"kernel de PowerPC64 fue vuelto a páginas de 4KiB. El instalador debe "
-"reformatear todas las particiones swap automáticamente durante la "
-"actualización."
+msgid "After a brief experiment with 64KiB pages in Fedora Core 6, the PowerPC64 kernel has now been switched back to 4KiB pages. The installer should reformat any swap partitions automatically during an upgrade."
+msgstr "Después de un breve experimento con páginas de 64KiB en Fedora Core 6, el kernel de PowerPC64 fue vuelto a páginas de 4KiB. El instalador debe reformatear todas las particiones swap automáticamente durante la actualización."
#: en_US/PPC_specifics_for_Fedora.xml:67(title)
msgid "The Apple keyboard"
msgstr "El teclado de la Apple"
#: en_US/PPC_specifics_for_Fedora.xml:68(para)
-msgid ""
-"The <keycap>Option</keycap> key on Apple systems is equivalent to the "
-"<keycap>Alt</keycap> key on the PC. Where documentation and the installer "
-"refer to the <keycap>Alt</keycap> key, use the <keycap>Option</keycap> key. "
-"For some key combinations you may need to use the <keycap>Option</keycap> "
-"key in conjunction with the <keycap>Fn</keycap> key, such as "
-"<keycombo><keycap>Option</keycap><keycap>Fn</keycap><keycap>F3</keycap></"
-"keycombo> to switch to virtual terminal tty3."
-msgstr ""
-"La tecla <keycap>Option</keycap> en sistemas Apple es equivalente a la tecla "
-"<keycap>Alt</keycap> en la PC. En donde la documentación y el instalador "
-"diga que use la tecla <keycap>Alt</keycap>, use la tecla <keycap>Option</"
-"keycap>. Para algunas combinaciones de teclas puede necesitar usar la tecla "
-"<keycap>Option</keycap> junto con la tecla <keycap>Fn</keycap>, tal como en "
-"<keycombo><keycap>Option</keycap><keycap>Fn</keycap><keycap>F3</keycap></"
-"keycombo> para cambiar a la terminal virtual tty3."
+msgid "The <keycap>Option</keycap> key on Apple systems is equivalent to the <keycap>Alt</keycap> key on the PC. Where documentation and the installer refer to the <keycap>Alt</keycap> key, use the <keycap>Option</keycap> key. For some key combinations you may need to use the <keycap>Option</keycap> key in conjunction with the <keycap>Fn</keycap> key, such as <keycombo><keycap>Option</keycap><keycap>Fn</keycap><keycap>F3</keycap></keycombo> to switch to virtual terminal tty3."
+msgstr "La tecla <keycap>Option</keycap> en sistemas Apple es equivalente a la tecla <keycap>Alt</keycap> en la PC. En donde la documentación y el instalador diga que use la tecla <keycap>Alt</keycap>, use la tecla <keycap>Option</keycap>. Para algunas combinaciones de teclas puede necesitar usar la tecla <keycap>Option</keycap> junto con la tecla <keycap>Fn</keycap>, tal como en <keycombo><keycap>Option</keycap><keycap>Fn</keycap><keycap>F3</keycap></keycombo> para cambiar a la terminal virtual tty3."
#: en_US/PPC_specifics_for_Fedora.xml:80(title)
msgid "PPC installation notes"
msgstr "Notas de Instalación de PPC"
#: en_US/PPC_specifics_for_Fedora.xml:81(para)
-msgid ""
-"Fedora Installation Disc 1 is bootable on supported hardware. In addition, a "
-"bootable CD image appears in the <filename>images/</filename> directory of "
-"this disc. These images behave differently according to your system hardware:"
-msgstr ""
-"El disco 1 de Instalación de Fedora es arrancable en el hardware que lo "
-"admita. Además, una imágen de CD arrancable aparece en el directorio "
-"<filename class=\"directory\">images/</filename> de este disco. Estas "
-"imágenes se comportan de manera distinta de acuerdo al equipamiento de su "
-"sistema:"
+msgid "Fedora Installation Disc 1 is bootable on supported hardware. In addition, a bootable CD image appears in the <filename>images/</filename> directory of this disc. These images behave differently according to your system hardware:"
+msgstr "El disco 1 de Instalación de Fedora es arrancable en el hardware que lo admita. Además, una imágen de CD arrancable aparece en el directorio <filename class=\"directory\">images/</filename> de este disco. Estas imágenes se comportan de manera distinta de acuerdo al equipamiento de su sistema:"
#: en_US/PPC_specifics_for_Fedora.xml:88(para)
-msgid ""
-"On most machines -- The bootloader automatically boots the appropriate 32-"
-"bit or 64-bit installer from the install disc."
-msgstr ""
-"En la mayoría de las máquinas, el cargador de arranque automáticamente "
-"arranca el instalador apropiado de 32-bit o 64-bit desde el disco de "
-"instalación."
+msgid "On most machines -- The bootloader automatically boots the appropriate 32-bit or 64-bit installer from the install disc."
+msgstr "En la mayoría de las máquinas, el cargador de arranque automáticamente arranca el instalador apropiado de 32-bit o 64-bit desde el disco de instalación."
#: en_US/PPC_specifics_for_Fedora.xml:93(para)
-msgid ""
-"64-bit IBM pSeries (POWER4/POWER5/POWER6), current iSeries models -- After "
-"using OpenFirmware to boot the CD, the bootloader, <command>yaboot</"
-"command>, automatically boots the 64-bit installer."
-msgstr ""
-"IBM pSeries de 64-bit (POWER4/POWER5/POWER6), actualmente modelos iSeries -- "
-"Después de usar OpenFirmware para arrancar el CD, el cargador de arranque "
-"<command>yaboot</command> arrancará automáticamente el instalador de 64 bits."
+msgid "64-bit IBM pSeries (POWER4/POWER5/POWER6), current iSeries models -- After using OpenFirmware to boot the CD, the bootloader, <command>yaboot</command>, automatically boots the 64-bit installer."
+msgstr "IBM pSeries de 64-bit (POWER4/POWER5/POWER6), actualmente modelos iSeries -- Después de usar OpenFirmware para arrancar el CD, el cargador de arranque <command>yaboot</command> arrancará automáticamente el instalador de 64 bits."
#: en_US/PPC_specifics_for_Fedora.xml:99(para)
-msgid ""
-"IBM \"Legacy\" iSeries (POWER4) -- So-called \"Legacy\" iSeries models, "
-"which do not use OpenFirmware, require use of the boot image located in the "
-"<filename>images/iSeries</filename> directory of the installation tree."
-msgstr ""
-"Los modelos de iSeries llamados \"Legados\", que no usan OpenFirmware, "
-"necesitan usar la imágen de arranque que se encuentra en el directorio "
-"<filename class=\"directory\">images/iSeries</filename> del árbol de "
-"instalación."
+msgid "IBM \"Legacy\" iSeries (POWER4) -- So-called \"Legacy\" iSeries models, which do not use OpenFirmware, require use of the boot image located in the <filename>images/iSeries</filename> directory of the installation tree."
+msgstr "Los modelos de iSeries llamados \"Legados\", que no usan OpenFirmware, necesitan usar la imágen de arranque que se encuentra en el directorio <filename class=\"directory\">images/iSeries</filename> del árbol de instalación."
#: en_US/PPC_specifics_for_Fedora.xml:105(para)
-msgid ""
-"Genesi Pegasos II / Efika 5200B -- The Fedora kernel supports both Pegasos "
-"and Efika without the need to use the \"Device Tree Supplement\" from "
-"powerdeveloper.org. However, the lack of full support for ISO9660 in the "
-"firmware means that booting via yaboot from the CD is not possible. Boot the "
-"'netboot' image instead, either from the CD or over the network. Because of "
-"the size of the image, you must set the firmware's <envar>load-base</envar> "
-"variable to load files at a high address such as 32MiB instead of the "
-"default 4MiB:"
-msgstr ""
-"El kernel de Fedora soporta Pegasos y Efika sin necesidad de usar un "
-"\"Sumplemento de Arbol de Dispositivo\" de powerdeveloper.org. Sin embargo, "
-"la falta de soporte completo de ISO9660 en el firmware significa que el "
-"arranque vía yaboot desde el CD no es posible. En su lugar, arranque la "
-"imágen 'netboot', ya sea desde el CD o a través de la red. Debido al tamaño "
-"de la imágen, debe poner la variable del firware <option>load-base</option> "
-"para que cargue los archivos en una dirección mayor tal como 32 MB en lugar "
-"de los 4 MB por defecto:"
+msgid "Genesi Pegasos II / Efika 5200B -- The Fedora kernel supports both Pegasos and Efika without the need to use the \"Device Tree Supplement\" from powerdeveloper.org. However, the lack of full support for ISO9660 in the firmware means that booting via yaboot from the CD is not possible. Boot the 'netboot' image instead, either from the CD or over the network. Because of the size of the image, you must set the firmware's <envar>load-base</envar> variable to load files at a high address such as 32MiB instead of the default 4MiB:"
+msgstr "El kernel de Fedora soporta Pegasos y Efika sin necesidad de usar un \"Sumplemento de Arbol de Dispositivo\" de powerdeveloper.org. Sin embargo, la falta de soporte completo de ISO9660 en el firmware significa que el arranque vía yaboot desde el CD no es posible. En su lugar, arranque la imágen 'netboot', ya sea desde el CD o a través de la red. Debido al tamaño de la imágen, debe poner la variable del firware <option>load-base</option> para que cargue los archivos en una dirección mayor tal como 32 MB en lugar de los 4 MB por defecto:"
#: en_US/PPC_specifics_for_Fedora.xml:116(userinput)
#, no-wrap
@@ -2421,12 +1387,8 @@ msgid "setenv load-base 0x2000000"
msgstr "setenv load-base 0x2000000"
#: en_US/PPC_specifics_for_Fedora.xml:118(para)
-msgid ""
-"At the OpenFirmware prompt, enter the following command to boot the Efika "
-"update, if necessary, or the netboot image from the CD:"
-msgstr ""
-"En el indicador de OpenFirmware, ingrese el siguiente comando para arrancar "
-"la actualización de Efika, si es necesario, o la imágen netboot desde el CD:"
+msgid "At the OpenFirmware prompt, enter the following command to boot the Efika update, if necessary, or the netboot image from the CD:"
+msgstr "En el indicador de OpenFirmware, ingrese el siguiente comando para arrancar la actualización de Efika, si es necesario, o la imágen netboot desde el CD:"
#: en_US/PPC_specifics_for_Fedora.xml:122(userinput)
#, no-wrap
@@ -2443,19 +1405,8 @@ msgid "boot eth ppc32.img"
msgstr "boot eth ppc32.img"
#: en_US/PPC_specifics_for_Fedora.xml:128(para)
-msgid ""
-"You must also manually configure OpenFirmware to make the installed Fedora "
-"system bootable. To do this, set the <envar>boot-device</envar> and "
-"<envar>boot-file</envar> environment variables appropriately, to load "
-"<command>yaboot</command> from the <filename class=\"partition\">/boot</"
-"filename> partition. For example, a default installation might require the "
-"following:"
-msgstr ""
-"También debe configurar OpenFirmware para hacer arrancable el sistema Fedora "
-"instalado. Para hacer esto, ponga las variables de entorno boot-"
-"de<option>vice y <enva</opboot-fi<option>leapropiad /option>amente, para "
-"arrancar yaboot desde la partición <filename>/boot</filename>. Por ejemplo, "
-"una instalación por defecto puede necesitar lo siguiente:"
+msgid "You must also manually configure OpenFirmware to make the installed Fedora system bootable. To do this, set the <envar>boot-device</envar> and <envar>boot-file</envar> environment variables appropriately, to load <command>yaboot</command> from the <filename class=\"partition\">/boot</filename> partition. For example, a default installation might require the following:"
+msgstr "También debe configurar OpenFirmware para hacer arrancable el sistema Fedora instalado. Para hacer esto, ponga las variables de entorno boot-de<option>vice y <enva</opboot-fi<option>leapropiad /option>amente, para arrancar yaboot desde la partición <filename>/boot</filename>. Por ejemplo, una instalación por defecto puede necesitar lo siguiente:"
#: en_US/PPC_specifics_for_Fedora.xml:137(userinput)
#, no-wrap
@@ -2467,109 +1418,40 @@ msgstr ""
"\t /yaboot/yaboot setenv auto-boot? true"
#: en_US/PPC_specifics_for_Fedora.xml:142(para)
-msgid ""
-"PA Semi Electra -- The Electra firmware does not yet support yaboot; to "
-"install on Electra, you can boot the <filename>ppc64.img</filename> netboot "
-"image. After the installation, you will need to manually configure the "
-"firmware to load the installed kernel and initrd from the <filename class="
-"\"partition\">/boot</filename> partition."
-msgstr ""
-"El firmware de Electra no tiene soporte de yaboot todavía; para instalar en "
-"Electra, puede arrancar la imágen netboot <filename>ppc64.img</filename>. "
-"Después de la instalación, necesitará configurar manualmente el firmware "
-"para que cargue el kernel instalado e initrd desde la partición <filename>/"
-"boot</filename>. Vaya a la documentación del firmware para más detalles."
+msgid "PA Semi Electra -- The Electra firmware does not yet support yaboot; to install on Electra, you can boot the <filename>ppc64.img</filename> netboot image. After the installation, you will need to manually configure the firmware to load the installed kernel and initrd from the <filename class=\"partition\">/boot</filename> partition."
+msgstr "El firmware de Electra no tiene soporte de yaboot todavía; para instalar en Electra, puede arrancar la imágen netboot <filename>ppc64.img</filename>. Después de la instalación, necesitará configurar manualmente el firmware para que cargue el kernel instalado e initrd desde la partición <filename>/boot</filename>. Vaya a la documentación del firmware para más detalles."
#: en_US/PPC_specifics_for_Fedora.xml:149(para)
msgid "Refer to the firmware documentation for further details."
msgstr "Para detalles adicionales, vaya a la documentación del fimrware."
#: en_US/PPC_specifics_for_Fedora.xml:153(para)
-msgid ""
-"Sony PlayStation 3 -- For installation on PlayStation 3, first update to "
-"firmware 1.60 or later. The \"Other OS\" boot loader must be installed into "
-"the flash, following the instructions at <ulink url=\"http://www.playstation."
-"com/ps3-openplatform/manual.html\"/>. A suitable boot loader image can be "
-"found on Sony's \"ADDON\" CD, available from <ulink url=\"ftp://ftp.kernel."
-"org/pub/linux/kernel/people/geoff/cell/\"/>."
-msgstr ""
-"Para la instalación en PlayStation 3, primero actualice al firmware 1.60 o "
-"posterior. El cargador de arranque \"Other OS\" debe ser instalado en la "
-"flash, siguiendo las instrucciones de <ulink url=\"http://www.playstation."
-"com/ps3-openplatform/manual.html\"/>. Una imágen apropiada del cargador de "
-"arranque en el CD de \"ADDON\" de Sony, está disponible en <ulink url="
-"\"ftp://ftp.kernel.org/pub/linux/kernel/people/geoff/cell/\"/>."
+msgid "Sony PlayStation 3 -- For installation on PlayStation 3, first update to firmware 1.60 or later. The \"Other OS\" boot loader must be installed into the flash, following the instructions at <ulink url=\"http://www.playstation.com/ps3-openplatform/manual.html\"/>. A suitable boot loader image can be found on Sony's \"ADDON\" CD, available from <ulink url=\"ftp://ftp.kernel.org/pub/linux/kernel/people/geoff/cell/\"/>."
+msgstr "Para la instalación en PlayStation 3, primero actualice al firmware 1.60 o posterior. El cargador de arranque \"Other OS\" debe ser instalado en la flash, siguiendo las instrucciones de <ulink url=\"http://www.playstation.com/ps3-openplatform/manual.html\"/>. Una imágen apropiada del cargador de arranque en el CD de \"ADDON\" de Sony, está disponible en <ulink url=\"ftp://ftp.kernel.org/pub/linux/kernel/people/geoff/cell/\"/>."
#: en_US/PPC_specifics_for_Fedora.xml:162(para)
-msgid ""
-"Once the boot loader is installed, the PlayStation 3 should be able to boot "
-"from the Fedora install media. Please note that network installation works "
-"best with NFS, since that takes less memory than FTP or HTTP methods. Using "
-"the <menuchoice><guimenuitem>text</guimenuitem></menuchoice> option also "
-"reduces the amount of memory taken by the installer."
-msgstr ""
-"Una vez que el cargador de arranque se instaló, la PlayStation 3 debería "
-"poder arrancar desde el medio de instalación Fedora. Por favor note que la "
-"instalación de red funciona mejor con NFS, dado que toma menos memoria que "
-"los métodos de FTP y HTTP. Usando la opción <command>text</command> también "
-"reduce la cantidad de memoria que usa el instalador."
+msgid "Once the boot loader is installed, the PlayStation 3 should be able to boot from the Fedora install media. Please note that network installation works best with NFS, since that takes less memory than FTP or HTTP methods. Using the <menuchoice><guimenuitem>text</guimenuitem></menuchoice> option also reduces the amount of memory taken by the installer."
+msgstr "Una vez que el cargador de arranque se instaló, la PlayStation 3 debería poder arrancar desde el medio de instalación Fedora. Por favor note que la instalación de red funciona mejor con NFS, dado que toma menos memoria que los métodos de FTP y HTTP. Usando la opción <command>text</command> también reduce la cantidad de memoria que usa el instalador."
#: en_US/PPC_specifics_for_Fedora.xml:169(para)
-msgid ""
-"For more info on Fedora and the PlayStation3 or Fedora on PowerPC in "
-"general, join the Fedora-PPC mailing list (<ulink url=\"http://lists."
-"infradead.org/mailman/listinfo/fedora-ppc\"/>) or the #fedora-ppc channel on "
-"FreeNode (<ulink url=\"http://freenode.net/\"/>.)"
-msgstr ""
-"Para más información sobre Fedora y la PlayStation3 o Fedora en PowerPC en "
-"general, únase a la <ulink url=\"http://lists.infradead.org/mailman/listinfo/"
-"fedora-ppc\">lista de correo Fedora-PPC</ulink> o al canal <systemitem class="
-"\"resource\">#fedora-ppc</systemitem> en <ulink url=\"http://freenode.net/"
-"\">FreeNode</ulink>."
+msgid "For more info on Fedora and the PlayStation3 or Fedora on PowerPC in general, join the Fedora-PPC mailing list (<ulink url=\"http://lists.infradead.org/mailman/listinfo/fedora-ppc\"/>) or the #fedora-ppc channel on FreeNode (<ulink url=\"http://freenode.net/\"/>.)"
+msgstr "Para más información sobre Fedora y la PlayStation3 o Fedora en PowerPC en general, únase a la <ulink url=\"http://lists.infradead.org/mailman/listinfo/fedora-ppc\">lista de correo Fedora-PPC</ulink> o al canal <systemitem class=\"resource\">#fedora-ppc</systemitem> en <ulink url=\"http://freenode.net/\">FreeNode</ulink>."
#: en_US/PPC_specifics_for_Fedora.xml:177(para)
-msgid ""
-"Network booting -- Combined images containing the installer kernel and "
-"ramdisk are located in the <filename>images/netboot/</filename> directory of "
-"the installation tree. They are intended for network booting with TFTP, but "
-"can be used in many ways."
-msgstr ""
-"Las imágenes combinadas de arranque de red y ramdisk estan guardadas en el "
-"directorio <filename class=\"directory\">images/netboot/</filename> del "
-"arbol de instalación. Fueron hechas para cargar desde red con TFTP, pero se "
-"pueden utilizar de diversas maneras. El arrancador yaboot soporta arranque "
-"por TFTP para IBM pSeries y para Apple Macintosh. El Proyecto Fedora "
-"recomienda que use yaboot en lugar de las imágenes netboot."
+msgid "Network booting -- Combined images containing the installer kernel and ramdisk are located in the <filename>images/netboot/</filename> directory of the installation tree. They are intended for network booting with TFTP, but can be used in many ways."
+msgstr "Las imágenes combinadas de arranque de red y ramdisk estan guardadas en el directorio <filename class=\"directory\">images/netboot/</filename> del arbol de instalación. Fueron hechas para cargar desde red con TFTP, pero se pueden utilizar de diversas maneras. El arrancador yaboot soporta arranque por TFTP para IBM pSeries y para Apple Macintosh. El Proyecto Fedora recomienda que use yaboot en lugar de las imágenes netboot."
#: en_US/PPC_specifics_for_Fedora.xml:183(para)
-msgid ""
-"The <command>yaboot</command> loader supports TFTP booting for IBM pSeries "
-"and Apple Macintosh. The Fedora Project encourages the use of "
-"<command>yaboot</command> over the <command>netboot</command> images."
-msgstr ""
-"El cargador <command>yaboot</command> soporta arranque TFTP para las IBM "
-"pSeries y la Apple Macintosh. El Proyecto Fedora aconseja usar las imágenes "
-"<command>yaboot</command> en vez de las imágenes <command>netboot</command>."
+msgid "The <command>yaboot</command> loader supports TFTP booting for IBM pSeries and Apple Macintosh. The Fedora Project encourages the use of <command>yaboot</command> over the <command>netboot</command> images."
+msgstr "El cargador <command>yaboot</command> soporta arranque TFTP para las IBM pSeries y la Apple Macintosh. El Proyecto Fedora aconseja usar las imágenes <command>yaboot</command> en vez de las imágenes <command>netboot</command>."
#: en_US/PPC_specifics_for_Fedora.xml:190(title)
msgid "PPC specific packages"
msgstr "Paquetes PPC"
#: en_US/PPC_specifics_for_Fedora.xml:194(para)
-msgid ""
-"The <package>ppc64-utils</package> package has been split out into "
-"individual packages reflecting upstream packaging (<package>ps3pf-utils</"
-"package>, <package>powerpc-utils</package>, <package>powerpc-utils-papr</"
-"package>.) Although the <command>mkzimage</command> command is no longer "
-"supplied, you can use the <command>wrapper</command> script from the "
-"<package>kernel-bootwrapper</package> package:"
-msgstr ""
-"<filename>ppc64-utils</filename> ahora forma paquetes individuales que "
-"reflejan el empaquetamiento nuevo (<filename>ps3pf-utils</filename>, "
-"<filename>powerpc-utils</filename>, <filename>powerpc-utils-papr</"
-"filename>). Aunque el comando <command>mkzimage</command> ya no es parte de "
-"Fedora, se puede utilizar el script del paquete <package>kernel-bootwrapper</"
-"package> así: "
+msgid "The <package>ppc64-utils</package> package has been split out into individual packages reflecting upstream packaging (<package>ps3pf-utils</package>, <package>powerpc-utils</package>, <package>powerpc-utils-papr</package>.) Although the <command>mkzimage</command> command is no longer supplied, you can use the <command>wrapper</command> script from the <package>kernel-bootwrapper</package> package:"
+msgstr "<filename>ppc64-utils</filename> ahora forma paquetes individuales que reflejan el empaquetamiento nuevo (<filename>ps3pf-utils</filename>, <filename>powerpc-utils</filename>, <filename>powerpc-utils-papr</filename>). Aunque el comando <command>mkzimage</command> ya no es parte de Fedora, se puede utilizar el script del paquete <package>kernel-bootwrapper</package> así: "
#: en_US/PPC_specifics_for_Fedora.xml:202(userinput)
#, no-wrap
@@ -2589,16 +1471,8 @@ msgid "Package Notes"
msgstr "Notas de los Paquetes"
#: en_US/Package_notes.xml:7(para)
-msgid ""
-"The following sections contain information regarding software packages that "
-"have undergone significant changes for Fedora 10. For easier access, they "
-"are generally organized using the same groups that are shown in the "
-"installation system."
-msgstr ""
-"Las siguientes secciones contienen información referida a los paquetes de "
-"software que sufrieron cambios significativos en Fedora 10. Para un acceso "
-"más fácil, están organizados usando los mismos grupos que se muestran en el "
-"sistema de instalación."
+msgid "The following sections contain information regarding software packages that have undergone significant changes for Fedora 10. For easier access, they are generally organized using the same groups that are shown in the installation system."
+msgstr "Las siguientes secciones contienen información referida a los paquetes de software que sufrieron cambios significativos en Fedora 10. Para un acceso más fácil, están organizados usando los mismos grupos que se muestran en el sistema de instalación."
#: en_US/Package_notes.xml:12(title)
msgid "GIMP"
@@ -2606,40 +1480,15 @@ msgstr "GIMP"
#: en_US/Package_notes.xml:13(para)
msgid "Fedora 10 includes version 2.6 of the GNU Image Manipulation Program."
-msgstr ""
-"Fedora 10 incluye la versión 2.6 del Programa de Manipulación de Imágenes de "
-"GNU."
+msgstr "Fedora 10 incluye la versión 2.6 del Programa de Manipulación de Imágenes de GNU."
#: en_US/Package_notes.xml:15(para)
-msgid ""
-"This new version is designed to be backwards compatible, so existing third "
-"party plug-ins and scripts should continue to work, with a minor caveat. The "
-"included Script-Fu Scheme interpreter no longer accepts variable definitions "
-"without an initial value, which is not compliant to the language standard. "
-"Scripts included in Fedora packages should not have this problem, but if you "
-"use scripts from other sources, please refer to the GIMP release notes for "
-"more details and how you can fix scripts that have this problem:"
-msgstr ""
-"Esta nueva versión se diseñó para que sea compatible hacia atrás, para que "
-"los complementos de terceros y los scripts sigan funcionando -- con una "
-"pequeña salvedad: el intérprete Script-Fu Scheme no acepta definiciones de "
-"variables sin un valor inicial (lo que es incompatible con el estándar del "
-"lenguaje). Los scripts incluídos en los paquetes de Fedora no tienen este "
-"problema, pero si usa scripts de otras fuentes, por favor vaya a las notas "
-"del lanzamiento de GIMP para más detalles sobre como solucionar los "
-"problemas en esos scripts:"
+msgid "This new version is designed to be backwards compatible, so existing third party plug-ins and scripts should continue to work, with a minor caveat. The included Script-Fu Scheme interpreter no longer accepts variable definitions without an initial value, which is not compliant to the language standard. Scripts included in Fedora packages should not have this problem, but if you use scripts from other sources, please refer to the GIMP release notes for more details and how you can fix scripts that have this problem:"
+msgstr "Esta nueva versión se diseñó para que sea compatible hacia atrás, para que los complementos de terceros y los scripts sigan funcionando -- con una pequeña salvedad: el intérprete Script-Fu Scheme no acepta definiciones de variables sin un valor inicial (lo que es incompatible con el estándar del lenguaje). Los scripts incluídos en los paquetes de Fedora no tienen este problema, pero si usa scripts de otras fuentes, por favor vaya a las notas del lanzamiento de GIMP para más detalles sobre como solucionar los problemas en esos scripts:"
#: en_US/Package_notes.xml:26(para)
-msgid ""
-"Additionally, the <command>gimptool</command> script that is used to build "
-"and install third party plug-ins and scripts has been moved from the "
-"<package>gimp</package> package to the <package>gimp-devel</package> "
-"package. Install this package if you want to use <command>gimptool</command>."
-msgstr ""
-"Además, el script <command>gimptool</command> que se usa para construir e "
-"instalar complementos y scripts de terceros ha sido movido del paquete "
-"<package>gimp</package> al paquete <package>gimp-devel</package>. Instale "
-"este paquete si desea usar <command>gimptool</command>."
+msgid "Additionally, the <command>gimptool</command> script that is used to build and install third party plug-ins and scripts has been moved from the <package>gimp</package> package to the <package>gimp-devel</package> package. Install this package if you want to use <command>gimptool</command>."
+msgstr "Además, el script <command>gimptool</command> que se usa para construir e instalar complementos y scripts de terceros ha sido movido del paquete <package>gimp</package> al paquete <package>gimp-devel</package>. Instale este paquete si desea usar <command>gimptool</command>."
#: en_US/Package_notes.xml:33(title)
msgid "Legal Information"
@@ -2647,18 +1496,11 @@ msgstr "Información Legal"
#: en_US/Package_notes.xml:34(para)
msgid "The following legal information concerns some software in Fedora."
-msgstr ""
-"La siguiente información legal se aplica a algunos programas en Fedora."
+msgstr "La siguiente información legal se aplica a algunos programas en Fedora."
#: en_US/Package_notes.xml:36(para)
-msgid ""
-"Portions Copyright © 2002-2007 Charlie Poole or Copyright © 2002-"
-"2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov or Copyright "
-"© 2000-2002 Philip A. Craig"
-msgstr ""
-"Algunas porciones son Copyright (c) 2002-2007 Charlie Poole o Copyright (c) "
-"2002-2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov o Copyright "
-"(c) 2000-2002 Philip A. Craig"
+msgid "Portions Copyright © 2002-2007 Charlie Poole or Copyright © 2002-2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov or Copyright © 2000-2002 Philip A. Craig"
+msgstr "Algunas porciones son Copyright (c) 2002-2007 Charlie Poole o Copyright (c) 2002-2004 James W. Newkirk, Michael C. Two, Alexei A. Vorontsov o Copyright (c) 2000-2002 Philip A. Craig"
#: en_US/Package_changes.xml:6(title)
msgid "Package changes"
@@ -2673,149 +1515,56 @@ msgid "This list is automatically generated. It is not translated."
msgstr "Esta lista se genera automáticamente. No se recomienda traducirla."
#: en_US/Package_changes.xml:13(para)
-msgid ""
-"This list is generated for the release and posted on the wiki only. It is "
-"made using the <command>repodiff</command> utility from the <package>yum-"
-"utils</package> package, run as <command>repodiff --old=<"
-"<replaceable>base URL of the old SRPMS repository</replaceable>> --"
-"new=<<replaceable>base URL of the new SRPMS repository></"
-"replaceable>></command>."
-msgstr ""
-"Esta lista se genera para el lanzamiento y se la pone solamente en la wiki. "
-"Se la construye usando el utilitario <command>repodiff</command> del paquete "
-"<package>yum-utils</package>, ejecutado con el siguiente comando: "
-"<command>repodiff --old=<<replaceable>base URL of the new SRPMS "
-"repository</replaceable>> --new=<<replaceable>base URL of the new "
-"SRPMS repository></replaceable>></command>."
+msgid "This list is generated for the release and posted on the wiki only. It is made using the <command>repodiff</command> utility from the <package>yum-utils</package> package, run as <command>repodiff --old=<<replaceable>base URL of the old SRPMS repository</replaceable>> --new=<<replaceable>base URL of the new SRPMS repository></replaceable>></command>."
+msgstr "Esta lista se genera para el lanzamiento y se la pone solamente en la wiki. Se la construye usando el utilitario <command>repodiff</command> del paquete <package>yum-utils</package>, ejecutado con el siguiente comando: <command>repodiff --old=<<replaceable>base URL of the new SRPMS repository</replaceable>> --new=<<replaceable>base URL of the new SRPMS repository></replaceable>></command>."
#: en_US/Package_changes.xml:17(para)
-msgid ""
-"For a list of which packages were updated since the previous release, refer "
-"to <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/"
-"UpdatedPackages\"/>. You can also find a comparison of major packages "
-"between all Fedora versions at <ulink url=\"http://distrowatch.com/fedora\"/"
-">."
-msgstr ""
-"Para una lista de que paquetes fueron actualizados desde versiones previas "
-"vea <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/"
-"UpdatedPackages\">http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/"
-"UpdatedPackages</ulink>. Puede también encontrar una comparación de los "
-"paquetes principales entre todas las versiones Fedora en <ulink url=\"http://"
-"distrowatch.com/fedora\">http://distrowatch.com/fedora</ulink>. "
+msgid "For a list of which packages were updated since the previous release, refer to <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/UpdatedPackages\"/>. You can also find a comparison of major packages between all Fedora versions at <ulink url=\"http://distrowatch.com/fedora\"/>."
+msgstr "Para una lista de que paquetes fueron actualizados desde versiones previas vea <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/UpdatedPackages\">http://fedoraproject.org/wiki/Docs/Beats/PackageChanges/UpdatedPackages</ulink>. Puede también encontrar una comparación de los paquetes principales entre todas las versiones Fedora en <ulink url=\"http://distrowatch.com/fedora\">http://distrowatch.com/fedora</ulink>. "
#: en_US/Networking.xml:6(title)
msgid "Networking"
msgstr "Red"
#: en_US/Networking.xml:7(para)
-msgid ""
-"This section contains information about networking changes in Fedora 10."
-msgstr ""
-"Esta sección incluye información en el soporte de lenguajes bajo Fedora."
+msgid "This section contains information about networking changes in Fedora 10."
+msgstr "Esta sección incluye información en el soporte de lenguajes bajo Fedora."
#: en_US/Networking.xml:10(title)
msgid "Wireless Connection Sharing"
msgstr "Compartir Conexión Inalambrica"
#: en_US/Networking.xml:11(para)
-msgid ""
-"The <application>NetworkManager</application> applet <command>nm-applet</"
-"command> has been updated to provide better connection sharing through the "
-"<guilabel>Create New Wireless Network</guilabel> menu item."
-msgstr ""
-"El applet de <application>NetworkManager</application> <command>nm-applet</"
-"command> ha sido actualizado para proveer una mejor compartición de conexión "
-"a través del ítem de menú <guimenuitem>Crear una Nueva Red Inalámbrica</"
-"guimenuitem>."
+msgid "The <application>NetworkManager</application> applet <command>nm-applet</command> has been updated to provide better connection sharing through the <guilabel>Create New Wireless Network</guilabel> menu item."
+msgstr "El applet de <application>NetworkManager</application> <command>nm-applet</command> ha sido actualizado para proveer una mejor compartición de conexión a través del ítem de menú <guimenuitem>Crear una Nueva Red Inalámbrica</guimenuitem>."
#: en_US/Networking.xml:17(para)
-msgid ""
-"Connection sharing makes it possible to easily set up an ad-hoc WiFi network "
-"on a machine with a network connection and a spare wireless card. If the "
-"machine has a primary network connection (wired, 3G, second wireless card), "
-"routing is set up so that devices connected to the ad-hoc WiFi network can "
-"share the connection to the outside network."
-msgstr ""
-"La compartición de conexión hace posible configurar fácilmente una red WiFi "
-"ad-hoc en una máquina sin una conexión de red y con una placa de red. Si la "
-"máquina tiene una conexión de red primaria (cableada, 3G, segunda placa "
-"inalámbrica), el ruteo se configura de manera que los dispositivos "
-"conectados a la red WiFi ad-hoc puedan compartir la conexión a la red "
-"exterior."
+msgid "Connection sharing makes it possible to easily set up an ad-hoc WiFi network on a machine with a network connection and a spare wireless card. If the machine has a primary network connection (wired, 3G, second wireless card), routing is set up so that devices connected to the ad-hoc WiFi network can share the connection to the outside network."
+msgstr "La compartición de conexión hace posible configurar fácilmente una red WiFi ad-hoc en una máquina sin una conexión de red y con una placa de red. Si la máquina tiene una conexión de red primaria (cableada, 3G, segunda placa inalámbrica), el ruteo se configura de manera que los dispositivos conectados a la red WiFi ad-hoc puedan compartir la conexión a la red exterior."
#: en_US/Networking.xml:23(para)
-msgid ""
-"When you create a new WiFi network, you have to specify the name of the "
-"network and what kind of wireless security to use. NetworkManager then sets "
-"up the wireless card to work as an ad-hoc WiFi node that others can join. "
-"The routing will be set up between the new network and the primary network "
-"connection, and DHCP is used for assigning IP addresses on the new shared "
-"WiFi network. DNS queries are also forwarded to upstream nameservers "
-"transparently."
-msgstr ""
-"Cuando crea una nueva red WiFi, debe especificar el nombre de la red y qué "
-"clase de seguridad inalámbrica usar. NetworkManager configurará la placa de "
-"red inalámbrica de manera que funcione como un nodo WiFi ad-hoc al que se "
-"pueden unir otros. El ruteo se configurará entre la nueva red y la conexión "
-"primaria de red, y se usará DHCP para la asignación de direcciones IP en la "
-"nueva red WiFi compartida. Las consultas DNS son pasadas a los servidores de "
-"nombres superiores en forma transparente."
+msgid "When you create a new WiFi network, you have to specify the name of the network and what kind of wireless security to use. NetworkManager then sets up the wireless card to work as an ad-hoc WiFi node that others can join. The routing will be set up between the new network and the primary network connection, and DHCP is used for assigning IP addresses on the new shared WiFi network. DNS queries are also forwarded to upstream nameservers transparently."
+msgstr "Cuando crea una nueva red WiFi, debe especificar el nombre de la red y qué clase de seguridad inalámbrica usar. NetworkManager configurará la placa de red inalámbrica de manera que funcione como un nodo WiFi ad-hoc al que se pueden unir otros. El ruteo se configurará entre la nueva red y la conexión primaria de red, y se usará DHCP para la asignación de direcciones IP en la nueva red WiFi compartida. Las consultas DNS son pasadas a los servidores de nombres superiores en forma transparente."
#: en_US/Multimedia.xml:6(title)
msgid "Multimedia"
msgstr "Multimedia"
#: en_US/Multimedia.xml:7(para)
-msgid ""
-"Fedora includes applications for assorted multimedia functions, including "
-"playback, recording, and editing. Additional packages are available through "
-"the Fedora Package Collection software repository. For additional "
-"information about multimedia in Fedora, refer to the Multimedia section of "
-"the Fedora Project website at <ulink url=\"http://fedoraproject.org/wiki/"
-"Multimedia\"/>."
-msgstr ""
-"Fedora incluye aplicaciones para funciones multimedias varias, incluyendo la "
-"reproducción, grabado y editado. Los paquetes adicionales están disponibles "
-"a través de la Colección de Paquetes de Software de Fedora. Para información "
-"adicional acerca de multimedia en Fedora, vea la sección Multimedia en el "
-"sitio web del Proyecto Fedora en <ulink url=\"http://fedoraproject.org/wiki/"
-"Multimedia\"/>."
+msgid "Fedora includes applications for assorted multimedia functions, including playback, recording, and editing. Additional packages are available through the Fedora Package Collection software repository. For additional information about multimedia in Fedora, refer to the Multimedia section of the Fedora Project website at <ulink url=\"http://fedoraproject.org/wiki/Multimedia\"/>."
+msgstr "Fedora incluye aplicaciones para funciones multimedias varias, incluyendo la reproducción, grabado y editado. Los paquetes adicionales están disponibles a través de la Colección de Paquetes de Software de Fedora. Para información adicional acerca de multimedia en Fedora, vea la sección Multimedia en el sitio web del Proyecto Fedora en <ulink url=\"http://fedoraproject.org/wiki/Multimedia\"/>."
#: en_US/Multimedia.xml:15(title)
msgid "Multimedia players"
msgstr "Reproductores Multimedia"
#: en_US/Multimedia.xml:16(para)
-msgid ""
-"The default installation of Fedora includes <application>Rhythmbox</"
-"application> and <application>Totem</application> for media playback. Many "
-"other programs are available in the Fedora repositories, including the "
-"popular <application>XMMS</application> player and KDE's "
-"<application>Amarok</application>. Both GNOME and KDE have a selection of "
-"players that can be used with a variety of formats. Additional programs are "
-"available from third parties to handle other formats."
-msgstr ""
-"La instalación por defecto de Fedora incluye <application>Rhythmbox</"
-"application> y <application>Totem</application> para reproducir sonido o "
-"video. Los repositorios de Fedora incluyen muchos otros programas populares "
-"tales como el reproductor <application>XMMS</application> y el "
-"<application>Amarok</application> para KDE. KDE y GNOME tienen ambos una "
-"selección de reproductores que se pueden usar para una variedad de formatos. "
-"Otras compañías pueden ofrecer programas adicionales para manejar otros "
-"formatos."
+msgid "The default installation of Fedora includes <application>Rhythmbox</application> and <application>Totem</application> for media playback. Many other programs are available in the Fedora repositories, including the popular <application>XMMS</application> player and KDE's <application>Amarok</application>. Both GNOME and KDE have a selection of players that can be used with a variety of formats. Additional programs are available from third parties to handle other formats."
+msgstr "La instalación por defecto de Fedora incluye <application>Rhythmbox</application> y <application>Totem</application> para reproducir sonido o video. Los repositorios de Fedora incluyen muchos otros programas populares tales como el reproductor <application>XMMS</application> y el <application>Amarok</application> para KDE. KDE y GNOME tienen ambos una selección de reproductores que se pueden usar para una variedad de formatos. Otras compañías pueden ofrecer programas adicionales para manejar otros formatos."
#: en_US/Multimedia.xml:24(para)
-msgid ""
-"<application>Totem</application>, the default movie player for GNOME, now "
-"has the ability to switch playback back-ends without recompilation or "
-"switching packages. To install the Xine back-end, use <guimenuitem>Add/"
-"Remove Software</guimenuitem> to install <package>totem-xine</package> or "
-"run the following command:"
-msgstr ""
-"<package>Totem</package>, el reproductor de películas predeterminado para "
-"GNOME, ahora tiene la habilidad de cambiar los software de bajo nivel para "
-"reproducción sin recompilar o intercambiar paquetes. Para instalar el "
-"soporte de xine, corra el siguiente comando como root:"
+msgid "<application>Totem</application>, the default movie player for GNOME, now has the ability to switch playback back-ends without recompilation or switching packages. To install the Xine back-end, use <guimenuitem>Add/Remove Software</guimenuitem> to install <package>totem-xine</package> or run the following command:"
+msgstr "<package>Totem</package>, el reproductor de películas predeterminado para GNOME, ahora tiene la habilidad de cambiar los software de bajo nivel para reproducción sin recompilar o intercambiar paquetes. Para instalar el soporte de xine, corra el siguiente comando como root:"
#: en_US/Multimedia.xml:31(userinput)
#, no-wrap
@@ -2824,9 +1573,7 @@ msgstr "su -c 'yum install totem-xine'"
#: en_US/Multimedia.xml:33(para)
msgid "To run <application>Totem</application> with the Xine back-end once:"
-msgstr ""
-"Para correr <package>Totem</package> con el soporte xine, ejecute el "
-"siguiente comando como root:"
+msgstr "Para correr <package>Totem</package> con el soporte xine, ejecute el siguiente comando como root:"
#: en_US/Multimedia.xml:36(userinput)
#, no-wrap
@@ -2835,9 +1582,7 @@ msgstr "su -c 'totem-backend -b xine totem'"
#: en_US/Multimedia.xml:38(para)
msgid "To change the default back-end to xine for the entire system:"
-msgstr ""
-"Para cambiar el reproductor de bajo nivel predeterminado a xine para todo el "
-"sistema, corra el siguiente comando como root:"
+msgstr "Para cambiar el reproductor de bajo nivel predeterminado a xine para todo el sistema, corra el siguiente comando como root:"
#: en_US/Multimedia.xml:41(userinput)
#, no-wrap
@@ -2845,13 +1590,8 @@ msgid "su -c 'totem-backend -b xine'"
msgstr "su -c 'totem-backend -b xine'"
#: en_US/Multimedia.xml:43(para)
-msgid ""
-"While using the Xine back-end, it is possible to temporarily use the "
-"GStreamer back-end. To use the GStreamer back-end, run the following command:"
-msgstr ""
-"Mientras use el reproductor de bajo nivel xine, es posible usar "
-"temporalmente el reproductor de bajo nivel GStreamer. Para usar el "
-"reproductor de bajo nivel GStreamer, ejecute el siguiente comando como root:"
+msgid "While using the Xine back-end, it is possible to temporarily use the GStreamer back-end. To use the GStreamer back-end, run the following command:"
+msgstr "Mientras use el reproductor de bajo nivel xine, es posible usar temporalmente el reproductor de bajo nivel GStreamer. Para usar el reproductor de bajo nivel GStreamer, ejecute el siguiente comando como root:"
#: en_US/Multimedia.xml:47(programlisting)
#, no-wrap
@@ -2869,24 +1609,8 @@ msgid "Ogg and Xiph.Org foundation formats"
msgstr "Formatos de Ogg y de la Fundación Xiph.Org"
#: en_US/Multimedia.xml:53(para)
-msgid ""
-"Fedora includes complete support for the Ogg media container format and the "
-"Vorbis audio, Theora video, Speex audio, and FLAC lossless audio formats. "
-"These freely-distributable formats are not encumbered by patent or license "
-"restrictions. They provide powerful and flexible alternatives to more "
-"popular, restricted formats. The Fedora Project encourages the use of open "
-"source formats in place of restricted ones. For more information on these "
-"formats and how to use them, refer to:"
-msgstr ""
-"Fedora incluye soporte completo para el formato Ogg de contenedor "
-"multimedio, el formato Vorbis de audio, Theora video, el Speex para audio y "
-"el FLAC sin pérdidas para audio. Estos formatos son distribuibles libremente "
-"y no están cubiertos por patentes o restriciones de licencia. Proveen "
-"alternativas poderosas y flexibles a los formatos más populares y "
-"restrictivos. El Proyecto Fedora aconseja usar formatos de código abierto en "
-"vez de los formatos restrictivos. Para más información de estos formatos y "
-"cómo puede usuarlos, vaya al sitio web de la Fundación Xiph.Org en <ulink "
-"url=\"http://www.xiph.org/\">http://www.xiph.org/</ulink>."
+msgid "Fedora includes complete support for the Ogg media container format and the Vorbis audio, Theora video, Speex audio, and FLAC lossless audio formats. These freely-distributable formats are not encumbered by patent or license restrictions. They provide powerful and flexible alternatives to more popular, restricted formats. The Fedora Project encourages the use of open source formats in place of restricted ones. For more information on these formats and how to use them, refer to:"
+msgstr "Fedora incluye soporte completo para el formato Ogg de contenedor multimedio, el formato Vorbis de audio, Theora video, el Speex para audio y el FLAC sin pérdidas para audio. Estos formatos son distribuibles libremente y no están cubiertos por patentes o restriciones de licencia. Proveen alternativas poderosas y flexibles a los formatos más populares y restrictivos. El Proyecto Fedora aconseja usar formatos de código abierto en vez de los formatos restrictivos. Para más información de estos formatos y cómo puede usuarlos, vaya al sitio web de la Fundación Xiph.Org en <ulink url=\"http://www.xiph.org/\">http://www.xiph.org/</ulink>."
#: en_US/Multimedia.xml:63(para)
msgid "Xiph.Org Foundation at <ulink url=\"http://www.xiph.org/\"/>"
@@ -2897,159 +1621,49 @@ msgid "MP3, DVD, and other excluded multimedia"
msgstr "MP3, DVD y otros formatos multimedios excluídos"
#: en_US/Multimedia.xml:75(para)
-msgid ""
-"Fedora cannot include support for MP3 or DVD video playback or recording. "
-"The MP3 formats are patented, and the patent holders have not provided the "
-"necessary licenses. DVD video formats are patented and equipped with an "
-"encryption scheme. The patent holders have not provided the necessary "
-"licenses, and the code needed to decrypt CSS-encrypted discs may violate the "
-"Digital Millennium Copyright Act, a copyright law of the United States. "
-"Fedora also excludes other multimedia software due to patent, copyright, or "
-"license restrictions, including Adobe's Flash Player and Real Media's Real "
-"Player. For more on this subject, please refer to <ulink url=\"http://"
-"fedoraproject.org/wiki/ForbiddenItems\"/>."
-msgstr ""
-"Los repositorios de software de Fedora no pueden incluir soporte para la "
-"reproducción o grabado de MP3 o video DVD. Los formatos MP3 están "
-"patentados, y los dueños de la patente no nos dieron las licencias "
-"necesarias. Los formatos de video DVD son patentados y equipados con un "
-"esquema de encriptación. Los dueños de las patentes no nos dieron las "
-"licencias necesarias, y el código necesario para desencriptar los discos "
-"encriptados con CSS pueden violar el Acta de Copyright del Milenio Digital, "
-"una ley de derechos de autor de los Estados Unidos de América. Fedora "
-"también excluye otros formatos de software multimedia debido a restricciones "
-"de patentes, copyright o de licencias, que incluyen el Reproductor de Flash "
-"de Adobe, y el Reproductor de Medios Real Player. Para más información "
-"acerca de este tema, por favor vaya a <ulink url=\"http://fedoraproject.org/"
-"wiki/ForbiddenItems\">http://fedoraproject.org/wiki/ForbiddenItems</ulink>."
+msgid "Fedora cannot include support for MP3 or DVD video playback or recording. The MP3 formats are patented, and the patent holders have not provided the necessary licenses. DVD video formats are patented and equipped with an encryption scheme. The patent holders have not provided the necessary licenses, and the code needed to decrypt CSS-encrypted discs may violate the Digital Millennium Copyright Act, a copyright law of the United States. Fedora also excludes other multimedia software due to patent, copyright, or license restrictions, including Adobe's Flash Player and Real Media's Real Player. For more on this subject, please refer to <ulink url=\"http://fedoraproject.org/wiki/ForbiddenItems\"/>."
+msgstr "Los repositorios de software de Fedora no pueden incluir soporte para la reproducción o grabado de MP3 o video DVD. Los formatos MP3 están patentados, y los dueños de la patente no nos dieron las licencias necesarias. Los formatos de video DVD son patentados y equipados con un esquema de encriptación. Los dueños de las patentes no nos dieron las licencias necesarias, y el código necesario para desencriptar los discos encriptados con CSS pueden violar el Acta de Copyright del Milenio Digital, una ley de derechos de autor de los Estados Unidos de América. Fedora también excluye otros formatos de software multimedia debido a restricciones de patentes, copyright o de licencias, que incluyen el Reproductor de Flash de Adobe, y el Reproductor de Medios Real Player. Para más información acerca de este tema, por favor vaya a <ulink url=\"http://fedoraproject.org/wiki/ForbiddenItems\">http://fedoraproject.org/wiki/ForbiddenItems</ulink>."
#: en_US/Multimedia.xml:88(para)
-msgid ""
-"While other MP3 options may be available for Fedora, Fluendo now offers an "
-"MP3 plugin for GStreamer that has the related patents licensed for end "
-"users. This plugin enables MP3 support in applications that use the "
-"GStreamer framework as a backend. We cannot distribute this plugin in Fedora "
-"for licensing reasons, but it offers a new solution for an old problem. For "
-"more information refer to these pages:"
-msgstr ""
-"Mientras que otras opciones de MP3 pueden estar disponibles para Fedora, "
-"Fluendo ahora ofrece un plugin MP3 libre para GStreamer que está "
-"apropiadamente licenciado para los usuarios finales. Este plugin habilitará "
-"el soporte MP3 a las aplicaciones que usen el marco de trabajo de GStreamer "
-"como de bajo nivel. Fedora no incluye este plugin por razones de licencia "
-"dado que se prefiere soportar y recomendar el uso de formatos abiertos y sin "
-"restricciones en su lugar. Para más información acerca del plugin MP3 visite "
-"el sitio web de Fluendo en <ulink url=\"http://www.fluendo.com/\">http://www."
-"fluendo.com/</ulink>."
+msgid "While other MP3 options may be available for Fedora, Fluendo now offers an MP3 plugin for GStreamer that has the related patents licensed for end users. This plugin enables MP3 support in applications that use the GStreamer framework as a backend. We cannot distribute this plugin in Fedora for licensing reasons, but it offers a new solution for an old problem. For more information refer to these pages:"
+msgstr "Mientras que otras opciones de MP3 pueden estar disponibles para Fedora, Fluendo ahora ofrece un plugin MP3 libre para GStreamer que está apropiadamente licenciado para los usuarios finales. Este plugin habilitará el soporte MP3 a las aplicaciones que usen el marco de trabajo de GStreamer como de bajo nivel. Fedora no incluye este plugin por razones de licencia dado que se prefiere soportar y recomendar el uso de formatos abiertos y sin restricciones en su lugar. Para más información acerca del plugin MP3 visite el sitio web de Fluendo en <ulink url=\"http://www.fluendo.com/\">http://www.fluendo.com/</ulink>."
#: en_US/Multimedia.xml:119(title)
msgid "CD and DVD authoring and burning"
msgstr "Autoría y Grabado de CD y DVD"
#: en_US/Multimedia.xml:120(para)
-msgid ""
-"Default installations of Fedora and the Desktop Live spin include a built-in "
-"feature for CD and DVD burning. Fedora includes a variety of other tools for "
-"easily creating and burning CDs and DVDs. Fedora includes graphical programs "
-"such as <application>Brasero</application>, <application>GnomeBaker</"
-"application>, and <application>K3b</application>. Console programs including "
-"<command>wodim</command>, <application>readom</application>, and "
-"<application>genisoimage</application>. Graphical programs are found under "
-"<menuchoice><guimenu>Applications</guimenu><guisubmenu>Sound & Video</"
-"guisubmenu></menuchoice>."
-msgstr ""
-"Las instalaciones predeterminadas de Fedora y el spin Vivo de Escritorio "
-"incluyen una característica incorporada para el grabado de CD y DVD. Fedora "
-"incluye una variedad de otras herramientas para quemar CDs y DVDs. Fedora "
-"incluye programas gráficos tales como <application>Brasero</application>, "
-"<application>GnomeBaker</application> y <application>K3b</application>. Y "
-"programas de consola como <command>wodim</command>, <application>readom</"
-"application> y <application>genisoimage</application>. Los programas "
-"gráficos se encuentran en el menú <guimenu>Aplicaciones</"
-"guimenu><guisubmenu>Sonido & Vídeo</guisubmenu>."
+msgid "Default installations of Fedora and the Desktop Live spin include a built-in feature for CD and DVD burning. Fedora includes a variety of other tools for easily creating and burning CDs and DVDs. Fedora includes graphical programs such as <application>Brasero</application>, <application>GnomeBaker</application>, and <application>K3b</application>. Console programs including <command>wodim</command>, <application>readom</application>, and <application>genisoimage</application>. Graphical programs are found under <menuchoice><guimenu>Applications</guimenu><guisubmenu>Sound & Video</guisubmenu></menuchoice>."
+msgstr "Las instalaciones predeterminadas de Fedora y el spin Vivo de Escritorio incluyen una característica incorporada para el grabado de CD y DVD. Fedora incluye una variedad de otras herramientas para quemar CDs y DVDs. Fedora incluye programas gráficos tales como <application>Brasero</application>, <application>GnomeBaker</application> y <application>K3b</application>. Y programas de consola como <command>wodim</command>, <application>readom</application> y <application>genisoimage</application>. Los programas gráficos se encuentran en el menú <guimenu>Aplicaciones</guimenu><guisubmenu>Sonido & Vídeo</guisubmenu>."
#: en_US/Multimedia.xml:132(title)
msgid "Screencasts"
msgstr "Esquemas de escritorios"
#: en_US/Multimedia.xml:133(para)
-msgid ""
-"You can use Fedora to create and play back <firstterm>screencasts</"
-"firstterm>, which are recorded desktop sessions, using open technologies. "
-"Fedora includes <command>istanbul</command>, which creates screencasts using "
-"the Theora video format, and <command>byzanz</command>, which creates "
-"screencasts as animated GIF files. You can play back these videos using one "
-"of several players included in Fedora. This is the preferred way to submit "
-"screencasts to the Fedora Project for either contributors or end-users. For "
-"more comprehensive instructions, refer to the screencasting page:"
-msgstr ""
-"Puede usar Fedora para crear y reproducir <firstterm>capturas de "
-"escritorios</firstterm>, que son sesiones de escritorio grabadas, usando "
-"tecnologías abiertas. La Colección de Paquetes de Software de Fedora incluye "
-"<package>istanbul</package>, que crea capturas de escritorio usando el "
-"formato de video Theora. Estos videos se pueen reproducir usando uno de los "
-"varios reproductores incluídos en Fedora. Esta es la forma preferida para "
-"enviar capturas de escritorios al Proyecto Fedora, ya sea para el "
-"desarrollador o para el usuario final. Para un tutorial más comprensivo, "
-"vaya a <ulink url=\"http://fedoraproject.org/wiki/ScreenCasting\">http://"
-"fedoraproject.org/wiki/ScreenCasting</ulink>."
+msgid "You can use Fedora to create and play back <firstterm>screencasts</firstterm>, which are recorded desktop sessions, using open technologies. Fedora includes <command>istanbul</command>, which creates screencasts using the Theora video format, and <command>byzanz</command>, which creates screencasts as animated GIF files. You can play back these videos using one of several players included in Fedora. This is the preferred way to submit screencasts to the Fedora Project for either contributors or end-users. For more comprehensive instructions, refer to the screencasting page:"
+msgstr "Puede usar Fedora para crear y reproducir <firstterm>capturas de escritorios</firstterm>, que son sesiones de escritorio grabadas, usando tecnologías abiertas. La Colección de Paquetes de Software de Fedora incluye <package>istanbul</package>, que crea capturas de escritorio usando el formato de video Theora. Estos videos se pueen reproducir usando uno de los varios reproductores incluídos en Fedora. Esta es la forma preferida para enviar capturas de escritorios al Proyecto Fedora, ya sea para el desarrollador o para el usuario final. Para un tutorial más comprensivo, vaya a <ulink url=\"http://fedoraproject.org/wiki/ScreenCasting\">http://fedoraproject.org/wiki/ScreenCasting</ulink>."
#: en_US/Multimedia.xml:150(title)
msgid "Extended support through plugins"
msgstr "Soporte Extendido a través de Plugins"
#: en_US/Multimedia.xml:151(para)
-msgid ""
-"Most of the media players in Fedora support the use of plugins to add "
-"support for additional media formats and sound output systems. Some use "
-"powerful backends such as the <package>gstreamer</package> package to handle "
-"media format support and sound output. Fedora offers plugin packages for "
-"these backends and for individual applications, and third parties may offer "
-"additional plugins to add even greater capabilities."
-msgstr ""
-"La mayoría de los reproductores de medio en los repositorios de software de "
-"Fedora incluyen el uso de plugins para agregar soporte a formatos de medios "
-"adicionales y sistemas de salida de sonido. Algunos usan software de bajo "
-"nivel poderosos, como el paquete <package>gstreamer</package>, para manejar "
-"el soporte de formato de medios y salida de sonido. Los repositorios de "
-"software de Fedora ofrecen paquetes plugin para estos paquetes de bajo nivel "
-"y para aplicaciones individuales. Se puede conseguir plugins adicionales de "
-"terceros que agregan aún más capacidades."
-
-#: en_US/Multimedia.xml:160(title) en_US/Fedora_desktop.xml:40(title)
+msgid "Most of the media players in Fedora support the use of plugins to add support for additional media formats and sound output systems. Some use powerful backends such as the <package>gstreamer</package> package to handle media format support and sound output. Fedora offers plugin packages for these backends and for individual applications, and third parties may offer additional plugins to add even greater capabilities."
+msgstr "La mayoría de los reproductores de medio en los repositorios de software de Fedora incluyen el uso de plugins para agregar soporte a formatos de medios adicionales y sistemas de salida de sonido. Algunos usan software de bajo nivel poderosos, como el paquete <package>gstreamer</package>, para manejar el soporte de formato de medios y salida de sonido. Los repositorios de software de Fedora ofrecen paquetes plugin para estos paquetes de bajo nivel y para aplicaciones individuales. Se puede conseguir plugins adicionales de terceros que agregan aún más capacidades."
+
+#: en_US/Multimedia.xml:160(title)
+#: en_US/Fedora_desktop.xml:40(title)
msgid "Infrared remote support"
msgstr "Soporte para control remoto por infrarrojos"
#: en_US/Multimedia.xml:161(para)
-msgid ""
-"A new graphical frontend to LIRC is provided by <command>gnome-lirc-"
-"properties</command>, making it easy to connect and configure infrared "
-"remote controls. LIRC is routinely used in multimedia applications to "
-"implement support for infrared remote controls, and using it in "
-"<application>Rhythmbox</application> and <application>Totem</application> "
-"should be as easy as plugging the remote receiver into your computer, then "
-"selecting <guimenuitem>Auto-detect</guimenuitem> in the <guimenu>Infrared "
-"Remote Control</guimenu> preferences."
-msgstr ""
-"Se provee una nueva interfase gráfica a LIRC con <command>gnome-lirc-"
-"properties</command>, lo que hace más fácil conectar y configurar controles "
-"remoto infrarrojos. LIRC es usado rutinariamente por aplicaciones multimedia "
-"para implementar el soporte para controles remoto infrarrojo y usarlos en "
-"<application>Rhythmbox</application> y <application>Totem</application> "
-"debería ser tan fácil como conectar el receptor a la computadora, y luego "
-"seleccionar <guimenuitem>Auto-detectar</guimenuitem> en las preferencias del "
-"<guimenu>Control Remoto Infrarrojo</guimenu>."
+msgid "A new graphical frontend to LIRC is provided by <command>gnome-lirc-properties</command>, making it easy to connect and configure infrared remote controls. LIRC is routinely used in multimedia applications to implement support for infrared remote controls, and using it in <application>Rhythmbox</application> and <application>Totem</application> should be as easy as plugging the remote receiver into your computer, then selecting <guimenuitem>Auto-detect</guimenuitem> in the <guimenu>Infrared Remote Control</guimenu> preferences."
+msgstr "Se provee una nueva interfase gráfica a LIRC con <command>gnome-lirc-properties</command>, lo que hace más fácil conectar y configurar controles remoto infrarrojos. LIRC es usado rutinariamente por aplicaciones multimedia para implementar el soporte para controles remoto infrarrojo y usarlos en <application>Rhythmbox</application> y <application>Totem</application> debería ser tan fácil como conectar el receptor a la computadora, y luego seleccionar <guimenuitem>Auto-detectar</guimenuitem> en las preferencias del <guimenu>Control Remoto Infrarrojo</guimenu>."
#: en_US/Multimedia.xml:171(para)
-msgid ""
-"If you had a previous setup with LIRC, it is recommended you regenerate the "
-"configuration files with <command>gnome-lirc-properties</command>. This is "
-"required so that a majority of applications work with your new setup."
-msgstr ""
-"Si tiene una configuración previa de LIRC, se recomienda que se regeneren "
-"los archivos de configuración con <command>gnome-lirc-properties</command>. "
-"Esto es necesario para la mayoría de las aplicaciones que funcionan con su "
-"nueva configuración."
+msgid "If you had a previous setup with LIRC, it is recommended you regenerate the configuration files with <command>gnome-lirc-properties</command>. This is required so that a majority of applications work with your new setup."
+msgstr "Si tiene una configuración previa de LIRC, se recomienda que se regeneren los archivos de configuración con <command>gnome-lirc-properties</command>. Esto es necesario para la mayoría de las aplicaciones que funcionan con su nueva configuración."
#: en_US/Multimedia.xml:175(para)
msgid "Refer to the feature page for more information:"
@@ -3060,38 +1674,16 @@ msgid "Glitch-free PulseAudio"
msgstr "PulseAudio Sin-errores"
#: en_US/Multimedia.xml:181(para)
-msgid ""
-"The PulseAudio sound server has been rewritten to use timer-based audio "
-"scheduling instead of the traditional interrupt-driven approach. This is the "
-"approach that is taken by other systems such as Apple's CoreAudio and the "
-"Windows Vista audio subsystem. The timer-based audio scheduling has a number "
-"of advantages, including reduced power consumption, minimization of drop-"
-"outs, and flexible adjustment of the latency for the needs of the "
-"application."
-msgstr ""
-"El servidor de sonido PulseAudio se rescribió para que tenga planificación "
-"de audio basada en timers, en vez de la aproximación tradicional de manejo "
-"por interrupción. Esta aproximación se toma por otros sistemas como el "
-"CoreAudio de Apple y el subsistema de audio de Windows Vista. La "
-"planificación basada en timers tiene un número de ventajas, que incluyen el "
-"consumo reducido de energía, la minimización de drop-outs, y ajuste flexible "
-"de la latencia según las necesidades de la aplicación."
+msgid "The PulseAudio sound server has been rewritten to use timer-based audio scheduling instead of the traditional interrupt-driven approach. This is the approach that is taken by other systems such as Apple's CoreAudio and the Windows Vista audio subsystem. The timer-based audio scheduling has a number of advantages, including reduced power consumption, minimization of drop-outs, and flexible adjustment of the latency for the needs of the application."
+msgstr "El servidor de sonido PulseAudio se rescribió para que tenga planificación de audio basada en timers, en vez de la aproximación tradicional de manejo por interrupción. Esta aproximación se toma por otros sistemas como el CoreAudio de Apple y el subsistema de audio de Windows Vista. La planificación basada en timers tiene un número de ventajas, que incluyen el consumo reducido de energía, la minimización de drop-outs, y ajuste flexible de la latencia según las necesidades de la aplicación."
#: en_US/Multimedia.xml:191(title)
msgid "SELinux denials in Totem and other GStreamer applications"
msgstr "Las negaciones de SELinux en Totem y otras aplicaciones GStreamer"
#: en_US/Multimedia.xml:193(para)
-msgid ""
-"Users may experience SELinux denials while using <application>Totem</"
-"application> or other GStreamer applications to play multimedia content. The "
-"SELinux Troubleshooting tool may produce output similar to the following "
-"message:"
-msgstr ""
-"Los usuarios pueden experimentar negaciones de SELinux cuando usen "
-"<application>Totem</application> u otra aplicación GStreamer para reproducir "
-"contenido multimedia. El Asistente de problemas de SELinux le puede dar una "
-"salida similar al mensaje siguiente:"
+msgid "Users may experience SELinux denials while using <application>Totem</application> or other GStreamer applications to play multimedia content. The SELinux Troubleshooting tool may produce output similar to the following message:"
+msgstr "Los usuarios pueden experimentar negaciones de SELinux cuando usen <application>Totem</application> u otra aplicación GStreamer para reproducir contenido multimedia. El Asistente de problemas de SELinux le puede dar una salida similar al mensaje siguiente:"
#: en_US/Multimedia.xml:199(screen)
#, no-wrap
@@ -3099,69 +1691,36 @@ msgid "SELinux is preventing gst-install-plu from making the program stack execu
msgstr "SELinux está previniendole que gst-install-plu haga la pila del programa ejecutable."
#: en_US/Multimedia.xml:200(para)
-msgid ""
-"This situation may occur when older versions of the Fluendo MP3 codecs are "
-"installed. To solve the issue, install the latest version of the Fluendo MP3 "
-"decoder plugin, which does not require an executable stack."
-msgstr ""
-"Esta situación puede ocurrir cuando las versiones más viejas de los codecs "
-"MP3 de Fluendo están instalados. Para resolver este problema, instale la "
-"última versión del complemento decodificador de MP3 de Fluendo, que no "
-"necesita una pila ejecutable."
+msgid "This situation may occur when older versions of the Fluendo MP3 codecs are installed. To solve the issue, install the latest version of the Fluendo MP3 decoder plugin, which does not require an executable stack."
+msgstr "Esta situación puede ocurrir cuando las versiones más viejas de los codecs MP3 de Fluendo están instalados. Para resolver este problema, instale la última versión del complemento decodificador de MP3 de Fluendo, que no necesita una pila ejecutable."
#: en_US/Mail_servers.xml:6(title)
msgid "Mail servers"
msgstr "Servidores de Correo"
#: en_US/Mail_servers.xml:7(para)
-msgid ""
-"This section concerns electronic mail servers or mail transfer agents (MTAs)."
-msgstr ""
-"Esta sección cubre los servidores de correo electrónicos o agentes de "
-"transferencia de correo (MTA en inglés)."
+msgid "This section concerns electronic mail servers or mail transfer agents (MTAs)."
+msgstr "Esta sección cubre los servidores de correo electrónicos o agentes de transferencia de correo (MTA en inglés)."
#: en_US/Mail_servers.xml:10(title)
msgid "Sendmail"
msgstr "Sendmail"
#: en_US/Mail_servers.xml:11(para)
-msgid ""
-"By default, the Sendmail mail transport agent (MTA) does not accept network "
-"connections from any host other than the local computer. To configure "
-"Sendmail as a server for other clients:"
-msgstr ""
-"Por defecto, el agente de transporte de correo <application>Sendmail</"
-"application> (MTA) no acepta conexiones de red desde ningún equipo excepto "
-"la computadora local. Para configurar <application>Sendmail</application> "
-"como un servidor para otros clientes:"
+msgid "By default, the Sendmail mail transport agent (MTA) does not accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients:"
+msgstr "Por defecto, el agente de transporte de correo <application>Sendmail</application> (MTA) no acepta conexiones de red desde ningún equipo excepto la computadora local. Para configurar <application>Sendmail</application> como un servidor para otros clientes:"
#: en_US/Mail_servers.xml:17(para)
-msgid ""
-"Edit <filename>/etc/mail/sendmail.mc</filename> and either change the "
-"<computeroutput>DAEMON_OPTIONS</computeroutput> line to also listen on "
-"network devices, or comment out this option entirely using the "
-"<computeroutput>dnl</computeroutput> comment delimiter."
-msgstr ""
-"Edite <filename>/etc/mail/sendmail.mc</filename> y ya sea cambie la línea "
-"<option>DAEMON_OPTIONS</option> para que escuche en dispositivos de red, o "
-"coméntela completamente usando el delimitador de comentarios <option>dnl</"
-"option>."
+msgid "Edit <filename>/etc/mail/sendmail.mc</filename> and either change the <computeroutput>DAEMON_OPTIONS</computeroutput> line to also listen on network devices, or comment out this option entirely using the <computeroutput>dnl</computeroutput> comment delimiter."
+msgstr "Edite <filename>/etc/mail/sendmail.mc</filename> y ya sea cambie la línea <option>DAEMON_OPTIONS</option> para que escuche en dispositivos de red, o coméntela completamente usando el delimitador de comentarios <option>dnl</option>."
#: en_US/Mail_servers.xml:24(para)
-msgid ""
-"Install the <package>sendmail-cf</package> package: <command>su -c 'yum "
-"install sendmail-cf'</command>"
-msgstr ""
-"Instalar el paquete <package>sendmail-cf</package> : <command>su -c 'yum "
-"install sendmail-cf'</command>"
+msgid "Install the <package>sendmail-cf</package> package: <command>su -c 'yum install sendmail-cf'</command>"
+msgstr "Instalar el paquete <package>sendmail-cf</package> : <command>su -c 'yum install sendmail-cf'</command>"
#: en_US/Mail_servers.xml:29(para)
-msgid ""
-"Regenerate <filename>/etc/mail/sendmail.cf</filename>: <command>su -c 'make -"
-"C /etc/mail'</command>"
-msgstr ""
-"Regenerar <filename>/etc/mail/sendmail.cf</filename>: <command>su -c 'make -"
-"C /etc/mail'</command>"
+msgid "Regenerate <filename>/etc/mail/sendmail.cf</filename>: <command>su -c 'make -C /etc/mail'</command>"
+msgstr "Regenerar <filename>/etc/mail/sendmail.cf</filename>: <command>su -c 'make -C /etc/mail'</command>"
#: en_US/Linux_kernel.xml:6(title)
msgid "Linux kernel"
@@ -3172,44 +1731,24 @@ msgid "Deprecated or out of date content?"
msgstr "¿Contenido obsoleto o fuera de fecha?"
#: en_US/Linux_kernel.xml:9(para)
-msgid ""
-"This content may be deprecated or out of date, it has not been updated since "
-"the Fedora 9 release notes."
-msgstr ""
-"Este contenido puede estar obsoleto o fuera de fecha, y no ha sido "
-"actualizado desde las notas del lanzamiento de Fedora 9."
+msgid "This content may be deprecated or out of date, it has not been updated since the Fedora 9 release notes."
+msgstr "Este contenido puede estar obsoleto o fuera de fecha, y no ha sido actualizado desde las notas del lanzamiento de Fedora 9."
#: en_US/Linux_kernel.xml:13(para)
-msgid ""
-"This section covers changes and important information regarding the 2.6.27 "
-"based kernel in Fedora 10."
-msgstr ""
-"Esta sección cubre los cambios e información importante respecto del kernel "
-"2.6.27 en el que se basa Fedora 10. El kernel 2.6.27 incluye:"
+msgid "This section covers changes and important information regarding the 2.6.27 based kernel in Fedora 10."
+msgstr "Esta sección cubre los cambios e información importante respecto del kernel 2.6.27 en el que se basa Fedora 10. El kernel 2.6.27 incluye:"
#: en_US/Linux_kernel.xml:16(title)
msgid "Version"
msgstr "Versión"
#: en_US/Linux_kernel.xml:17(para)
-msgid ""
-"Fedora may include additional patches to the kernel for improvements, bug "
-"fixes, or additional features. For this reason, the Fedora kernel may not be "
-"line-for-line equivalent to the so-called <firstterm>vanilla kernel</"
-"firstterm> from the kernel.org web site:"
-msgstr ""
-"Fedora puede incluir parches adicionales al kernel con mejoras, corrección "
-"de errores y características adicionales. Por esta razón, el kernel de "
-"Fedora puede no ser línea a línea equivalente al así llamado "
-"<firstterm>kernel de vainilla</firstterm> del sitio web de kernel.org:"
+msgid "Fedora may include additional patches to the kernel for improvements, bug fixes, or additional features. For this reason, the Fedora kernel may not be line-for-line equivalent to the so-called <firstterm>vanilla kernel</firstterm> from the kernel.org web site:"
+msgstr "Fedora puede incluir parches adicionales al kernel con mejoras, corrección de errores y características adicionales. Por esta razón, el kernel de Fedora puede no ser línea a línea equivalente al así llamado <firstterm>kernel de vainilla</firstterm> del sitio web de kernel.org:"
#: en_US/Linux_kernel.xml:25(para)
-msgid ""
-"To obtain a list of these patches, download the source RPM package and run "
-"the following command against it:"
-msgstr ""
-"Para obtener una lista de estos parches, descargue el paquete RPM con las "
-"fuentes y ejecute el siguiente comando contra éste:"
+msgid "To obtain a list of these patches, download the source RPM package and run the following command against it:"
+msgstr "Para obtener una lista de estos parches, descargue el paquete RPM con las fuentes y ejecute el siguiente comando contra éste:"
#: en_US/Linux_kernel.xml:28(userinput)
#, no-wrap
@@ -3222,9 +1761,7 @@ msgstr "Log de Cambios"
#: en_US/Linux_kernel.xml:33(para)
msgid "To retrieve a log of changes to the package, run the following command:"
-msgstr ""
-"Para obtener un registro de los cambios al paquete, ejecute el siguiente "
-"comando:"
+msgstr "Para obtener un registro de los cambios al paquete, ejecute el siguiente comando:"
#: en_US/Linux_kernel.xml:36(userinput)
#, no-wrap
@@ -3232,27 +1769,12 @@ msgid "rpm -q --changelog kernel-<version>"
msgstr "rpm -q --changelog kernel-<version>"
#: en_US/Linux_kernel.xml:38(para)
-msgid ""
-"If you need a user friendly version of the changelog, refer to <ulink url="
-"\"http://wiki.kernelnewbies.org/LinuxChanges\"/>. A short and full diff of "
-"the kernel is available from <ulink url=\"http://kernel.org/git\"/>. The "
-"Fedora version kernel is based on the Linus tree."
-msgstr ""
-"Si necesita una versión amigable al usuario del log de cambios, vaya a "
-"<ulink url=\"http://wiki.kernelnewbies.org/LinuxChanges\">http://wiki."
-"kernelnewbies.org/LinuxChanges</ulink>. Un diff corto y uno completo del "
-"kernel está disponible en from <ulink url=\"http://kernel.org/git\">http://"
-"kernel.org/git</ulink>. La versión de kernel de Fedora está basada en el "
-"árbol de Linus."
+msgid "If you need a user friendly version of the changelog, refer to <ulink url=\"http://wiki.kernelnewbies.org/LinuxChanges\"/>. A short and full diff of the kernel is available from <ulink url=\"http://kernel.org/git\"/>. The Fedora version kernel is based on the Linus tree."
+msgstr "Si necesita una versión amigable al usuario del log de cambios, vaya a <ulink url=\"http://wiki.kernelnewbies.org/LinuxChanges\">http://wiki.kernelnewbies.org/LinuxChanges</ulink>. Un diff corto y uno completo del kernel está disponible en from <ulink url=\"http://kernel.org/git\">http://kernel.org/git</ulink>. La versión de kernel de Fedora está basada en el árbol de Linus."
#: en_US/Linux_kernel.xml:43(para)
-msgid ""
-"Customizations made for the Fedora version are available from <ulink url="
-"\"http://cvs.fedoraproject.org\"/>."
-msgstr ""
-"Las personalizaciones hechas para la versión de Fedora están disponibles en "
-"<ulink url=\"http://cvs.fedoraproject.org\">http://cvs.fedoraproject.org</"
-"ulink>."
+msgid "Customizations made for the Fedora version are available from <ulink url=\"http://cvs.fedoraproject.org\"/>."
+msgstr "Las personalizaciones hechas para la versión de Fedora están disponibles en <ulink url=\"http://cvs.fedoraproject.org\">http://cvs.fedoraproject.org</ulink>."
#: en_US/Linux_kernel.xml:47(title)
msgid "Kernel flavors"
@@ -3263,45 +1785,20 @@ msgid "Fedora 10 includes the following kernel builds:"
msgstr "Fedora 10 incluye los siguientes kernels construídos:"
#: en_US/Linux_kernel.xml:51(para)
-msgid ""
-"Native kernel, for use in most systems. Configured sources are available in "
-"the <package>kernel-devel</package> package."
-msgstr ""
-"Kernel nativo, para usar en la mayoría de los sistemas. Las fuentes "
-"configuradas están disponibles en el paquete <package>kernel-devel</package>."
+msgid "Native kernel, for use in most systems. Configured sources are available in the <package>kernel-devel</package> package."
+msgstr "Kernel nativo, para usar en la mayoría de los sistemas. Las fuentes configuradas están disponibles en el paquete <package>kernel-devel</package>."
#: en_US/Linux_kernel.xml:56(para)
-msgid ""
-"The kernel-PAE, for use in 32-bit x86 systems with more than 4GB of RAM, or "
-"with CPUs that have a NX (No eXecute) feature. This kernel support both "
-"uniprocessor and multi-processor systems. Configured sources are available "
-"in the <package>kernel-PAE-devel</package> package."
-msgstr ""
-"El kernel-PAE para usar en sistemas con x86 de 32 bit con más de 4GB de RAM, "
-"o con CPUs que tengan la característica \"NX (no ejecutar)\". Este kernel da "
-"soporte a sistemas monoprocesador y multiprocesadores. Las fuentes "
-"configuradas están disponibles en el paquete <package>kernel-PAE-devel</"
-"package>."
+msgid "The kernel-PAE, for use in 32-bit x86 systems with more than 4GB of RAM, or with CPUs that have a NX (No eXecute) feature. This kernel support both uniprocessor and multi-processor systems. Configured sources are available in the <package>kernel-PAE-devel</package> package."
+msgstr "El kernel-PAE para usar en sistemas con x86 de 32 bit con más de 4GB de RAM, o con CPUs que tengan la característica \"NX (no ejecutar)\". Este kernel da soporte a sistemas monoprocesador y multiprocesadores. Las fuentes configuradas están disponibles en el paquete <package>kernel-PAE-devel</package>."
#: en_US/Linux_kernel.xml:63(para)
-msgid ""
-"Debugging kernel, for use in debugging some kernel issues. Configured "
-"sources are available in the <package>kernel-debug-devel</package> package."
-msgstr ""
-"Kernel de debuggeo, para usar en encontrar errores en algunos sistemas. Las "
-"fuentes configuradas están disponibles en el paquete <package>kernel-debug-"
-"devel</package>."
+msgid "Debugging kernel, for use in debugging some kernel issues. Configured sources are available in the <package>kernel-debug-devel</package> package."
+msgstr "Kernel de debuggeo, para usar en encontrar errores en algunos sistemas. Las fuentes configuradas están disponibles en el paquete <package>kernel-debug-devel</package>."
#: en_US/Linux_kernel.xml:68(para)
-msgid ""
-"You may install kernel headers for all four kernel flavors at the same time. "
-"The files are installed in the <filename>/usr/src/kernels/<version>[-"
-"PAE|-xen|-kdump]-<arch>/</filename> tree. Use the following command:"
-msgstr ""
-"Puede instalar las cabeceras del kernel para todos los sabores de los kernel "
-"al mismo tiempo. Los archivos son instalados en el árbol <filename class="
-"\"directory\">/usr/src/kernels/<replaceable>version</replaceable>[-PAE|-xen|-"
-"kdump]-<replaceable>arch</replaceable>/</filename>. Use el siguiente comando:"
+msgid "You may install kernel headers for all four kernel flavors at the same time. The files are installed in the <filename>/usr/src/kernels/<version>[-PAE|-xen|-kdump]-<arch>/</filename> tree. Use the following command:"
+msgstr "Puede instalar las cabeceras del kernel para todos los sabores de los kernel al mismo tiempo. Los archivos son instalados en el árbol <filename class=\"directory\">/usr/src/kernels/<replaceable>version</replaceable>[-PAE|-xen|-kdump]-<replaceable>arch</replaceable>/</filename>. Use el siguiente comando:"
#: en_US/Linux_kernel.xml:74(userinput)
#, no-wrap
@@ -3309,114 +1806,64 @@ msgid "su -c 'yum install kernel{,-PAE,-xen,-kdump}-devel'"
msgstr "su -c 'yum install kernel{,-PAE,-xen,-kdump}-devel'"
#: en_US/Linux_kernel.xml:76(para)
-msgid ""
-"Select one or more of these flavors, separated by commas and no spaces, as "
-"appropriate. Enter the root password when prompted."
-msgstr ""
-"Seleccione uno o más de estos sabores, separados por comas y sin espacios, "
-"según corresponda. Ingrese la clave de <systemitem class=\"username\">root</"
-"systemitem> cuando se le pregunte."
+msgid "Select one or more of these flavors, separated by commas and no spaces, as appropriate. Enter the root password when prompted."
+msgstr "Seleccione uno o más de estos sabores, separados por comas y sin espacios, según corresponda. Ingrese la clave de <systemitem class=\"username\">root</systemitem> cuando se le pregunte."
#: en_US/Linux_kernel.xml:80(title)
msgid "x86 Kernel Includes Kdump"
msgstr "El Kernel x86 Incluye Kdump"
#: en_US/Linux_kernel.xml:81(para)
-msgid ""
-"Both the x86_64 and the i686 kernels are relocatable, so they no longer "
-"require a separate kernel for kdump capability. PPC64 still requires a "
-"separate kdump kernel."
-msgstr ""
-"El kernel de 64 bit y el de i686 son ahora reubicables, por lo que no "
-"requieren un kernel separado para la funcionalidad kdump. En PPC64 todavía "
-"se requiere la instalación del kernel <package>-kdump</package>."
+msgid "Both the x86_64 and the i686 kernels are relocatable, so they no longer require a separate kernel for kdump capability. PPC64 still requires a separate kdump kernel."
+msgstr "El kernel de 64 bit y el de i686 son ahora reubicables, por lo que no requieren un kernel separado para la funcionalidad kdump. En PPC64 todavía se requiere la instalación del kernel <package>-kdump</package>."
#: en_US/Linux_kernel.xml:87(title)
msgid "Kernel Includes Paravirtualization"
msgstr "Kernel incluye Paravirtualización"
#: en_US/Linux_kernel.xml:88(para)
-msgid ""
-"Both the x86_64 and the i686 kernels contain <option>paravirt_ops</option> "
-"support and no longer require a separate kernel for running under a Xen "
-"hypervisor. For more information, refer to <xref linkend=\"sn-"
-"Unified_kernel_image\"/>."
-msgstr ""
-"Tanto el kernel de i686 como el de x64_64 contienen soporte "
-"<option>paravirt_ops</option> y no requieren un kernel independiente para "
-"correr Xen. Para mas información, consulte <xref linkend=\"sn-"
-"Unified_kernel_image\"/>."
+msgid "Both the x86_64 and the i686 kernels contain <option>paravirt_ops</option> support and no longer require a separate kernel for running under a Xen hypervisor. For more information, refer to <xref linkend=\"sn-Unified_kernel_image\"/>."
+msgstr "Tanto el kernel de i686 como el de x64_64 contienen soporte <option>paravirt_ops</option> y no requieren un kernel independiente para correr Xen. Para mas información, consulte <xref linkend=\"sn-Unified_kernel_image\"/>."
#: en_US/Linux_kernel.xml:98(title)
msgid "Default Kernel Provides SMP"
msgstr "El kernel por defecto provee SMP"
#: en_US/Linux_kernel.xml:99(para)
-msgid ""
-"There is no separate SMP kernel available for Fedora on i386, x86_64, and "
-"ppc64. Multiprocessor support is provided by the native kernel."
-msgstr ""
-"No hay un kernel SMP separado disponible en Fedora en i386, x86_64 y ppc64. "
-"El soporte multiprocesador se provee en forma nativa en el kernel."
+msgid "There is no separate SMP kernel available for Fedora on i386, x86_64, and ppc64. Multiprocessor support is provided by the native kernel."
+msgstr "No hay un kernel SMP separado disponible en Fedora en i386, x86_64 y ppc64. El soporte multiprocesador se provee en forma nativa en el kernel."
#: en_US/Linux_kernel.xml:105(title)
msgid "PowerPC Kernel Support"
msgstr "Soporte para PowerPC en el Kernel"
#: en_US/Linux_kernel.xml:106(para)
-msgid ""
-"There is no support for Xen or kdump for the PowerPC architecture in Fedora. "
-"32-bit PowerPC still has a separate SMP kernel."
-msgstr ""
-"No hay soporte para Xen o kdump en la arquitectura PowerPC en Fedora. "
-"PowerPC de 32 bit tiene todavía un kernel SMP separado."
+msgid "There is no support for Xen or kdump for the PowerPC architecture in Fedora. 32-bit PowerPC still has a separate SMP kernel."
+msgstr "No hay soporte para Xen o kdump en la arquitectura PowerPC en Fedora. PowerPC de 32 bit tiene todavía un kernel SMP separado."
#: en_US/Linux_kernel.xml:113(title)
msgid "Preparing for kernel development"
msgstr "Preparación para Desarrollo del Kernel"
#: en_US/Linux_kernel.xml:114(para)
-msgid ""
-"Fedora 10 does not include the <package>kernel-source</package> package "
-"provided by older versions since only the <package>kernel-devel</package> "
-"package is required now to build external modules. Configured sources are "
-"available, as described in <xref linkend=\"sn-Kernel_flavors\"/>."
-msgstr ""
-"Fedora 10 no incluye el paquete <package>kernel-source</package> provista "
-"por versiones anteriores dado que sólo se requiere el paquete "
-"<package>kernel-devel</package> para construir módulos externos. Las fuentes "
-"configuradas están disponibles, como se describe en la sección <xref linkend="
-"\"sn-Kernel_flavors\"/>."
+msgid "Fedora 10 does not include the <package>kernel-source</package> package provided by older versions since only the <package>kernel-devel</package> package is required now to build external modules. Configured sources are available, as described in <xref linkend=\"sn-Kernel_flavors\"/>."
+msgstr "Fedora 10 no incluye el paquete <package>kernel-source</package> provista por versiones anteriores dado que sólo se requiere el paquete <package>kernel-devel</package> para construir módulos externos. Las fuentes configuradas están disponibles, como se describe en la sección <xref linkend=\"sn-Kernel_flavors\"/>."
#: en_US/Linux_kernel.xml:122(title)
msgid "Custom Kernel Building"
msgstr "Construcción de un Kernel a medida"
#: en_US/Linux_kernel.xml:123(para)
-msgid ""
-"For information on kernel development and working with custom kernels, refer "
-"to <ulink url=\"http://fedoraproject.org/wiki/Building_a_custom_kernel\"/>"
-msgstr ""
-"Para información del desarrollo de kernel y del trabajo con kernels "
-"personalizados, vaya a <ulink url=\"http://fedoraproject.org/wiki/Docs/"
-"CustomKernel\"/>."
+msgid "For information on kernel development and working with custom kernels, refer to <ulink url=\"http://fedoraproject.org/wiki/Building_a_custom_kernel\"/>"
+msgstr "Para información del desarrollo de kernel y del trabajo con kernels personalizados, vaya a <ulink url=\"http://fedoraproject.org/wiki/Docs/CustomKernel\"/>."
#: en_US/Linux_kernel.xml:131(title)
msgid "Reporting bugs"
msgstr "Reporte de Errores"
#: en_US/Linux_kernel.xml:132(para)
-msgid ""
-"Refer to <ulink url=\"http://kernel.org/pub/linux/docs/lkml/reporting-bugs."
-"html\"/> for information on reporting bugs in the Linux kernel. You may also "
-"use <ulink url=\"http://bugzilla.redhat.com\"/> for reporting bugs that are "
-"specific to Fedora."
-msgstr ""
-"Vaya a <ulink url=\"http://kernel.org/pub/linux/docs/lkml/reporting-bugs."
-"html\">http://kernel.org/pub/linux/docs/lkml/reporting-bugs.html</ulink> "
-"para obtener información sobre cómo informar errores en el kernel de Linux. "
-"Puede también usar <ulink url=\"http://bugzilla.redhat.com\">http://bugzilla."
-"redhat.com</ulink> para informar errores que sean específicos a Fedora."
+msgid "Refer to <ulink url=\"http://kernel.org/pub/linux/docs/lkml/reporting-bugs.html\"/> for information on reporting bugs in the Linux kernel. You may also use <ulink url=\"http://bugzilla.redhat.com\"/> for reporting bugs that are specific to Fedora."
+msgstr "Vaya a <ulink url=\"http://kernel.org/pub/linux/docs/lkml/reporting-bugs.html\">http://kernel.org/pub/linux/docs/lkml/reporting-bugs.html</ulink> para obtener información sobre cómo informar errores en el kernel de Linux. Puede también usar <ulink url=\"http://bugzilla.redhat.com\">http://bugzilla.redhat.com</ulink> para informar errores que sean específicos a Fedora."
#: en_US/Legal.xml:6(title)
msgid "Legal"
@@ -3431,24 +1878,16 @@ msgid "License"
msgstr "Licencia"
#: en_US/Legal.xml:10(para)
-msgid ""
-"The Fedora License Agreement is included with each release. A reference "
-"version is available on the Fedora Project website:"
-msgstr ""
-"El Acuerdo de Licencia de Fedora se incluye en cada lanzamiento. Una versión "
-"de referencia está disponible en el sitio web del Proyecto Fedora:"
+msgid "The Fedora License Agreement is included with each release. A reference version is available on the Fedora Project website:"
+msgstr "El Acuerdo de Licencia de Fedora se incluye en cada lanzamiento. Una versión de referencia está disponible en el sitio web del Proyecto Fedora:"
#: en_US/Legal.xml:12(ulink)
msgid "http://fedoraproject.org/wiki/Legal/Licenses/LicenseAgreement"
msgstr "http://fedoraproject.org/wiki/Legal/Licenses/LicenseAgreement"
#: en_US/Legal.xml:13(para)
-msgid ""
-"This document is licensed under the terms of the Open Publication License "
-"v1.0 without options:"
-msgstr ""
-"Este documento está licenciado bajo los términos de la Licencia de "
-"Publicación Abierta v1.0 sin opciones:"
+msgid "This document is licensed under the terms of the Open Publication License v1.0 without options:"
+msgstr "Este documento está licenciado bajo los términos de la Licencia de Publicación Abierta v1.0 sin opciones:"
#: en_US/Legal.xml:15(ulink)
msgid "http://fedoraproject.org/wiki/Legal/Licenses/OPL"
@@ -3459,12 +1898,8 @@ msgid "Trademarks"
msgstr "Lineamientos Comerciales"
#: en_US/Legal.xml:19(para)
-msgid ""
-"'Fedora' and the Fedora logo are trademarks of Red Hat, Inc. and are subject "
-"to the terms of the Fedora Trademark Guidelines:"
-msgstr ""
-"'Fedora' y el logo de Fedora son marcas comerciales de Red Hat, Inc. y están "
-"sujetos a los términos de los Lineamientos de Marcas Comerciales de Fedora:"
+msgid "'Fedora' and the Fedora logo are trademarks of Red Hat, Inc. and are subject to the terms of the Fedora Trademark Guidelines:"
+msgstr "'Fedora' y el logo de Fedora son marcas comerciales de Red Hat, Inc. y están sujetos a los términos de los Lineamientos de Marcas Comerciales de Fedora:"
#: en_US/Legal.xml:21(ulink)
msgid "http://fedoraproject.org/wiki/Legal/TrademarkGuidelines"
@@ -3472,56 +1907,31 @@ msgstr "http://fedoraproject.org/wiki/Legal/TrademarkGuidelines"
#: en_US/Legal.xml:22(para)
msgid "All other trademarks are the property of their respective owners."
-msgstr ""
-"Todas las otras marcas comerciales son propiedad de sus respectivos dueños."
+msgstr "Todas las otras marcas comerciales son propiedad de sus respectivos dueños."
#: en_US/Legal.xml:24(title)
msgid "External References"
msgstr "Referencias Externas"
#: en_US/Legal.xml:25(para)
-msgid ""
-"This document may link to other resources that are not under the control of "
-"and are not maintained by the Fedora Project. Red Hat, Inc. is not "
-"responsible for the content of those resources. We provide these links only "
-"as a convenience, and the inclusion of any link to such a resource does not "
-"imply endorsement by the Fedora Project or Red Hat of that resource. We "
-"reserve the right to terminate any link or linking program at any time."
-msgstr ""
-"Este documento puede enlazar a otros recursos que no están bajo el control "
-"ni tampoco son mantenidos por el Proyecto Fedora. Red Hat Inc. no es "
-"responsable por el contenido de esos recursos. Se proveen los enlaces sólo "
-"por conveniencia, y la inclusión de tales enlaces no implican un endoso del "
-"Proyecto Fedora o de Red Hat a tal recurso. El Proyecto Fedora se reserva el "
-"derecho de finalizar cualquier enlace o incluir cualquier programa en "
-"cualquier momento."
+msgid "This document may link to other resources that are not under the control of and are not maintained by the Fedora Project. Red Hat, Inc. is not responsible for the content of those resources. We provide these links only as a convenience, and the inclusion of any link to such a resource does not imply endorsement by the Fedora Project or Red Hat of that resource. We reserve the right to terminate any link or linking program at any time."
+msgstr "Este documento puede enlazar a otros recursos que no están bajo el control ni tampoco son mantenidos por el Proyecto Fedora. Red Hat Inc. no es responsable por el contenido de esos recursos. Se proveen los enlaces sólo por conveniencia, y la inclusión de tales enlaces no implican un endoso del Proyecto Fedora o de Red Hat a tal recurso. El Proyecto Fedora se reserva el derecho de finalizar cualquier enlace o incluir cualquier programa en cualquier momento."
#: en_US/Legal.xml:27(title)
msgid "Export"
msgstr "Exportar"
#: en_US/Legal.xml:28(para)
-msgid ""
-"Certain export restrictions may apply to Fedora Project releases. Refer to "
-"<ulink url=\"http://fedoraproject.org/wiki/Legal/Export\">http://"
-"fedoraproject.org/wiki/Legal/Export</ulink> for more details."
-msgstr ""
-"Algunas restricciones de exportación podrían aplicar a las liberaciones del "
-"Proyecto Fedora. Vea <ulink url=\"http://fedoraproject.org/wiki/Legal/Export"
-"\">http://fedoraproject.org/wiki/Legal/Export</ulink> para más detalles."
+msgid "Certain export restrictions may apply to Fedora Project releases. Refer to <ulink url=\"http://fedoraproject.org/wiki/Legal/Export\">http://fedoraproject.org/wiki/Legal/Export</ulink> for more details."
+msgstr "Algunas restricciones de exportación podrían aplicar a las liberaciones del Proyecto Fedora. Vea <ulink url=\"http://fedoraproject.org/wiki/Legal/Export\">http://fedoraproject.org/wiki/Legal/Export</ulink> para más detalles."
#: en_US/Legal.xml:30(title)
msgid "More Information"
msgstr "Más información"
#: en_US/Legal.xml:31(para)
-msgid ""
-"Additional legal information surrounding this document and Fedora Project "
-"releases is available on the Fedora Project website:"
-msgstr ""
-"Información legal adicional relacionada con este documento y los "
-"lanzamientos del Proyecto Fedora se encuentran disponibles en el sitio web "
-"del Proyecto Fedora:"
+msgid "Additional legal information surrounding this document and Fedora Project releases is available on the Fedora Project website:"
+msgstr "Información legal adicional relacionada con este documento y los lanzamientos del Proyecto Fedora se encuentran disponibles en el sitio web del Proyecto Fedora:"
#: en_US/Legal.xml:33(ulink)
msgid "http://fedoraproject.org/wiki/Legal"
@@ -3532,105 +1942,48 @@ msgid "Legal and Miscellaneous"
msgstr "Legal y Temas Varios"
#: en_US/legalnotice.xml:12(para)
-msgid ""
-"Copyright © 2007, 2008 by Red Hat, Inc. and others. This material may "
-"be distributed only subject to the terms and conditions set forth in the "
-"Open Publication License, v1.0, available at <ulink url=\"http://www."
-"opencontent.org/openpub/\"/>."
-msgstr ""
-"Copyright © 2007, 2008 por Red Hat, Inc. y otros. este material se "
-"puede distribuir sólo bajo los términos y condiciones puestas en la Licencia "
-"de Publicación Abierta, v1.0, disponibles en <ulink url=\"http://www."
-"opencontent.org/openpub/\"/>."
+msgid "Copyright © 2007, 2008 by Red Hat, Inc. and others. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0, available at <ulink url=\"http://www.opencontent.org/openpub/\"/>."
+msgstr "Copyright © 2007, 2008 por Red Hat, Inc. y otros. este material se puede distribuir sólo bajo los términos y condiciones puestas en la Licencia de Publicación Abierta, v1.0, disponibles en <ulink url=\"http://www.opencontent.org/openpub/\"/>."
#: en_US/legalnotice.xml:18(para)
-msgid ""
-"FEDORA, FEDORA PROJECT, and the Fedora Logo are trademarks of Red Hat, Inc., "
-"are registered or pending registration in the U.S. and other countries, and "
-"are used here under license to the Fedora Project."
-msgstr ""
-"FEDORA, EL PROYECTO FEDORA, y el Logo de Fedora son marcas comerciales de "
-"Red Hat, Inc., están registrados o pendientes de registrar en los EEUU y "
-"otros países, y se usan aquí con el permiso dado al Proyecto Fedora."
+msgid "FEDORA, FEDORA PROJECT, and the Fedora Logo are trademarks of Red Hat, Inc., are registered or pending registration in the U.S. and other countries, and are used here under license to the Fedora Project."
+msgstr "FEDORA, EL PROYECTO FEDORA, y el Logo de Fedora son marcas comerciales de Red Hat, Inc., están registrados o pendientes de registrar en los EEUU y otros países, y se usan aquí con el permiso dado al Proyecto Fedora."
#: en_US/legalnotice.xml:24(para)
-msgid ""
-"Red Hat and the Red Hat \"Shadow Man\" logo are registered trademarks of Red "
-"Hat, Inc. in the United States and other countries."
-msgstr ""
-"Red Hat y el logo de Red Hat \"Shadow Man\" son marcas comerciales "
-"registradas de Red Hat, Inc. en los Estados Unidos y en otros países."
+msgid "Red Hat and the Red Hat \"Shadow Man\" logo are registered trademarks of Red Hat, Inc. in the United States and other countries."
+msgstr "Red Hat y el logo de Red Hat \"Shadow Man\" son marcas comerciales registradas de Red Hat, Inc. en los Estados Unidos y en otros países."
#: en_US/legalnotice.xml:29(para)
-msgid ""
-"All other trademarks and copyrights referred to are the property of their "
-"respective owners."
-msgstr ""
-"Todas las demás marcas comerciales y derechos de autor a las que se hacen "
-"referencia son propiedad de sus respectivos dueños."
+msgid "All other trademarks and copyrights referred to are the property of their respective owners."
+msgstr "Todas las demás marcas comerciales y derechos de autor a las que se hacen referencia son propiedad de sus respectivos dueños."
#: en_US/legalnotice.xml:33(para)
-msgid ""
-"Documentation, as with software itself, may be subject to export control. "
-"Read about Fedora Project export controls at <ulink url=\"http://"
-"fedoraproject.org/wiki/Legal/Export\"/>."
-msgstr ""
-"La documentación, al igual que el software, pueden estar sujetas al control "
-"de exportación. Lea acerca de los controles de exportación del Proyecto "
-"Fedora en <ulink url=\"http://fedoraproject.org/wiki/Legal/Export\"/>."
+msgid "Documentation, as with software itself, may be subject to export control. Read about Fedora Project export controls at <ulink url=\"http://fedoraproject.org/wiki/Legal/Export\"/>."
+msgstr "La documentación, al igual que el software, pueden estar sujetas al control de exportación. Lea acerca de los controles de exportación del Proyecto Fedora en <ulink url=\"http://fedoraproject.org/wiki/Legal/Export\"/>."
#: en_US/KDE_3_development_platform_and_libraries.xml:6(title)
msgid "KDE 3 Development Platform and Libraries"
msgstr "Plataforma de Desarrollo KDE 3"
#: en_US/KDE_3_development_platform_and_libraries.xml:7(para)
-msgid ""
-"Fedora now features KDE 4, and no longer offers KDE 3 as a full desktop "
-"environment. Fedora does provide the following KDE 3.5 library packages to "
-"run and build the many existing KDE 3 applications:"
-msgstr ""
-"Fedora ahora incluye KDE 4.0 y no incluye KDE 3 como un ambiente de "
-"escritorio completo. Fedora provee con las librerias de KDE 3.5 para correr "
-"y compilar aplicaciones de KDE 3 existentes. "
+msgid "Fedora now features KDE 4, and no longer offers KDE 3 as a full desktop environment. Fedora does provide the following KDE 3.5 library packages to run and build the many existing KDE 3 applications:"
+msgstr "Fedora ahora incluye KDE 4.0 y no incluye KDE 3 como un ambiente de escritorio completo. Fedora provee con las librerias de KDE 3.5 para correr y compilar aplicaciones de KDE 3 existentes. "
#: en_US/KDE_3_development_platform_and_libraries.xml:14(para)
-msgid ""
-"<package>qt3</package>, <package>qt3-devel</package> (and other <package>qt3-"
-"*</package> packages): Qt 3.3.8b"
-msgstr ""
-"<package>qt3</package> , <package>qt3-devel</package> (y otros paquetes "
-"<package>qt3-*</package> packages): Qt 3.3.8b"
+msgid "<package>qt3</package>, <package>qt3-devel</package> (and other <package>qt3-*</package> packages): Qt 3.3.8b"
+msgstr "<package>qt3</package> , <package>qt3-devel</package> (y otros paquetes <package>qt3-*</package> packages): Qt 3.3.8b"
#: en_US/KDE_3_development_platform_and_libraries.xml:19(para)
-msgid ""
-"<package>kdelibs3</package>, <package>kdelibs3-devel</package>: KDE 3 "
-"libraries"
-msgstr ""
-"<package>kdelibs3</package> , <package>kdelibs3-devel</package> : "
-"bibliotecas de KDE 3"
+msgid "<package>kdelibs3</package>, <package>kdelibs3-devel</package>: KDE 3 libraries"
+msgstr "<package>kdelibs3</package> , <package>kdelibs3-devel</package> : bibliotecas de KDE 3"
#: en_US/KDE_3_development_platform_and_libraries.xml:24(para)
-msgid ""
-"<package>kdebase3</package>, <package>kdebase3-pim-ioslaves</package>, "
-"<package>kdebase3-devel</package>: KDE 3 core files required by some "
-"applications"
-msgstr ""
-"<package>kdebase3</package> , <package>kdebase3-devel</package> : Los "
-"archivos base de KDE 3 son requeridos por algunas aplicaciones. "
+msgid "<package>kdebase3</package>, <package>kdebase3-pim-ioslaves</package>, <package>kdebase3-devel</package>: KDE 3 core files required by some applications"
+msgstr "<package>kdebase3</package> , <package>kdebase3-devel</package> : Los archivos base de KDE 3 son requeridos por algunas aplicaciones. "
#: en_US/KDE_3_development_platform_and_libraries.xml:31(para)
-msgid ""
-"Moreover, the KDE 4 <package>kdebase-runtime</package> package, which "
-"provides <command>khelpcenter</command>, also sets up <command>khelpcenter</"
-"command> as a service for KDE 3 applications, so help in KDE 3 applications "
-"works. The KDE 3 version of <command>khelpcenter</command> is no longer "
-"provided, and the KDE 4 version is used instead."
-msgstr ""
-"Ademas, el paquete KDE 4 <package>kdebase-runtime</package>, que provee "
-"<package>khelpcenter</package> , tambien configura <package>khelpcenter</"
-"package> como un servicio para las aplicaciones KDE 3, de forma que la ayuda "
-"en KDE 3 funciona. La version de KDE 3 de <package>khelpcenter</package> ya "
-"no es parte de Fedora ya que fue reemplazada por la de KDE 4. "
+msgid "Moreover, the KDE 4 <package>kdebase-runtime</package> package, which provides <command>khelpcenter</command>, also sets up <command>khelpcenter</command> as a service for KDE 3 applications, so help in KDE 3 applications works. The KDE 3 version of <command>khelpcenter</command> is no longer provided, and the KDE 4 version is used instead."
+msgstr "Ademas, el paquete KDE 4 <package>kdebase-runtime</package>, que provee <package>khelpcenter</package> , tambien configura <package>khelpcenter</package> como un servicio para las aplicaciones KDE 3, de forma que la ayuda en KDE 3 funciona. La version de KDE 3 de <package>khelpcenter</package> ya no es parte de Fedora ya que fue reemplazada por la de KDE 4. "
#: en_US/KDE_3_development_platform_and_libraries.xml:37(para)
msgid "These packages are designed to:"
@@ -3641,123 +1994,52 @@ msgid "comply with the Filesystem Hierarchy Standard (FHS), and"
msgstr "conformar con el Estándar de Jerarquía de Sistema de Archivo (FHS), y"
#: en_US/KDE_3_development_platform_and_libraries.xml:44(para)
-msgid ""
-"be completely safe to install in parallel with KDE 4, including the "
-"<package>-devel</package> packages."
-msgstr ""
-"ser completamente seguro de instalar en paralelo con KDE 4, incluyendo los "
-"paquetes <package>-devel</package>."
+msgid "be completely safe to install in parallel with KDE 4, including the <package>-devel</package> packages."
+msgstr "ser completamente seguro de instalar en paralelo con KDE 4, incluyendo los paquetes <package>-devel</package>."
#: en_US/KDE_3_development_platform_and_libraries.xml:48(para)
-msgid ""
-"In order to achieve this goal, Fedora KDE SIG members have made two changes "
-"to the KDE 4 <package>kdelibs-devel</package> packages:"
-msgstr ""
-"Para llegar a esto, los miembros de Fedora KDE SIG hicieron 2 cambios a los "
-"paquetes <package>kdelibs-devel</package>:"
+msgid "In order to achieve this goal, Fedora KDE SIG members have made two changes to the KDE 4 <package>kdelibs-devel</package> packages:"
+msgstr "Para llegar a esto, los miembros de Fedora KDE SIG hicieron 2 cambios a los paquetes <package>kdelibs-devel</package>:"
#: en_US/KDE_3_development_platform_and_libraries.xml:53(para)
-msgid ""
-"The library symlinks are installed to <filename>/usr/lib/kde4/devel</"
-"filename> or <filename>/usr/lib64/kde4/devel</filename> depending on system "
-"architecture."
-msgstr ""
-"Los enlaces simbólicos de bibliotecas están instalados en <filename class="
-"\"directory\">/usr/lib/kde4/devel</filename> o <filename>/usr/lib64/kde4/"
-"devel</filename>, dependiendo de la arquitectura del sistema."
+msgid "The library symlinks are installed to <filename>/usr/lib/kde4/devel</filename> or <filename>/usr/lib64/kde4/devel</filename> depending on system architecture."
+msgstr "Los enlaces simbólicos de bibliotecas están instalados en <filename class=\"directory\">/usr/lib/kde4/devel</filename> o <filename>/usr/lib64/kde4/devel</filename>, dependiendo de la arquitectura del sistema."
#: en_US/KDE_3_development_platform_and_libraries.xml:59(para)
-msgid ""
-"The <command>kconfig_compiler</command> and <command>makekdewidgets</"
-"command> tools have been renamed <command>kconfig_compiler4</command> and "
-"<command>makekdewidgets4</command>, respectively."
-msgstr ""
-"Las herramientas <command>kconfig_compiler</command> y "
-"<command>makekdewidgets</command> han sido renombradas a "
-"<command>kconfig_compiler4</command> y <command>makekdewidgets4</command>, "
-"respectivamente."
+msgid "The <command>kconfig_compiler</command> and <command>makekdewidgets</command> tools have been renamed <command>kconfig_compiler4</command> and <command>makekdewidgets4</command>, respectively."
+msgstr "Las herramientas <command>kconfig_compiler</command> y <command>makekdewidgets</command> han sido renombradas a <command>kconfig_compiler4</command> y <command>makekdewidgets4</command>, respectivamente."
#: en_US/KDE_3_development_platform_and_libraries.xml:65(para)
-msgid ""
-"These changes should be completely transparent to the vast majority of KDE 4 "
-"applications that use <command>cmake</command> to build, since "
-"<command>FindKDE4Internal.cmake</command> has been patched to match these "
-"changes. The KDE SIG made these changes to the KDE 4 <package>kdelibs-devel</"
-"package> rather than to <package>kdelibs3-devel</package> because KDE 4 "
-"stores these locations in a central place, whereas KDE 3 applications "
-"usually contain hardcoded copies of the library search paths and executable "
-"names."
-msgstr ""
-"Estos cambios deberían ser transparentes para la mayoría de las "
-"applicaciones KDE 4 que utilizan el comando <command>cmake</command> para "
-"compilarse, ya que <filename>FindKDE4Internal.cmake</filename> ha sido "
-"parchado para que hacer estos cambios. El Grupo de Interes (SIG) de KDE ha "
-"hecho estos cambios al paquete <package>kdelibs-devel</package> de KDE 4 en "
-"lugar del de <package>kdelibs3-devel</package> ya que KDE 4 guarda estos "
-"lugares en un lugar central, mientras que las applicaciones de KDE 3 "
-"contenian copias de las rutas de las librerías y nombres de ejecutables."
+msgid "These changes should be completely transparent to the vast majority of KDE 4 applications that use <command>cmake</command> to build, since <command>FindKDE4Internal.cmake</command> has been patched to match these changes. The KDE SIG made these changes to the KDE 4 <package>kdelibs-devel</package> rather than to <package>kdelibs3-devel</package> because KDE 4 stores these locations in a central place, whereas KDE 3 applications usually contain hardcoded copies of the library search paths and executable names."
+msgstr "Estos cambios deberían ser transparentes para la mayoría de las applicaciones KDE 4 que utilizan el comando <command>cmake</command> para compilarse, ya que <filename>FindKDE4Internal.cmake</filename> ha sido parchado para que hacer estos cambios. El Grupo de Interes (SIG) de KDE ha hecho estos cambios al paquete <package>kdelibs-devel</package> de KDE 4 en lugar del de <package>kdelibs3-devel</package> ya que KDE 4 guarda estos lugares en un lugar central, mientras que las applicaciones de KDE 3 contenian copias de las rutas de las librerías y nombres de ejecutables."
#: en_US/KDE_3_development_platform_and_libraries.xml:74(para)
-msgid ""
-"Note that <package>kdebase3</package> does <emphasis>not</emphasis> include "
-"the following:"
-msgstr ""
-"Nota que <package>kdebase3</package> <emphasis>no</emphasis> incluye lo "
-"siguiente:"
+msgid "Note that <package>kdebase3</package> does <emphasis>not</emphasis> include the following:"
+msgstr "Nota que <package>kdebase3</package> <emphasis>no</emphasis> incluye lo siguiente:"
#: en_US/KDE_3_development_platform_and_libraries.xml:78(para)
-msgid ""
-"A complete KDE 3 desktop (workspace) which could be used instead of KDE 4; "
-"in particular, KDE 3 versions of KWin, KDesktop, Kicker, KSplash and "
-"KControl are <emphasis>not</emphasis> included."
-msgstr ""
-"Un escritorio KDE 3 que se puede utilizar en lugar de KDE 4; en particular, "
-"las versiones de KDE 3 de KWin, KDesktop, Kicker, KSplash y KControl "
-"<emphasis>no</emphasis> estan incluidas. "
+msgid "A complete KDE 3 desktop (workspace) which could be used instead of KDE 4; in particular, KDE 3 versions of KWin, KDesktop, Kicker, KSplash and KControl are <emphasis>not</emphasis> included."
+msgstr "Un escritorio KDE 3 que se puede utilizar en lugar de KDE 4; en particular, las versiones de KDE 3 de KWin, KDesktop, Kicker, KSplash y KControl <emphasis>no</emphasis> estan incluidas. "
#: en_US/KDE_3_development_platform_and_libraries.xml:83(para)
-msgid ""
-"The KDE 3 versions of <package>kdebase</package> applications such as "
-"<application>Konqueror</application> and <application>KWrite</application>, "
-"which are redundant with the KDE 4 versions and would conflict with them."
-msgstr ""
-"Las versiones de KDE 3 de las applicaciones de <package>kdebase</package> "
-"como Konqueror y KWrite serían redundantes ya que harían conflicto con las "
-"versiones de KDE 4. "
+msgid "The KDE 3 versions of <package>kdebase</package> applications such as <application>Konqueror</application> and <application>KWrite</application>, which are redundant with the KDE 4 versions and would conflict with them."
+msgstr "Las versiones de KDE 3 de las applicaciones de <package>kdebase</package> como Konqueror y KWrite serían redundantes ya que harían conflicto con las versiones de KDE 4. "
#: en_US/KDE_3_development_platform_and_libraries.xml:89(para)
-msgid ""
-"The <systemitem class=\"library\">libkdecorations</systemitem> library "
-"required for <application>KWin</application> 3 window decorations, as those "
-"window decorations cannot be used in the KDE 4 version of <application>KWin."
-"</application>"
-msgstr ""
-"La libreria <systemitem class=\"library\">libkdecorations</systemitem> "
-"requerida para las decoraciones KWin 3 no esta disponible ya que esas "
-"decoraciones no se pueden utilizar en la version KDE 4 de KWin"
+msgid "The <systemitem class=\"library\">libkdecorations</systemitem> library required for <application>KWin</application> 3 window decorations, as those window decorations cannot be used in the KDE 4 version of <application>KWin.</application>"
+msgstr "La libreria <systemitem class=\"library\">libkdecorations</systemitem> requerida para las decoraciones KWin 3 no esta disponible ya que esas decoraciones no se pueden utilizar en la version KDE 4 de KWin"
#: en_US/KDE_3_development_platform_and_libraries.xml:93(para)
-msgid ""
-"The <systemitem class=\"library\">libkickermain</systemitem> library "
-"required by some <application>Kicker</application> applets, as there is no "
-"<application>Kicker</application> in Fedora 10 and thus <application>Kicker</"
-"application> applets cannot be used."
-msgstr ""
-"La librería <systemitem class=\"library\">libkickermain</systemitem> "
-"requerida por algunos applets Kicker no puede ser utilizada ya que no hay "
-"Kicker en Fedora 9. "
+msgid "The <systemitem class=\"library\">libkickermain</systemitem> library required by some <application>Kicker</application> applets, as there is no <application>Kicker</application> in Fedora 10 and thus <application>Kicker</application> applets cannot be used."
+msgstr "La librería <systemitem class=\"library\">libkickermain</systemitem> requerida por algunos applets Kicker no puede ser utilizada ya que no hay Kicker en Fedora 9. "
#: en_US/KDE_3_development_platform_and_libraries.xml:101(title)
msgid "Developing new software against the legacy API is discouraged."
msgstr "Desarrollar utilizando el API Antiguio es desalentado. "
#: en_US/KDE_3_development_platform_and_libraries.xml:103(para)
-msgid ""
-"As with any backwards-compatibility library, you would be developing against "
-"a deprecated interface."
-msgstr ""
-"Como con cualquier libreria de compatibilidad hacia atrás, desarrollar nuevo "
-"software utilizando el API anterior es desalentado. "
+msgid "As with any backwards-compatibility library, you would be developing against a deprecated interface."
+msgstr "Como con cualquier libreria de compatibilidad hacia atrás, desarrollar nuevo software utilizando el API anterior es desalentado. "
#: en_US/Java.xml:6(title)
msgid "Java"
@@ -3768,196 +2050,80 @@ msgid "Best of breed free software Java implementation"
msgstr "Lo mejor de lo mejor en implementación de Java con software libre"
#: en_US/Java.xml:10(para)
-msgid ""
-"Fedora includes multiple best of breed free software Java(TM) "
-"implementations, obtained through active adoption of innovative technology "
-"integrations produced by Fedora and others within upstream projects. The "
-"implementations integrated into Fedora are based on OpenJDK (<ulink url="
-"\"http://openjdk.java.net/\"/>) and the IcedTea GNU/Linux distribution "
-"integration project (<ulink url=\"http://icedtea.classpath.org/\"/>), or "
-"based on alternatives such as the GNU Compiler for Java (GCJ - <ulink url="
-"\"http://gcc.gnu.org/java\"/> and the GNU Classpath core class libraries "
-"(<ulink url=\"http://www.gnu.org/software/classpath/\"/>). All Fedora "
-"innovations are pushed upstream to get the widest possible integration of "
-"the technologies in general Java implementations."
-msgstr ""
-"Fedora incluye varias implementaciones buenas de Java(TM) con software "
-"libre, obtenidas a través de la adopción activa de integraciones de "
-"tecnología inovativas producidas por Fedora y otros en proyectos externos. "
-"Las implementaciones integradas en Fedora están basadas en OpenJDK (<ulink "
-"url=\"http://openjdk.java.net/\"/>) y el proyecto de integración de IcedTea "
-"de la distribución GNU/Linux (<ulink url=\"http://icedtea.classpath.org/\"/"
-">), o basadas en alternativas tales como el Compilador de Java de GNU (GCJ "
-"- <ulink url=\"http://gcc.gnu.org/java\"/> y las bibliotecas de clases "
-"principales Classpath de GNU (<ulink url=\"http://www.gnu.org/software/"
-"classpath/\"/>). Todas las inovaciones de Fedora son subidas a los proyectos "
-"padres para hacer posible una más amplia integración de las tecnologías en "
-"implementaciones Java en general."
+msgid "Fedora includes multiple best of breed free software Java(TM) implementations, obtained through active adoption of innovative technology integrations produced by Fedora and others within upstream projects. The implementations integrated into Fedora are based on OpenJDK (<ulink url=\"http://openjdk.java.net/\"/>) and the IcedTea GNU/Linux distribution integration project (<ulink url=\"http://icedtea.classpath.org/\"/>), or based on alternatives such as the GNU Compiler for Java (GCJ - <ulink url=\"http://gcc.gnu.org/java\"/> and the GNU Classpath core class libraries (<ulink url=\"http://www.gnu.org/software/classpath/\"/>). All Fedora innovations are pushed upstream to get the widest possible integration of the technologies in general Java implementations."
+msgstr "Fedora incluye varias implementaciones buenas de Java(TM) con software libre, obtenidas a través de la adopción activa de integraciones de tecnología inovativas producidas por Fedora y otros en proyectos externos. Las implementaciones integradas en Fedora están basadas en OpenJDK (<ulink url=\"http://openjdk.java.net/\"/>) y el proyecto de integración de IcedTea de la distribución GNU/Linux (<ulink url=\"http://icedtea.classpath.org/\"/>), o basadas en alternativas tales como el Compilador de Java de GNU (GCJ - <ulink url=\"http://gcc.gnu.org/java\"/> y las bibliotecas de clases principales Classpath de GNU (<ulink url=\"http://www.gnu.org/software/classpath/\"/>). Todas las inovaciones de Fedora son subidas a los proyectos padres para hacer posible una más amplia integración de las tecnologías en implementaciones Java en general."
#: en_US/Java.xml:23(para)
-msgid ""
-"The implementation of OpenJDK 6 included in Fedora 10 uses the HotSpot "
-"virtual machine runtime compiler on x86, x86_64, and SPARC. On PowerPC (PPC) "
-"it uses the zero interpreter, which is slower. On all architectures an "
-"alternative implementation based on GCJ and GNU Classpath is included that "
-"includes an ahead-of-time compiler to produce native binaries."
-msgstr ""
-"La implementación OpenJDK 6 incluída en Fedora 10 usa el compilador HotSpot "
-"de tiempo de ejecución de la máquina virtual en x86, x86_64 y SPARC. En "
-"PowerPC (PPC) usa el intérprete zero, que es más lento. En todas las "
-"arquitecturas se incluye una implementación alternativa basada en GCJ y "
-"Classpath de GNU que incluye un compilador para tiempo posterior para "
-"producir binarios nativos."
+msgid "The implementation of OpenJDK 6 included in Fedora 10 uses the HotSpot virtual machine runtime compiler on x86, x86_64, and SPARC. On PowerPC (PPC) it uses the zero interpreter, which is slower. On all architectures an alternative implementation based on GCJ and GNU Classpath is included that includes an ahead-of-time compiler to produce native binaries."
+msgstr "La implementación OpenJDK 6 incluída en Fedora 10 usa el compilador HotSpot de tiempo de ejecución de la máquina virtual en x86, x86_64 y SPARC. En PowerPC (PPC) usa el intérprete zero, que es más lento. En todas las arquitecturas se incluye una implementación alternativa basada en GCJ y Classpath de GNU que incluye un compilador para tiempo posterior para producir binarios nativos."
#: en_US/Java.xml:29(para)
-msgid ""
-"Fedora binaries for selected architectures (currently only x86 and x86_64 "
-"based on OpenJDK) are tested against the Java Compatibility Kit (JCK) by Red "
-"Hat to guarantee 100% compatibility with the Java Specification (JDK 1.6 at "
-"this time)."
-msgstr ""
-"Los binarios de Fedora para las arquitecturas seleccionadas (actualmente "
-"sólo x86 y x86_64 basados en OpenJDK) fueron probadas por Red Hat con el Kit "
-"de Compatibilidad Java (JCK) para garantizar la compatibilidad 100% con la "
-"Especificación de Java (JDK 1.6 a este momento)."
+msgid "Fedora binaries for selected architectures (currently only x86 and x86_64 based on OpenJDK) are tested against the Java Compatibility Kit (JCK) by Red Hat to guarantee 100% compatibility with the Java Specification (JDK 1.6 at this time)."
+msgstr "Los binarios de Fedora para las arquitecturas seleccionadas (actualmente sólo x86 y x86_64 basados en OpenJDK) fueron probadas por Red Hat con el Kit de Compatibilidad Java (JCK) para garantizar la compatibilidad 100% con la Especificación de Java (JDK 1.6 a este momento)."
#: en_US/Java.xml:35(title)
msgid "Handling Java Applets and web start applications"
msgstr "Manejo de los Applets de Java y aplicaciones de inicio web"
#: en_US/Java.xml:36(para)
-msgid ""
-"In Fedora 10 <command>gcjwebplugin</command> has been replaced by "
-"<command>IcedTeaPlugin</command>, which runs untrusted applets safely in a "
-"Web browser and works on any architecture. You can see which Applet Plugin "
-"is installed by typing <userinput>about:plugins</userinput> in Firefox. The "
-"new plugin adds support for the JavaScript bridge (LiveConnect) that was "
-"missing from earlier versions. For more details on the bytecode-to-"
-"JavaScript bridge (LiveConnect), refer to the bug report:"
-msgstr ""
-"En Fedora 10, <command>gcjwebplugin</command> ha sido reemplazado por "
-"<command>IcedTeaPlugin</command>, que ejecuta applets sin confianza de "
-"manera segura en el navegador Web y funciona en cualquier arquitectura. "
-"Puedes ver que Plugin de Applet esta instalado escribiendo <userinput>about:"
-"plugins</userinput> en Firefox. El nuevo plugin agrega soporte para el "
-"puente de JavaScript (LiveConnect) que faltaba en versiones anteriores. Para "
-"mas detalles en el convertidor de bytecode-a-JavaScript (LiveConnect), vea "
-"el reporte: "
+msgid "In Fedora 10 <command>gcjwebplugin</command> has been replaced by <command>IcedTeaPlugin</command>, which runs untrusted applets safely in a Web browser and works on any architecture. You can see which Applet Plugin is installed by typing <userinput>about:plugins</userinput> in Firefox. The new plugin adds support for the JavaScript bridge (LiveConnect) that was missing from earlier versions. For more details on the bytecode-to-JavaScript bridge (LiveConnect), refer to the bug report:"
+msgstr "En Fedora 10, <command>gcjwebplugin</command> ha sido reemplazado por <command>IcedTeaPlugin</command>, que ejecuta applets sin confianza de manera segura en el navegador Web y funciona en cualquier arquitectura. Puedes ver que Plugin de Applet esta instalado escribiendo <userinput>about:plugins</userinput> en Firefox. El nuevo plugin agrega soporte para el puente de JavaScript (LiveConnect) que faltaba en versiones anteriores. Para mas detalles en el convertidor de bytecode-a-JavaScript (LiveConnect), vea el reporte: "
#: en_US/Java.xml:49(para)
-msgid ""
-"Feedback on the security policy is appreciated. If you suspect the security "
-"policy may be too restrictive to enable restricted applets, follow this "
-"procedure:"
-msgstr ""
-"Retroalimentación sobre la política de seguridad es agradecida. Si cree que "
-"la política de seguridad actual es muy restrictiva para habilitar applets "
-"restringidos, siga el siguiente procedimiento:"
+msgid "Feedback on the security policy is appreciated. If you suspect the security policy may be too restrictive to enable restricted applets, follow this procedure:"
+msgstr "Retroalimentación sobre la política de seguridad es agradecida. Si cree que la política de seguridad actual es muy restrictiva para habilitar applets restringidos, siga el siguiente procedimiento:"
#: en_US/Java.xml:54(para)
-msgid ""
-"Run the <command>firefox -g</command> command in a terminal window to see "
-"what is being restricted."
-msgstr ""
-"Ejecute el comando <command>firefox -g</command> en una terminal para ver "
-"qué se está restringiendo."
+msgid "Run the <command>firefox -g</command> command in a terminal window to see what is being restricted."
+msgstr "Ejecute el comando <command>firefox -g</command> en una terminal para ver qué se está restringiendo."
#: en_US/Java.xml:58(para)
-msgid ""
-"Then grant the restricted permission in the <filename>/usr/lib/jvm/java-"
-"1.6.0-openjdk-1.6.0.0/jre/lib/security/java.policy</filename> file."
-msgstr ""
-"Despues otorga el permiso restringido en el archivo <filename>/usr/lib/jvm/"
-"java-1.6.0-openjdk-1.6.0.0/jre/lib/security/java.policy</filename>."
+msgid "Then grant the restricted permission in the <filename>/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/security/java.policy</filename> file."
+msgstr "Despues otorga el permiso restringido en el archivo <filename>/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/security/java.policy</filename>."
#: en_US/Java.xml:63(para)
-msgid ""
-"File a bug report, so your exception can be included in the packaged "
-"security policy. Packaging these exceptions allows system owners to avoid "
-"having to hack the policy file in the future."
-msgstr ""
-"Informe un error, para que su excepción sea incluída en la política de "
-"seguridad empaquetada. El empaquetado de estas excepciones le permite a los "
-"dueños de sistemas evitar tener que entrar en profundo en el archivo de "
-"políticas en el futuro."
+msgid "File a bug report, so your exception can be included in the packaged security policy. Packaging these exceptions allows system owners to avoid having to hack the policy file in the future."
+msgstr "Informe un error, para que su excepción sea incluída en la política de seguridad empaquetada. El empaquetado de estas excepciones le permite a los dueños de sistemas evitar tener que entrar en profundo en el archivo de políticas en el futuro."
#: en_US/Java.xml:70(para)
-msgid ""
-"Experimental Web Start (<command>javaws</command>) support via NetX has been "
-"added to the IcedTea repository. When a Java Network Launching Protocol "
-"(<filename>.jnlp</filename>) file is embedded on a web page you can open it "
-"with the IcedTea Web Start (<filename>/usr/bin/javaws</filename>). For more "
-"information on NetX, refer to:"
-msgstr ""
-"El soporte de Inicio Web Experimental (<command>javaws</command>) vía NetX "
-"ha sido agregado al repositorio IcedTea. Cuando un archivo del Protocolo de "
-"Lanzamiento de Red de Java (<filename>.jnlp</filename>) está incrustado en "
-"una página web, lo puede abrir con el Inicio Web de IcedTea (<filename>/usr/"
-"bin/javaws</filename>). Para más información sobre NetX vaya a:"
+msgid "Experimental Web Start (<command>javaws</command>) support via NetX has been added to the IcedTea repository. When a Java Network Launching Protocol (<filename>.jnlp</filename>) file is embedded on a web page you can open it with the IcedTea Web Start (<filename>/usr/bin/javaws</filename>). For more information on NetX, refer to:"
+msgstr "El soporte de Inicio Web Experimental (<command>javaws</command>) vía NetX ha sido agregado al repositorio IcedTea. Cuando un archivo del Protocolo de Lanzamiento de Red de Java (<filename>.jnlp</filename>) está incrustado en una página web, lo puede abrir con el Inicio Web de IcedTea (<filename>/usr/bin/javaws</filename>). Para más información sobre NetX vaya a:"
#: en_US/Java.xml:82(title)
msgid "New integration with other Fedora technologies"
msgstr "Nueva integración con otras tecnologías de Fedora"
#: en_US/Java.xml:83(para)
-msgid ""
-"Through the IcedTea project, OpenJDK has been integrated with several new "
-"technologies that are also part of Fedora 10."
-msgstr ""
-"A pesar del Proyecto IcedTea, OpenJDK ha sido integrado con varias nuevas "
-"tecnologías que también son parte de Fedora 10."
+msgid "Through the IcedTea project, OpenJDK has been integrated with several new technologies that are also part of Fedora 10."
+msgstr "A pesar del Proyecto IcedTea, OpenJDK ha sido integrado con varias nuevas tecnologías que también son parte de Fedora 10."
#: en_US/Java.xml:86(title)
msgid "VisualVM integration through the NetBeans framework"
msgstr "Integración con VisualVM a través del marco de trabajo NetBeans"
#: en_US/Java.xml:87(para)
-msgid ""
-"VisualVM (<command>jvisualvm</command>) provides a graphical overview of any "
-"local or remotely running Java application, letting you monitor all running "
-"threads, classes, and objects allocated by the application by taking thread "
-"dumps, heap dumps, and other lightweight profiling tools."
-msgstr ""
-"La VisualVM (<command>jvisualvm</command>) provee un repaso gráfico de "
-"cualquier aplicación Java que se ejecute local o remotamente, perimitiéndole "
-"monitorear todos los hilos de ejecución, las clases y objetos asignados por "
-"la aplicación mediante el volcado de los hilos de ejecución, el volcado de "
-"la memoria dinámica y otras herramientas livianas de perfilado."
+msgid "VisualVM (<command>jvisualvm</command>) provides a graphical overview of any local or remotely running Java application, letting you monitor all running threads, classes, and objects allocated by the application by taking thread dumps, heap dumps, and other lightweight profiling tools."
+msgstr "La VisualVM (<command>jvisualvm</command>) provee un repaso gráfico de cualquier aplicación Java que se ejecute local o remotamente, perimitiéndole monitorear todos los hilos de ejecución, las clases y objetos asignados por la aplicación mediante el volcado de los hilos de ejecución, el volcado de la memoria dinámica y otras herramientas livianas de perfilado."
#: en_US/Java.xml:94(title)
msgid "PulseAudio integration for <package>javax.sound</package>"
msgstr "Integración con PulseAudio de <package>javax.sound</package>"
#: en_US/Java.xml:96(para)
-msgid ""
-"PulseAudio integrations provides all the benefits of PulseAudio to any java "
-"application using the <package>javax.sound</package> package."
-msgstr ""
-"Las integraciones con PulseAudio proveen todos los beneficios de PulseAudio "
-"a cualquier aplicación java que use el paquete <package>javax.sound</"
-"package>."
+msgid "PulseAudio integrations provides all the benefits of PulseAudio to any java application using the <package>javax.sound</package> package."
+msgstr "Las integraciones con PulseAudio proveen todos los beneficios de PulseAudio a cualquier aplicación java que use el paquete <package>javax.sound</package>."
#: en_US/Java.xml:101(title)
msgid "Integration of Mozilla Rhino - JavaScript"
msgstr "Integración de Mozilla Rhino - JavaScript"
#: en_US/Java.xml:102(para)
-msgid ""
-"Rhino is a pure-Java JavaScript implementation from Mozilla providing an "
-"easy mixing of Java and JavaScript for developers using the <package>javax."
-"script</package> package."
-msgstr ""
-"Rhino es una implementación de en Java de JavaScript hecha por Mozilla, que "
-"provee una mezcla cómoda de Java y JavaScript para los desarrolladores que "
-"usen el paquete <package>javax.script</package>."
+msgid "Rhino is a pure-Java JavaScript implementation from Mozilla providing an easy mixing of Java and JavaScript for developers using the <package>javax.script</package> package."
+msgstr "Rhino es una implementación de en Java de JavaScript hecha por Mozilla, que provee una mezcla cómoda de Java y JavaScript para los desarrolladores que usen el paquete <package>javax.script</package>."
#: en_US/Java.xml:109(para)
-msgid ""
-"Also in Fedora 10 Java cryptography (<package>javax.crypto</package>) is "
-"fully supported without any (regional) restrictions."
-msgstr ""
-"También en Fedora 10 está completamente soportado la criptografía Java "
-"(<package>javax.crypto</package>) sin ninguna restricción (regional)."
+msgid "Also in Fedora 10 Java cryptography (<package>javax.crypto</package>) is fully supported without any (regional) restrictions."
+msgstr "También en Fedora 10 está completamente soportado la criptografía Java (<package>javax.crypto</package>) sin ninguna restricción (regional)."
#: en_US/Java.xml:115(title)
msgid "Fedora and JPackage"
@@ -3968,64 +2134,28 @@ msgid "Fedora 10 includes many packages derived from the JPackage Project."
msgstr "Fedora 10 incluye muchos paquetes derivados del Proyecto JPackage."
#: en_US/Java.xml:121(para)
-msgid ""
-"Some of these packages are modified in Fedora to remove proprietary software "
-"dependencies, and to make use of GCJ's ahead-of-time compilation feature. "
-"Use the Fedora repositories to update these packages, or use the JPackage "
-"repository for packages not provided by Fedora. Refer to the JPackage "
-"website for more information about the project and the software it provides."
-msgstr ""
-"Alguno de estos paquetes son modificados en Fedora para eliminar dependencia "
-"con software propietario y para usar la característica de compilación "
-"posterior de GCJ. Use los repositorios de Fedora para actualizar estos "
-"paquetes, o use el repositorio de JPackage para los paquetes no provistos "
-"por Fedora. Vaya al sitio web de JPackage para más información del proyecto "
-"y del software que éste provee."
+msgid "Some of these packages are modified in Fedora to remove proprietary software dependencies, and to make use of GCJ's ahead-of-time compilation feature. Use the Fedora repositories to update these packages, or use the JPackage repository for packages not provided by Fedora. Refer to the JPackage website for more information about the project and the software it provides."
+msgstr "Alguno de estos paquetes son modificados en Fedora para eliminar dependencia con software propietario y para usar la característica de compilación posterior de GCJ. Use los repositorios de Fedora para actualizar estos paquetes, o use el repositorio de JPackage para los paquetes no provistos por Fedora. Vaya al sitio web de JPackage para más información del proyecto y del software que éste provee."
#: en_US/Java.xml:128(title)
msgid "Mixing Packages from Fedora and JPackage"
msgstr "Mezclando Paquetes desde Fedora y JPackage"
#: en_US/Java.xml:129(para)
-msgid ""
-"Research package compatibility before you install software from both the "
-"Fedora and JPackage repositories on the same system. Incompatible packages "
-"may cause complex issues."
-msgstr ""
-"Investigue la compatibilidad de paquetes antes de instalar el software en "
-"ambos repositorios, el de Fedora y el de JPackage en el mismo sistema. Los "
-"paquetes incompatibles puede causar problemas complejos."
+msgid "Research package compatibility before you install software from both the Fedora and JPackage repositories on the same system. Incompatible packages may cause complex issues."
+msgstr "Investigue la compatibilidad de paquetes antes de instalar el software en ambos repositorios, el de Fedora y el de JPackage en el mismo sistema. Los paquetes incompatibles puede causar problemas complejos."
#: en_US/Java.xml:135(title)
msgid "Note on upgrading from Fedora 8 - OpenJDK Replaces IcedTea"
msgstr "Nota sobre actualización desde Fedora 8 - OpenJDK reemplaza a IcedTea"
#: en_US/Java.xml:136(para)
-msgid ""
-"Since Fedora 9 the packages called <package>java-1.7.0-icedtea*</package> in "
-"Fedora 8 have been renamed to <package>java-1.6.0-openjdk*</package>. The "
-"Fedora 8 IcedTea packages tracked the unstable OpenJDK 7 branch, whereas the "
-"<package>java-1.6.0-openjdk*</package> packages track the stable OpenJDK 6 "
-"branch. All the upstream IcedTea sources are included in the <package>java-"
-"1.6.0-openjdk</package> SRPM."
-msgstr ""
-"Dado a que en Fedora 9 los paquetes llamados <filename>java-1.7.0-icedtea*</"
-"filename> en Fedora 8 se renombraron a <filename>java-1.6.0-openjdk*</"
-"filename>. En Fedora 8 los paquetes de IcedTea seguían a la rama inestable "
-"OpenJDK 7, mientras que los paquetes <filename>java-1.6.0-openjdk*</"
-"filename> siguen a la rama estable OpenJDK 6. Todas las fuentes del proyecto "
-"IcedTea se incluyen en el SRPM <package>java-1.6.0-openjdk</package>."
+msgid "Since Fedora 9 the packages called <package>java-1.7.0-icedtea*</package> in Fedora 8 have been renamed to <package>java-1.6.0-openjdk*</package>. The Fedora 8 IcedTea packages tracked the unstable OpenJDK 7 branch, whereas the <package>java-1.6.0-openjdk*</package> packages track the stable OpenJDK 6 branch. All the upstream IcedTea sources are included in the <package>java-1.6.0-openjdk</package> SRPM."
+msgstr "Dado a que en Fedora 9 los paquetes llamados <filename>java-1.7.0-icedtea*</filename> en Fedora 8 se renombraron a <filename>java-1.6.0-openjdk*</filename>. En Fedora 8 los paquetes de IcedTea seguían a la rama inestable OpenJDK 7, mientras que los paquetes <filename>java-1.6.0-openjdk*</filename> siguen a la rama estable OpenJDK 6. Todas las fuentes del proyecto IcedTea se incluyen en el SRPM <package>java-1.6.0-openjdk</package>."
#: en_US/Java.xml:143(para)
-msgid ""
-"If you are upgrading from a system based on Fedora 8 that still has IcedTea "
-"installed, the package changeover does not happen automatically. The "
-"packages related to IcedTea based on OpenJDK 7 must first be erased, then "
-"the new OpenJDK 6 packages installed."
-msgstr ""
-"Si IcedTea ya está instalado, el cambio de paquetes no se realiza "
-"automáticamente. Los paquetes relacionados a IcedTea basados en OpenJDK 7 "
-"deben ser borrados primero, y luego instalarse los nuevos paquetes OpenJDK 6."
+msgid "If you are upgrading from a system based on Fedora 8 that still has IcedTea installed, the package changeover does not happen automatically. The packages related to IcedTea based on OpenJDK 7 must first be erased, then the new OpenJDK 6 packages installed."
+msgstr "Si IcedTea ya está instalado, el cambio de paquetes no se realiza automáticamente. Los paquetes relacionados a IcedTea basados en OpenJDK 7 deben ser borrados primero, y luego instalarse los nuevos paquetes OpenJDK 6."
#: en_US/Java.xml:149(userinput)
#, no-wrap
@@ -4041,18 +2171,8 @@ msgid "Introduction to Fedora Project and technical release notes"
msgstr "Introducción al Proyecto Fedora y las notas técnicas del lanzamiento"
#: en_US/Introduction_to_Fedora_Project_and_technical_release_notes.xml:7(para)
-msgid ""
-"The Fedora Project is an openly-developed project designed by Red Hat, open "
-"for general participation, led by a meritocracy, and following a set of "
-"project objectives. The results from this project include Fedora Core, which "
-"is a complete, general-purpose operating system built exclusively from open "
-"source software."
-msgstr ""
-"El Proyecto Fedora es un proyecto diseñado por Red Hat, desarrollado "
-"abiertamente, para la participación general, conducido por una meritocracia "
-"y que sigue un conjunto de objetivos de proyecto. Los resultados de este "
-"proyecto incluyen Fedora Core, que es un sistema operativo de propósito "
-"general completo, construído exclusivamente con software de código abierto."
+msgid "The Fedora Project is an openly-developed project designed by Red Hat, open for general participation, led by a meritocracy, and following a set of project objectives. The results from this project include Fedora Core, which is a complete, general-purpose operating system built exclusively from open source software."
+msgstr "El Proyecto Fedora es un proyecto diseñado por Red Hat, desarrollado abiertamente, para la participación general, conducido por una meritocracia y que sigue un conjunto de objetivos de proyecto. Los resultados de este proyecto incluyen Fedora Core, que es un sistema operativo de propósito general completo, construído exclusivamente con software de código abierto."
#: en_US/Introduction_to_Fedora_Project_and_technical_release_notes.xml:13(title)
msgid "Fedora is a community supported project"
@@ -4067,25 +2187,12 @@ msgid "For more information, refer to <xref linkend=\"sn-Fedora_Project\"/>."
msgstr "Para más información, vaya a <xref linkend=\"sn-Fedora_Project\"/>."
#: en_US/Introduction_to_Fedora_Project_and_technical_release_notes.xml:18(para)
-msgid ""
-"Additional important information about this release may be made available at "
-"<ulink url=\"http://docs.fedoraproject.org/release-notes/\"/>. Users are "
-"advised to check this link regularly for updates."
-msgstr ""
-"Información adicional importante acerca de este lanzamiento puede estar "
-"disponible en <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/"
-">. Se recomienda a los usuarios chequear este enlace regularmente, para "
-"estar al tanto de los cambios."
+msgid "Additional important information about this release may be made available at <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/>. Users are advised to check this link regularly for updates."
+msgstr "Información adicional importante acerca de este lanzamiento puede estar disponible en <ulink url=\"http://docs.fedoraproject.org/release-notes/\"/>. Se recomienda a los usuarios chequear este enlace regularmente, para estar al tanto de los cambios."
#: en_US/Introduction_to_Fedora_Project_and_technical_release_notes.xml:22(para)
-msgid ""
-"For reporting errors or other requests about these release notes, file a bug "
-"report using this pre-filled bugzilla template: <ulink url=\"http://tinyurl."
-"com/byvk2\"/>"
-msgstr ""
-"Para informar errores u otros pedidos acerca de estas notas del lanzamiento, "
-"envíe un error usando este template de bugzilla prellenado: <ulink url="
-"\"http://tinyurl.com/byvk2\"/>"
+msgid "For reporting errors or other requests about these release notes, file a bug report using this pre-filled bugzilla template: <ulink url=\"http://tinyurl.com/byvk2\"/>"
+msgstr "Para informar errores u otros pedidos acerca de estas notas del lanzamiento, envíe un error usando este template de bugzilla prellenado: <ulink url=\"http://tinyurl.com/byvk2\"/>"
#: en_US/International_language_support.xml:6(title)
msgid "International language support"
@@ -4093,55 +2200,31 @@ msgstr "Soporte de idioma internacional"
#: en_US/International_language_support.xml:7(para)
msgid "This section includes information on language support under Fedora."
-msgstr ""
-"Esta sección incluye información en el soporte de lenguajes bajo Fedora."
+msgstr "Esta sección incluye información en el soporte de lenguajes bajo Fedora."
#: en_US/International_language_support.xml:11(para)
-msgid ""
-"Localization (translation) of Fedora is coordinated by the Fedora "
-"Localization Project -- <ulink url=\"http://fedoraproject.org/wiki/L10N\"/>"
-msgstr ""
-"La regionalización (traducción) de Fedora es coordinado por el Proyecto de "
-"Regionalización de Fedora -- <ulink url=\"http://fedoraproject.org/wiki/L10N"
-"\"/>"
+msgid "Localization (translation) of Fedora is coordinated by the Fedora Localization Project -- <ulink url=\"http://fedoraproject.org/wiki/L10N\"/>"
+msgstr "La regionalización (traducción) de Fedora es coordinado por el Proyecto de Regionalización de Fedora -- <ulink url=\"http://fedoraproject.org/wiki/L10N\"/>"
#: en_US/International_language_support.xml:16(para)
-msgid ""
-"Internationalization of Fedora is maintained by the Fedora I18n Project -- "
-"<ulink url=\"http://fedoraproject.org/wiki/I18N\"/>"
-msgstr ""
-"La internacionalización de Fedora es mantenido por el Proyecto I18n de "
-"Fedora -- <ulink url=\"http://fedoraproject.org/wiki/I18N\"/>"
+msgid "Internationalization of Fedora is maintained by the Fedora I18n Project -- <ulink url=\"http://fedoraproject.org/wiki/I18N\"/>"
+msgstr "La internacionalización de Fedora es mantenido por el Proyecto I18n de Fedora -- <ulink url=\"http://fedoraproject.org/wiki/I18N\"/>"
#: en_US/International_language_support.xml:23(title)
msgid "Language coverage"
msgstr "Cobertura de Idiomas"
#: en_US/International_language_support.xml:24(para)
-msgid ""
-"Fedora features a variety of software that is translated in many languages. "
-"For a list of languages refer to the translation statistics for the "
-"<application>Anaconda</application> module, which is one of the core "
-"software applications in Fedora."
-msgstr ""
-"Fedora tiene una variedad de software que se traduce a muchos idiomas. Para "
-"una lista de los idiomas vaya a las estadísticas de traducción del módulo "
-"<application>Anaconda</application>, que es una de las aplicaciones "
-"principales de Fedora."
+msgid "Fedora features a variety of software that is translated in many languages. For a list of languages refer to the translation statistics for the <application>Anaconda</application> module, which is one of the core software applications in Fedora."
+msgstr "Fedora tiene una variedad de software que se traduce a muchos idiomas. Para una lista de los idiomas vaya a las estadísticas de traducción del módulo <application>Anaconda</application>, que es una de las aplicaciones principales de Fedora."
#: en_US/International_language_support.xml:41(title)
msgid "Language support installation"
msgstr "Instalación de soporte de Idiomas"
#: en_US/International_language_support.xml:42(para)
-msgid ""
-"To install langpacks and additional language support from the "
-"<menuchoice><guimenuitem>Languages</guimenuitem></menuchoice> group, run "
-"this command:"
-msgstr ""
-"Para instalar paquetes de idioma y soporte de idioma adicional del grupo "
-"<menuchoice><guimenuitem>Idiomas</guimenuitem></menuchoice>, ejecute este "
-"comando:"
+msgid "To install langpacks and additional language support from the <menuchoice><guimenuitem>Languages</guimenuitem></menuchoice> group, run this command:"
+msgstr "Para instalar paquetes de idioma y soporte de idioma adicional del grupo <menuchoice><guimenuitem>Idiomas</guimenuitem></menuchoice>, ejecute este comando:"
#: en_US/International_language_support.xml:47(userinput)
#, no-wrap
@@ -4153,147 +2236,72 @@ msgstr ""
"\t <language>-support'"
#: en_US/International_language_support.xml:50(para)
-msgid ""
-"In the command above, <userinput><language></userinput> is the actual "
-"language name, such as <userinput>assamese</userinput>, <userinput>bengali</"
-"userinput>, <userinput>chinese</userinput>, and so on."
-msgstr ""
-"En el comando de arriba, <userinput><language></userinput> es el "
-"nombre del idioma actual, por ejemplo, <userinput>assamese</userinput>, "
-"<userinput>bengali</userinput>, <userinput>chinese</userinput>, y demás."
+msgid "In the command above, <userinput><language></userinput> is the actual language name, such as <userinput>assamese</userinput>, <userinput>bengali</userinput>, <userinput>chinese</userinput>, and so on."
+msgstr "En el comando de arriba, <userinput><language></userinput> es el nombre del idioma actual, por ejemplo, <userinput>assamese</userinput>, <userinput>bengali</userinput>, <userinput>chinese</userinput>, y demás."
#: en_US/International_language_support.xml:55(para)
-msgid ""
-"SCIM users upgrading from earlier releases of Fedora are strongly urged to "
-"install <package>scim-bridge-gtk</package>, which works well with third-"
-"party C++ applications linked against older versions of <package>libstdc++</"
-"package>."
-msgstr ""
-"Para los usuarios de SCIM que actualizan desde versiones anteriores de "
-"Fedora, se recomienda que instalen <package>scim-bridge-gtk</package>, que "
-"funciona bien con aplicaciones C++ de terceros que hayan sido encadenadas "
-"con versiones más viejas de <systemitem class=\"library\">libstdc++</"
-"systemitem>."
+msgid "SCIM users upgrading from earlier releases of Fedora are strongly urged to install <package>scim-bridge-gtk</package>, which works well with third-party C++ applications linked against older versions of <package>libstdc++</package>."
+msgstr "Para los usuarios de SCIM que actualizan desde versiones anteriores de Fedora, se recomienda que instalen <package>scim-bridge-gtk</package>, que funciona bien con aplicaciones C++ de terceros que hayan sido encadenadas con versiones más viejas de <systemitem class=\"library\">libstdc++</systemitem>."
#: en_US/International_language_support.xml:61(title)
msgid "Transifex"
msgstr "Transifex"
#: en_US/International_language_support.xml:62(para)
-msgid ""
-"Transifex is Fedora's online tool to facilitate contributing translations to "
-"projects hosted on remote and disparate version control systems. Many of the "
-"core packages use Transifex to receive translations from numerous "
-"contributors."
-msgstr ""
-"Transifex es la herramienta en línea de Fedora para facilitar la "
-"contribución de traducciones de proyectos almacenados en sistemas remotos "
-"con diversos modos de control de versión. Muchos de los paquetes principales "
-"usan Transifex para recibir las traducciones de numerosos contribuyentes."
+msgid "Transifex is Fedora's online tool to facilitate contributing translations to projects hosted on remote and disparate version control systems. Many of the core packages use Transifex to receive translations from numerous contributors."
+msgstr "Transifex es la herramienta en línea de Fedora para facilitar la contribución de traducciones de proyectos almacenados en sistemas remotos con diversos modos de control de versión. Muchos de los paquetes principales usan Transifex para recibir las traducciones de numerosos contribuyentes."
#: en_US/International_language_support.xml:69(para)
-msgid ""
-"Through a combination of new web tools (<ulink url=\"http://translate."
-"fedoraproject.org\"/>), community growth, and better processes, translators "
-"can contribute directly to any upstream project through one translator-"
-"oriented web interface. Developers of projects with no existing translation "
-"community can easily reach out to Fedora's established community for "
-"translations. In turn, translators can reach out to numerous projects "
-"related to Fedora to easily contribute translations."
-msgstr ""
-"A través de una combinación de nuevas herramientas web (<ulink url=\"http://"
-"translate.fedoraproject.org/\"/>), crecimiento de la comunidad y mejores "
-"procesos, los traductores ahora pueden contribuir directamente a cualquier "
-"proyecto externo, a través de una interfase Web orientada al traductor. Los "
-"desarrolladores de proyectos que no tienen una comunidad de traducción, "
-"puede fácilmente alcanzar a la comunidad establecida de Fedora para las "
-"traducciones. A su vez, los traductores pueden llegar a numerosos proyectos "
-"relacionados a Fedora para contribuir con traducciones fácilmente."
+msgid "Through a combination of new web tools (<ulink url=\"http://translate.fedoraproject.org\"/>), community growth, and better processes, translators can contribute directly to any upstream project through one translator-oriented web interface. Developers of projects with no existing translation community can easily reach out to Fedora's established community for translations. In turn, translators can reach out to numerous projects related to Fedora to easily contribute translations."
+msgstr "A través de una combinación de nuevas herramientas web (<ulink url=\"http://translate.fedoraproject.org/\"/>), crecimiento de la comunidad y mejores procesos, los traductores ahora pueden contribuir directamente a cualquier proyecto externo, a través de una interfase Web orientada al traductor. Los desarrolladores de proyectos que no tienen una comunidad de traducción, puede fácilmente alcanzar a la comunidad establecida de Fedora para las traducciones. A su vez, los traductores pueden llegar a numerosos proyectos relacionados a Fedora para contribuir con traducciones fácilmente."
#: en_US/International_language_support.xml:84(title)
msgid "Fonts"
msgstr "Fuentes"
#: en_US/International_language_support.xml:85(para)
-msgid ""
-"Fonts for most languages are installed by default on the desktop to give "
-"good default language coverage."
-msgstr ""
-"Las fuentes para todos los idiomas disponibles fueron instalados en la "
-"configuración por defecto para dar buena covertura de idiomas."
+msgid "Fonts for most languages are installed by default on the desktop to give good default language coverage."
+msgstr "Las fuentes para todos los idiomas disponibles fueron instalados en la configuración por defecto para dar buena covertura de idiomas."
#: en_US/International_language_support.xml:88(title)
msgid "Default language for Han Unification"
msgstr "Idioma predeterminado para Unificación Han"
#: en_US/International_language_support.xml:89(para)
-msgid ""
-"When not using an Asian locale in GTK-based applications, Chinese characters "
-"(that is, Chinese Hanzi, Japanese Kanji, or Korean Hanja) may render with a "
-"mixture of Chinese, Japanese, and Korean fonts depending on the text. This "
-"happens when Pango does not have sufficient context to know which language "
-"is being used. The current default font configuration seems to prefer "
-"Chinese fonts. If you normally want to use Japanese or Korean say, you can "
-"tell Pango to use it by default by setting the <envar>PANGO_LANGUAGE</envar> "
-"environment variable. For example ..."
-msgstr ""
-"Cuando no se usa una región asiática en las aplicaciones basadas en GTK, los "
-"caracteres en chino (es decir, Hanzi chino, Kanki japonés o Hanja coreano) "
-"pueden renderizarse a una mezcla de fuentes en chino, japonés y coreano, "
-"dependiendo del texto. Esto sucede cuando Pango no tiene suficiente contexto "
-"para saber qué idioma se está usando. La configuración de fuente "
-"predeterminada actual parece preferir las fuentes en Chino. Si usted quiere "
-"usar normalmente japonés o coreano, le puede decir a Pango que las use por "
-"defecto poniendo la variable del entorno <envar>PANGO_LANGUAGE</envar>. Por "
-"ejemplo ..."
+msgid "When not using an Asian locale in GTK-based applications, Chinese characters (that is, Chinese Hanzi, Japanese Kanji, or Korean Hanja) may render with a mixture of Chinese, Japanese, and Korean fonts depending on the text. This happens when Pango does not have sufficient context to know which language is being used. The current default font configuration seems to prefer Chinese fonts. If you normally want to use Japanese or Korean say, you can tell Pango to use it by default by setting the <envar>PANGO_LANGUAGE</envar> environment variable. For example ..."
+msgstr "Cuando no se usa una región asiática en las aplicaciones basadas en GTK, los caracteres en chino (es decir, Hanzi chino, Kanki japonés o Hanja coreano) pueden renderizarse a una mezcla de fuentes en chino, japonés y coreano, dependiendo del texto. Esto sucede cuando Pango no tiene suficiente contexto para saber qué idioma se está usando. La configuración de fuente predeterminada actual parece preferir las fuentes en Chino. Si usted quiere usar normalmente japonés o coreano, le puede decir a Pango que las use por defecto poniendo la variable del entorno <envar>PANGO_LANGUAGE</envar>. Por ejemplo ..."
#: en_US/International_language_support.xml:100(envar)
msgid "export PANGO_LANGUAGE=ja"
msgstr "export PANGO_LANGUAGE=ja"
#: en_US/International_language_support.xml:102(para)
-msgid ""
-"... tells Pango rendering to assume Japanese text when it has no other "
-"indications."
-msgstr ""
-"... le dice a Pango que asuma texto japonés cuando no tiene otros "
-"indicadores."
+msgid "... tells Pango rendering to assume Japanese text when it has no other indications."
+msgstr "... le dice a Pango que asuma texto japonés cuando no tiene otros indicadores."
#: en_US/International_language_support.xml:106(title)
msgid "Japanese"
msgstr "Japonés"
#: en_US/International_language_support.xml:107(para)
-msgid ""
-"The <package>fonts-japanese</package> package has been renamed to "
-"<package>japanese-bitmap-fonts</package>."
-msgstr ""
-"El paquete <package>fonts-japanese</package> se ha renombrado a "
-"<package>japanese-bitmap-fonts</package>."
+msgid "The <package>fonts-japanese</package> package has been renamed to <package>japanese-bitmap-fonts</package>."
+msgstr "El paquete <package>fonts-japanese</package> se ha renombrado a <package>japanese-bitmap-fonts</package>."
#: en_US/International_language_support.xml:111(title)
msgid "Khmer"
msgstr "Khmer"
#: en_US/International_language_support.xml:112(para)
-msgid ""
-"Khmer OS Fonts <package>khmeros-fonts</package> have been added to Fedora "
-"for Khmer coverage in this release."
-msgstr ""
-"Las fuentes Khmer OS Fonts <package>khmeros-fonts</package> se agregaron "
-"para la cobertura de Khmer en este lanzamiento."
+msgid "Khmer OS Fonts <package>khmeros-fonts</package> have been added to Fedora for Khmer coverage in this release."
+msgstr "Las fuentes Khmer OS Fonts <package>khmeros-fonts</package> se agregaron para la cobertura de Khmer en este lanzamiento."
#: en_US/International_language_support.xml:116(title)
msgid "Korean"
msgstr "Coreano"
#: en_US/International_language_support.xml:117(para)
-msgid ""
-"The <package>un-core-fonts</package> packages replaces <package>baekmuk-ttf-"
-"fonts</package> as the new Hangul default fonts."
-msgstr ""
-"El paquete <package>un-core-fonts</package> reemplaza a <package>baekmuk-ttf-"
-"fonts</package> como las nuevas fuentes predeterminada de Hangul."
+msgid "The <package>un-core-fonts</package> packages replaces <package>baekmuk-ttf-fonts</package> as the new Hangul default fonts."
+msgstr "El paquete <package>un-core-fonts</package> reemplaza a <package>baekmuk-ttf-fonts</package> como las nuevas fuentes predeterminada de Hangul."
#: en_US/International_language_support.xml:122(title)
msgid "Complete list of changes"
@@ -4301,107 +2309,47 @@ msgstr "Lista completa de cambios"
#: en_US/International_language_support.xml:123(para)
msgid "All fonts changes are listed on their dedicated page:"
-msgstr ""
-"Todos los cambios en las fuentes están listados en su página correspondiente:"
+msgstr "Todos los cambios en las fuentes están listados en su página correspondiente:"
#: en_US/International_language_support.xml:129(title)
msgid "Fonts in Fedora Linux"
msgstr "Fuentes en Fedora Linux"
#: en_US/International_language_support.xml:130(para)
-msgid ""
-"The Fonts SIG (<ulink url=\"http://fedoraproject.org/wiki/Fonts_SIG\"/>) "
-"takes loving care of Fedora Linux fonts (<ulink url=\"http://fedoraproject."
-"org/wiki/Fonts\"/>). Please join this special interest group if you are "
-"interested in creating, improving, packaging, or just suggesting a font. Any "
-"help is appreciated."
-msgstr ""
-"El SIG de Fuentes (<ulink url=\"http://fedoraproject.org/wiki/Fonts_SIG\"/>) "
-"toma especial cuidado de las fuentes de Linux Fedora (<ulink url=\"http://"
-"fedoraproject.org/wiki/Fonts\"/>). Por favor, únase a este grupo de interés "
-"especial si está interesado en crear, mejorar, empaquetar o simplemente "
-"sugerir una fuente. Toda ayuda es apreciada."
+msgid "The Fonts SIG (<ulink url=\"http://fedoraproject.org/wiki/Fonts_SIG\"/>) takes loving care of Fedora Linux fonts (<ulink url=\"http://fedoraproject.org/wiki/Fonts\"/>). Please join this special interest group if you are interested in creating, improving, packaging, or just suggesting a font. Any help is appreciated."
+msgstr "El SIG de Fuentes (<ulink url=\"http://fedoraproject.org/wiki/Fonts_SIG\"/>) toma especial cuidado de las fuentes de Linux Fedora (<ulink url=\"http://fedoraproject.org/wiki/Fonts\"/>). Por favor, únase a este grupo de interés especial si está interesado en crear, mejorar, empaquetar o simplemente sugerir una fuente. Toda ayuda es apreciada."
#: en_US/International_language_support.xml:153(title)
msgid "Input Methods"
msgstr "Métodos de Entrada"
#: en_US/International_language_support.xml:154(para)
-msgid ""
-"There is a new <command>yum</command> group called <package>input-methods</"
-"package> and <firstterm>input methods</firstterm> for many languages are now "
-"installed by default. This allows turning on the default input method system "
-"and immediately having the standard input methods for most languages "
-"available. It also brings normal installs in line with Fedora Live."
-msgstr ""
-"Hay un nuego grupo <command>yum</command> llamado <package>input-methods</"
-"package> y <firstterm>input methods</firstterm> para muchos idiomas que "
-"ahora se instalan por defecto. Esto permite poner el método de entrada por "
-"defecto en el sistema e inmediatamente tener los métodos de entradas "
-"estándares para la mayoría de los idiomas disponibles. También pone a las "
-"instalaciones normales a la par de Fedora Vivo."
+msgid "There is a new <command>yum</command> group called <package>input-methods</package> and <firstterm>input methods</firstterm> for many languages are now installed by default. This allows turning on the default input method system and immediately having the standard input methods for most languages available. It also brings normal installs in line with Fedora Live."
+msgstr "Hay un nuego grupo <command>yum</command> llamado <package>input-methods</package> y <firstterm>input methods</firstterm> para muchos idiomas que ahora se instalan por defecto. Esto permite poner el método de entrada por defecto en el sistema e inmediatamente tener los métodos de entradas estándares para la mayoría de los idiomas disponibles. También pone a las instalaciones normales a la par de Fedora Vivo."
#: en_US/International_language_support.xml:162(title)
msgid "im-chooser and imsettings"
msgstr "im-chooser y imsettings"
#: en_US/International_language_support.xml:163(para)
-msgid ""
-"It is now possible to start and stop the use of input methods during runtime "
-"thanks to the <command>imsettings</command> framework. The "
-"<envar>GTK_IM_MODULE</envar> environment variable is no longer needed by "
-"default but can still be used to override the <command>imsettings</command>."
-msgstr ""
-"Ahora es posible iniciar y detener los Métodos de Entrada, gracias al marco "
-"de trabajo <emphasis>imsettings</emphasis>. La variable del entorno "
-"<envar>GTK_IM_MODULE</envar> ya no es necesaria por defecto y todavía se "
-"puede usar para superponerse a <command>imsettings</command>."
+msgid "It is now possible to start and stop the use of input methods during runtime thanks to the <command>imsettings</command> framework. The <envar>GTK_IM_MODULE</envar> environment variable is no longer needed by default but can still be used to override the <command>imsettings</command>."
+msgstr "Ahora es posible iniciar y detener los Métodos de Entrada, gracias al marco de trabajo <emphasis>imsettings</emphasis>. La variable del entorno <envar>GTK_IM_MODULE</envar> ya no es necesaria por defecto y todavía se puede usar para superponerse a <command>imsettings</command>."
#: en_US/International_language_support.xml:169(para)
-msgid ""
-"Input methods only start by default on desktops running in an Asian locale. "
-"The current locale list is: <option>as</option>, <option>bn</option>, "
-"<option>gu</option>, <option>hi</option>, <option>ja</option>, <option>kn</"
-"option>, <option>ko</option>, <option>ml</option>, <option>mr</option>, "
-"<option>ne</option>, <option>or</option>, <option>pa</option>, <option>si</"
-"option>, <option>ta</option>, <option>te</option>, <option>th</option>, "
-"<option>ur</option>, <option>vi</option>, <option>zh</option>. Use "
-"<command>im-chooser</command> via <keycombo><keycap>System</"
-"keycap><keycap>Preferences</keycap><keycap>Personal</keycap><keycap>Input "
-"method</keycap></keycombo> to enable or disable input method usage on your "
-"desktop."
-msgstr ""
-"Los métodos de entrada se inician por defecto en idiomas Asiáticos. La lista "
-"actual de regiones es: <option>as</option>, <option>bn</option>, <option>gu</"
-"option>, <option>hi</option>, <option>ja</option>, <option>kn</option>, "
-"<option>ko</option>, <option>ml</option>, <option>mr</option>, <option>ne</"
-"option>, <option>or</option>, <option>pa</option>, <option>si</option>, "
-"<option>ta</option>, <option>te</option>, <option>th</option>, <option>ur</"
-"option>, <option>vi</option>, <option>zh</option>. Use <command>im-chooser</"
-"command> via <keycombo><keycap>Sistema</keycap><keycap>Preferencias</"
-"keycap><keycap>Personal</keycap><keycap>Método de entrada</keycap></"
-"keycombo> para habilitar o deshabilitar el uso de un método de entrada en su "
-"escritorio."
+msgid "Input methods only start by default on desktops running in an Asian locale. The current locale list is: <option>as</option>, <option>bn</option>, <option>gu</option>, <option>hi</option>, <option>ja</option>, <option>kn</option>, <option>ko</option>, <option>ml</option>, <option>mr</option>, <option>ne</option>, <option>or</option>, <option>pa</option>, <option>si</option>, <option>ta</option>, <option>te</option>, <option>th</option>, <option>ur</option>, <option>vi</option>, <option>zh</option>. Use <command>im-chooser</command> via <keycombo><keycap>System</keycap><keycap>Preferences</keycap><keycap>Personal</keycap><keycap>Input method</keycap></keycombo> to enable or disable input method usage on your desktop."
+msgstr "Los métodos de entrada se inician por defecto en idiomas Asiáticos. La lista actual de regiones es: <option>as</option>, <option>bn</option>, <option>gu</option>, <option>hi</option>, <option>ja</option>, <option>kn</option>, <option>ko</option>, <option>ml</option>, <option>mr</option>, <option>ne</option>, <option>or</option>, <option>pa</option>, <option>si</option>, <option>ta</option>, <option>te</option>, <option>th</option>, <option>ur</option>, <option>vi</option>, <option>zh</option>. Use <command>im-chooser</command> via <keycombo><keycap>Sistema</keycap><keycap>Preferencias</keycap><keycap>Personal</keycap><keycap>Método de entrada</keycap></keycombo> para habilitar o deshabilitar el uso de un método de entrada en su escritorio."
#: en_US/International_language_support.xml:186(title)
msgid "New <command>ibus</command> input method system"
msgstr "Nuevo sistema de método de entrada <command>ibus</command>"
#: en_US/International_language_support.xml:187(para)
-msgid ""
-"Fedora 10 includes <command>ibus</command>, a new input method system that "
-"has been developed to overcome some of the limitations of <command>scim</"
-"command>. It may become the default input method system in Fedora 11."
-msgstr ""
-"Fedora 10 incluye <command>ibus</command>, un nuevo sistema de método de "
-"entrada que ha sido desarrollado para superar algunas de las limitaciones de "
-"<command>scim</command>. Puede llegar a ser el sistema de método de entrada "
-"predeterminado en Fedora 11."
+msgid "Fedora 10 includes <command>ibus</command>, a new input method system that has been developed to overcome some of the limitations of <command>scim</command>. It may become the default input method system in Fedora 11."
+msgstr "Fedora 10 incluye <command>ibus</command>, un nuevo sistema de método de entrada que ha sido desarrollado para superar algunas de las limitaciones de <command>scim</command>. Puede llegar a ser el sistema de método de entrada predeterminado en Fedora 11."
#: en_US/International_language_support.xml:194(para)
msgid "It already provides a number of input method engines and immodules:"
-msgstr ""
-"Actualmente provee un número de motores de métodos de entradas e immodules:"
+msgstr "Actualmente provee un número de motores de métodos de entradas e immodules:"
#: en_US/International_language_support.xml:198(para)
msgid "<option>ibus-anthy</option> (Japanese)"
@@ -4436,40 +2384,24 @@ msgid "<option>ibus-table</option> (Chinese, etc)"
msgstr "<option>ibus-table</option> (Chino, etc)"
#: en_US/International_language_support.xml:224(para)
-msgid ""
-"We encourage people to install <command>ibus</command>, test it for their "
-"language, and report any problems."
-msgstr ""
-"Recomendamos que instalen <command>ibus</command>, lo prueben en su idioma, "
-"y nos reporten problemas. "
+msgid "We encourage people to install <command>ibus</command>, test it for their language, and report any problems."
+msgstr "Recomendamos que instalen <command>ibus</command>, lo prueben en su idioma, y nos reporten problemas. "
#: en_US/International_language_support.xml:229(title)
msgid "Indic onscreen keyboard"
msgstr "Teclado en pantalla Indic "
#: en_US/International_language_support.xml:230(para)
-msgid ""
-"Fedora 10 includes <command>iok</command>, an onscreen virtual keyboard for "
-"Indian languages, which allows input using Inscript keymap layouts and other "
-"1:1 key mappings. For more information refer to the homepage:"
-msgstr ""
-"Fedora 10 incluye <command>iok</command>, un teclado en pantalla para "
-"idiomas indios, lo que permite usar Inscript para diseños del teclado y "
-"otros mapeos de teclas 1:1. Para mas información, visite la página:"
+msgid "Fedora 10 includes <command>iok</command>, an onscreen virtual keyboard for Indian languages, which allows input using Inscript keymap layouts and other 1:1 key mappings. For more information refer to the homepage:"
+msgstr "Fedora 10 incluye <command>iok</command>, un teclado en pantalla para idiomas indios, lo que permite usar Inscript para diseños del teclado y otros mapeos de teclas 1:1. Para mas información, visite la página:"
#: en_US/International_language_support.xml:239(title)
msgid "Indic collation support"
msgstr "Habilitar el soporte Indic"
#: en_US/International_language_support.xml:240(para)
-msgid ""
-"Fedora 10 includes sorting support for Indic languages. This support fixes "
-"listing and order of menus in these languages, representing them in sorted "
-"order and making it easy to find desired elements."
-msgstr ""
-"Fedora 10 incluye soporte para el ordenado en idiomas Indios. Este soporte "
-"corrige el listado y el orden en los menúes en estos idiomas, "
-"representándolos en un orden y haciéndo los elementos fáciles de buscar."
+msgid "Fedora 10 includes sorting support for Indic languages. This support fixes listing and order of menus in these languages, representing them in sorted order and making it easy to find desired elements."
+msgstr "Fedora 10 incluye soporte para el ordenado en idiomas Indios. Este soporte corrige el listado y el orden en los menúes en estos idiomas, representándolos en un orden y haciéndo los elementos fáciles de buscar."
#: en_US/International_language_support.xml:244(para)
msgid "These languages are covered by this support:"
@@ -4524,35 +2456,16 @@ msgid "Installation notes"
msgstr "Notas de la Instalación"
#: en_US/Installation_notes.xml:7(title)
-msgid ""
-"To learn how to install Fedora, refer to <ulink url=\"http://docs."
-"fedoraproject.org/install-guide/\"/>"
-msgstr ""
-"Para información sobre cómo instalar Fedora, vaya a <ulink url=\"http://docs."
-"fedoraproject.org/install-guide/\">http://docs.fedoraproject.org/install-"
-"guide/</ulink>."
+msgid "To learn how to install Fedora, refer to <ulink url=\"http://docs.fedoraproject.org/install-guide/\"/>"
+msgstr "Para información sobre cómo instalar Fedora, vaya a <ulink url=\"http://docs.fedoraproject.org/install-guide/\">http://docs.fedoraproject.org/install-guide/</ulink>."
#: en_US/Installation_notes.xml:10(para)
-msgid ""
-"If you encounter a problem or have a question during installation that is "
-"not covered in these release notes, refer to <ulink url=\"http://www."
-"fedoraproject.org/wiki/FAQ\"/> and <ulink url=\"http://www.fedoraproject.org/"
-"wiki/Bugs/Common\"/>."
-msgstr ""
-"Si encuentra un problema o tiene alguna pregunta durante la instalación que "
-"no ha sido cubierta en estas notas de la versión, vaya a <ulink url=\"http://"
-"www.fedoraproject.org/wiki/FAQ\"/> y a <ulink url=\"http://www.fedoraproject."
-"org/wiki/Bugs/Common\"/>."
+msgid "If you encounter a problem or have a question during installation that is not covered in these release notes, refer to <ulink url=\"http://www.fedoraproject.org/wiki/FAQ\"/> and <ulink url=\"http://www.fedoraproject.org/wiki/Bugs/Common\"/>."
+msgstr "Si encuentra un problema o tiene alguna pregunta durante la instalación que no ha sido cubierta en estas notas de la versión, vaya a <ulink url=\"http://www.fedoraproject.org/wiki/FAQ\"/> y a <ulink url=\"http://www.fedoraproject.org/wiki/Bugs/Common\"/>."
#: en_US/Installation_notes.xml:17(para)
-msgid ""
-"<application>Anaconda</application> is the name of the Fedora installer. "
-"This section outlines issues related to <application>Anaconda</application> "
-"and installing Fedora 10."
-msgstr ""
-"<application>Anaconda</application> es el nombre del programa de instalación "
-"de Fedora. Esta sección delinea todas las cuestiones que se relaciona con "
-"<application>Anaconda</application> y la instalación de Fedora 10."
+msgid "<application>Anaconda</application> is the name of the Fedora installer. This section outlines issues related to <application>Anaconda</application> and installing Fedora 10."
+msgstr "<application>Anaconda</application> es el nombre del programa de instalación de Fedora. Esta sección delinea todas las cuestiones que se relaciona con <application>Anaconda</application> y la instalación de Fedora 10."
#: en_US/Installation_notes.xml:22(title)
msgid "Installation media"
@@ -4563,212 +2476,64 @@ msgid "Fedora DVD ISO image is a large file."
msgstr "La imágen ISO de DVD de Fedora es un archivo enorme."
#: en_US/Installation_notes.xml:25(para)
-msgid ""
-"If you intend to download the Fedora DVD ISO image, keep in mind that not "
-"all file downloading tools can accommodate files larger than 2 GiB in size."
-msgstr ""
-"Si intenta bajar la imágen ISO del DVD de Fedora, tenga en cuenta que no "
-"todas las herramientas de descarga pueden bajar archivos de más de 2 GiB de "
-"tamaño."
+msgid "If you intend to download the Fedora DVD ISO image, keep in mind that not all file downloading tools can accommodate files larger than 2 GiB in size."
+msgstr "Si intenta bajar la imágen ISO del DVD de Fedora, tenga en cuenta que no todas las herramientas de descarga pueden bajar archivos de más de 2 GiB de tamaño."
#: en_US/Installation_notes.xml:28(para)
-msgid ""
-"The programs <command>wget</command> 1.9.1-16 and above, <command>curl</"
-"command>, and <command>ncftpget</command> do not have this limitation, and "
-"can successfully download files larger than 2 GiB. BitTorrent is another "
-"method for downloading large files. For information about obtaining and "
-"using the torrent file, refer to <ulink url=\"http://torrent.fedoraproject."
-"org/\"/>."
-msgstr ""
-"Si pretende descargar las imágenes ISO de DVD de Fedora, tenga en mente que "
-"no todas las herramientas de descarga de archivo puede manejar archivos de "
-"tamaños mayores a 2 GB. <command>wget</command> 1.9.1-16 y posterior, "
-"<command>curl</command> y <command>ncftpget</command> no tienen esta "
-"limitación, y pueden descargar efectivamente archivos de más de 2GB. "
-"BitTorrent es otro método para la descarga de archivos grandes. Para "
-"información acerca de la obtención y uso del archivo torrent, vaya a <ulink "
-"url=\"http://torrent.fedoraproject.org/\"/>."
+msgid "The programs <command>wget</command> 1.9.1-16 and above, <command>curl</command>, and <command>ncftpget</command> do not have this limitation, and can successfully download files larger than 2 GiB. BitTorrent is another method for downloading large files. For information about obtaining and using the torrent file, refer to <ulink url=\"http://torrent.fedoraproject.org/\"/>."
+msgstr "Si pretende descargar las imágenes ISO de DVD de Fedora, tenga en mente que no todas las herramientas de descarga de archivo puede manejar archivos de tamaños mayores a 2 GB. <command>wget</command> 1.9.1-16 y posterior, <command>curl</command> y <command>ncftpget</command> no tienen esta limitación, y pueden descargar efectivamente archivos de más de 2GB. BitTorrent es otro método para la descarga de archivos grandes. Para información acerca de la obtención y uso del archivo torrent, vaya a <ulink url=\"http://torrent.fedoraproject.org/\"/>."
#: en_US/Installation_notes.xml:36(para)
-msgid ""
-"<application>Anaconda</application> asks if it should verify the "
-"installation medium when <menuchoice><guimenuitem>Install or upgrade an "
-"existing system</guimenuitem></menuchoice> is selected during boot from an "
-"installation-only media."
-msgstr ""
-"<application>Anaconda</application> pregunta si debe verificar el medio de "
-"instalación cuando se elige la opción <menuchoice><guimenuitem>Instala o "
-"actualiza un sistema existente</guimenuitem></menuchoice> durante el "
-"arranque desde un medio de sólo instalación."
+msgid "<application>Anaconda</application> asks if it should verify the installation medium when <menuchoice><guimenuitem>Install or upgrade an existing system</guimenuitem></menuchoice> is selected during boot from an installation-only media."
+msgstr "<application>Anaconda</application> pregunta si debe verificar el medio de instalación cuando se elige la opción <menuchoice><guimenuitem>Instala o actualiza un sistema existente</guimenuitem></menuchoice> durante el arranque desde un medio de sólo instalación."
#: en_US/Installation_notes.xml:41(para)
-msgid ""
-"For Fedora Live media, press any key during the initial boot countdown, to "
-"display a boot option menu. Select <menuchoice><guimenuitem>Verify and boot</"
-"guimenuitem></menuchoice> to perform the media test. Installation media can "
-"be used to verify Fedora Live media. <application>Anaconda</application> "
-"asks during the mediacheck if you want to check any other disc than the one "
-"<application>Anaconda</application> is running from. To test additional "
-"media, select <menuchoice><guimenuitem>eject</guimenuitem></menuchoice> to "
-"eject the inserted medium, then replace it with the medium you want to test "
-"instead."
-msgstr ""
-"Para el medio Vivo de Fedora, presione cualquier tecla durante la cuenta "
-"regresiva inicial del arranque, para mostrar un menú de opciones de "
-"arranque. Seleccione <menuchoice><guimenuitem>Verificar e iniciar</"
-"guimenuitem></menuchoice> para realizar una prueba del medio. El medio de "
-"instalación puede ser usado para verificar el medio Vivo de Fedora. "
-"<application>Anaconda</application> pregunta durante el chequeo del medio si "
-"desea chequear algún otro disco adicional al de donde fue iniciado anaconda. "
-"Para probar medios adicionales, elija <menuchoice><guimenuitem>expulsar</"
-"guimenuitem></menuchoice> para expulsar el medio insertado, luego "
-"reemplácelo con el medio que desea probar en su lugar."
+msgid "For Fedora Live media, press any key during the initial boot countdown, to display a boot option menu. Select <menuchoice><guimenuitem>Verify and boot</guimenuitem></menuchoice> to perform the media test. Installation media can be used to verify Fedora Live media. <application>Anaconda</application> asks during the mediacheck if you want to check any other disc than the one <application>Anaconda</application> is running from. To test additional media, select <menuchoice><guimenuitem>eject</guimenuitem></menuchoice> to eject the inserted medium, then replace it with the medium you want to test instead."
+msgstr "Para el medio Vivo de Fedora, presione cualquier tecla durante la cuenta regresiva inicial del arranque, para mostrar un menú de opciones de arranque. Seleccione <menuchoice><guimenuitem>Verificar e iniciar</guimenuitem></menuchoice> para realizar una prueba del medio. El medio de instalación puede ser usado para verificar el medio Vivo de Fedora. <application>Anaconda</application> pregunta durante el chequeo del medio si desea chequear algún otro disco adicional al de donde fue iniciado anaconda. Para probar medios adicionales, elija <menuchoice><guimenuitem>expulsar</guimenuitem></menuchoice> para expulsar el medio insertado, luego reemplácelo con el medio que desea probar en su lugar."
#: en_US/Installation_notes.xml:54(para)
msgid "Perform this test for any new installation or live medium."
-msgstr ""
-"Realice esta prueba para cualquier medio de instalación o medio vivo nuevo."
+msgstr "Realice esta prueba para cualquier medio de instalación o medio vivo nuevo."
#: en_US/Installation_notes.xml:57(para)
-msgid ""
-"The Fedora Project strongly recommends that you perform this test before "
-"reporting any installation-related bugs. Many of the bugs reported are "
-"actually due to improperly-burned CD or DVDs."
-msgstr ""
-"El Proyecto Fedora recomienda seriamente que realice esta prueba antes de "
-"informar cualquier error relacionado con la instalación. Mucho de los "
-"errores informados son en realidad debido a que los CDs o DVDs han sido mal "
-"grabados."
+msgid "The Fedora Project strongly recommends that you perform this test before reporting any installation-related bugs. Many of the bugs reported are actually due to improperly-burned CD or DVDs."
+msgstr "El Proyecto Fedora recomienda seriamente que realice esta prueba antes de informar cualquier error relacionado con la instalación. Mucho de los errores informados son en realidad debido a que los CDs o DVDs han sido mal grabados."
#: en_US/Installation_notes.xml:61(para)
-msgid ""
-"In rare cases, the testing procedure may report some usable discs as faulty. "
-"This result is often caused by disc writing software that does not include "
-"padding when creating discs from ISO files."
-msgstr ""
-"En casos raros, el procedimiento de prueba puede informar que algunos discos "
-"usables son fallidos. Este resultado se debe usualmente a que el software de "
-"escritura de disco no incluyó el padding cuando se crearon los discos desde "
-"archivos ISO."
+msgid "In rare cases, the testing procedure may report some usable discs as faulty. This result is often caused by disc writing software that does not include padding when creating discs from ISO files."
+msgstr "En casos raros, el procedimiento de prueba puede informar que algunos discos usables son fallidos. Este resultado se debe usualmente a que el software de escritura de disco no incluyó el padding cuando se crearon los discos desde archivos ISO."
#: en_US/Installation_notes.xml:66(title)
msgid "BitTorrent Automatically Verifies File Integrity."
msgstr "BitTorrent Verifica Automáticamente la Integridad de Archivo"
#: en_US/Installation_notes.xml:67(para)
-#, fuzzy
-msgid ""
-"If you use BitTorrent, any files you download are automatically validated. "
-"If your file completes downloading you do not need to check it. Once you "
-"burn your CD or DVD, however, you should still use <command>mediacheck</"
-"command> to test the integrity of the media."
-msgstr ""
-"Si usa BitTorrent, cualquier archivo que baje es automáticamente validado. "
-"Si su archivo completa la descarga, no necesita chequearlo. Sin embargo, una "
-"vez que lo grabe en su CD o DVD debe igualmente usar <placeholder-1/> para "
-"probar la integridad del medio."
+msgid "If you use BitTorrent, any files you download are automatically validated. If your file completes downloading you do not need to check it. Once you burn your CD or DVD, however, you should still use <command>mediacheck</command> to test the integrity of the media."
+msgstr "Si usa <application>BitTorrent</application>, cualquier archivo que baje es automáticamente validado. Si su archivo completa la descarga, no necesita chequearlo. Sin embargo, una vez que lo grabe en su CD o DVD debe igualmente usar <command>mediacheck</command>."
#: en_US/Installation_notes.xml:73(para)
-msgid ""
-"Another reason for a failure during installation is faulty memory. To "
-"perform memory testing before you install Fedora, press any key to enter the "
-"boot menu, then select <menuchoice><guimenuitem>Memory Test</guimenuitem></"
-"menuchoice>. This option runs the <application>Memtest86</application> "
-"standalone memory testing software in place of <application>Anaconda</"
-"application>. <application>Memtest86</application> memory testing continues "
-"until you press the <keycap>Esc</keycap> key."
-msgstr ""
-"Otra razón de un fallo durante una instalación es la memoria defectuosa. "
-"Para realizar realizar chequeos de memoria antes de instalar Fedora, "
-"presione cualquier tecla para entrar al menú de arranque, luego selecione "
-"<menuchoice><guimenuitem>Chequear la Memoria</guimenuitem></menuchoice>. "
-"Esta opción ejecuta el programa de testeo de memoria <application>Memtest86</"
-"application> en lugar de <application>Anaconda</application>. El chequeo de "
-"la memoria con <application>Memtest86</application> continúa hasta que "
-"presione la tecla <keycap>Esc</keycap>."
+msgid "Another reason for a failure during installation is faulty memory. To perform memory testing before you install Fedora, press any key to enter the boot menu, then select <menuchoice><guimenuitem>Memory Test</guimenuitem></menuchoice>. This option runs the <application>Memtest86</application> standalone memory testing software in place of <application>Anaconda</application>. <application>Memtest86</application> memory testing continues until you press the <keycap>Esc</keycap> key."
+msgstr "Otra razón de un fallo durante una instalación es la memoria defectuosa. Para realizar realizar chequeos de memoria antes de instalar Fedora, presione cualquier tecla para entrar al menú de arranque, luego selecione <menuchoice><guimenuitem>Chequear la Memoria</guimenuitem></menuchoice>. Esta opción ejecuta el programa de testeo de memoria <application>Memtest86</application> en lugar de <application>Anaconda</application>. El chequeo de la memoria con <application>Memtest86</application> continúa hasta que presione la tecla <keycap>Esc</keycap>."
#: en_US/Installation_notes.xml:83(para)
-msgid ""
-"Fedora 10 supports graphical FTP and HTTP installations. However, the "
-"installer image must either fit in RAM or appear on local storage, such as "
-"the installation DVD or Live Media. Therefore, only systems with more than "
-"192MiB of RAM or that boot from the installation DVD or Live Media can use "
-"the graphical installer. Systems with 192MiB RAM or less fall back to using "
-"the text-based installer automatically. If you prefer to use the text-based "
-"installer, type <userinput>linux text</userinput> at the <prompt>boot:</"
-"prompt> prompt."
-msgstr ""
-"Fedora 10 tiene soporte para instalaciones gráficas FTP y HTTP. Sin embargo, "
-"la imágen del instalador debe caber en la RAM o estar en un almacenamiento "
-"local tal como el Disco 1 de Instalación. Por lo tanto, solo los sistemas "
-"con más de 192 MB de RAM, o con el disco de arranque 1 de Instalación pueden "
-"usar el instalador gráfico. Los sistemas con 192MB de RAM o menos, fallarán "
-"y usarán el método de instalación basado en texto automáticamente. Si "
-"prefiere usar el instalador basado en texto, ingrese <command>linux text</"
-"command> cuando le pregunte <prompt>boot:</prompt> ."
+msgid "Fedora 10 supports graphical FTP and HTTP installations. However, the installer image must either fit in RAM or appear on local storage, such as the installation DVD or Live Media. Therefore, only systems with more than 192MiB of RAM or that boot from the installation DVD or Live Media can use the graphical installer. Systems with 192MiB RAM or less fall back to using the text-based installer automatically. If you prefer to use the text-based installer, type <userinput>linux text</userinput> at the <prompt>boot:</prompt> prompt."
+msgstr "Fedora 10 tiene soporte para instalaciones gráficas FTP y HTTP. Sin embargo, la imágen del instalador debe caber en la RAM o estar en un almacenamiento local tal como el Disco 1 de Instalación. Por lo tanto, solo los sistemas con más de 192 MB de RAM, o con el disco de arranque 1 de Instalación pueden usar el instalador gráfico. Los sistemas con 192MB de RAM o menos, fallarán y usarán el método de instalación basado en texto automáticamente. Si prefiere usar el instalador basado en texto, ingrese <command>linux text</command> cuando le pregunte <prompt>boot:</prompt> ."
#: en_US/Installation_notes.xml:94(title)
msgid "Changes in Anaconda"
msgstr "Cambios en Anaconda"
#: en_US/Installation_notes.xml:97(para)
-msgid ""
-"<application>NetworkManager</application> for Networking -- "
-"<application>Anaconda</application> is now using "
-"<application>NetworkManager</application> for configuration of network "
-"interfaces during installation. The main network interface configuration "
-"screen in <application>Anaconda</application> has been removed. Users are "
-"only prompted for network configuration details if they are necessary during "
-"installation. The settings used during installation are then written to the "
-"system."
-msgstr ""
-"<application>NetworkManager</application> para la Red -- "
-"<application>Anaconda</application> usa ahora <application>NetworkManager</"
-"application> para la configuración de interfases de red durante la "
-"instalación. La pantalla principal de configuración de la interfase de red "
-"en <application>Anaconda</application> ha sido eliminada. Ahora sólo se les "
-"pregunta a los usuarios sobre los detalles de la configuración de la red si "
-"es necesario durante la instalación. La configuración usada durante la "
-"instalación se escriben en el sistema."
+msgid "<application>NetworkManager</application> for Networking -- <application>Anaconda</application> is now using <application>NetworkManager</application> for configuration of network interfaces during installation. The main network interface configuration screen in <application>Anaconda</application> has been removed. Users are only prompted for network configuration details if they are necessary during installation. The settings used during installation are then written to the system."
+msgstr "<application>NetworkManager</application> para la Red -- <application>Anaconda</application> usa ahora <application>NetworkManager</application> para la configuración de interfases de red durante la instalación. La pantalla principal de configuración de la interfase de red en <application>Anaconda</application> ha sido eliminada. Ahora sólo se les pregunta a los usuarios sobre los detalles de la configuración de la red si es necesario durante la instalación. La configuración usada durante la instalación se escriben en el sistema."
#: en_US/Installation_notes.xml:108(para)
-msgid ""
-"For more information, refer to <ulink url=\"http://www.fedoraproject.org/"
-"wiki/Anaconda/Features/NetConfigForNM\"/>."
-msgstr ""
-"Para más información, consulte <ulink url=\"http://www.fedoraproject.org/"
-"wiki/Anaconda/Features/NetConfigForNM\"/>."
+msgid "For more information, refer to <ulink url=\"http://www.fedoraproject.org/wiki/Anaconda/Features/NetConfigForNM\"/>."
+msgstr "Para más información, consulte <ulink url=\"http://www.fedoraproject.org/wiki/Anaconda/Features/NetConfigForNM\"/>."
#: en_US/Installation_notes.xml:113(para)
-msgid ""
-"When using <filename>netinst.iso</filename> to boot the installer, "
-"<application>Anaconda</application> defaults to using the Fedora mirrorlist "
-"URL as the installation source. The method selection screen no longer "
-"appears by default. If you do not wish to use the mirrorlist URL, either add "
-"<option>repo=<replaceable><your installation source></replaceable></"
-"option> or add <option>askmethod</option> to the installer boot parameters. "
-"The <option>askmethod</option> option causes the selection screen to appear "
-"as it did in previous releases. To add boot parameters, press the "
-"<keycap>Tab</keycap> key in the initial boot screen and append any new "
-"parameters to the existing list. For more information, refer to the "
-"<computeroutput>repo=</computeroutput> and <computeroutput>stage2=</"
-"computeroutput> descriptions at <ulink url=\"http://fedoraproject.org/wiki/"
-"Anaconda/Options\"/>."
-msgstr ""
-"Cuando se usa <filename>netinst.iso</filename> para arrancar el instalador, "
-"<application>Anaconda</application> se configura para usar la URL de la "
-"lista de espejos de Fedora como la fuente de instalación. La pantalla de "
-"selección de método ya no aparece por defecto. Si no desea usar la URL de la "
-"lista de espejos, agregue <option>repo=<replaceable><su fuente de "
-"instalación></replaceable></option> o agregue <option>askmethod</option> "
-"a los parámetros de arranque del instalador. La opción <option>askmethod</"
-"option> hace que la pantalla de selección aparezca como lo hacía en "
-"lanzamientos anteriores. Para agregar parámetros, presione la tecla "
-"<keycap>Tab</keycap> en la pantalla de arranque inicial y agregue los "
-"parámetros nuevos a la lista existente. Para más información, vaya a "
-"<computeroutput>repo=</computeroutput> y a las descripciones de "
-"<computeroutput>stage2=</computeroutput> en <ulink url=\"http://"
-"fedoraproject.org/wiki/Anaconda/Options\"/>."
+msgid "When using <filename>netinst.iso</filename> to boot the installer, <application>Anaconda</application> defaults to using the Fedora mirrorlist URL as the installation source. The method selection screen no longer appears by default. If you do not wish to use the mirrorlist URL, either add <option>repo=<replaceable><your installation source></replaceable></option> or add <option>askmethod</option> to the installer boot parameters. The <option>askmethod</option> option causes the selection screen to appear as it did in previous releases. To add boot parameters, press the <keycap>Tab</keycap> key in the initial boot screen and append any new parameters to the existing list. For more information, refer to the <computeroutput>repo=</computeroutput> and <computeroutput>stage2=</computeroutput> descriptions at <ulink url=\"http://fedoraproject.org/wiki/Anaconda/Options\"/>."
+msgstr "Cuando se usa <filename>netinst.iso</filename> para arrancar el instalador, <application>Anaconda</application> se configura para usar la URL de la lista de espejos de Fedora como la fuente de instalación. La pantalla de selección de método ya no aparece por defecto. Si no desea usar la URL de la lista de espejos, agregue <option>repo=<replaceable><su fuente de instalación></replaceable></option> o agregue <option>askmethod</option> a los parámetros de arranque del instalador. La opción <option>askmethod</option> hace que la pantalla de selección aparezca como lo hacía en lanzamientos anteriores. Para agregar parámetros, presione la tecla <keycap>Tab</keycap> en la pantalla de arranque inicial y agregue los parámetros nuevos a la lista existente. Para más información, vaya a <computeroutput>repo=</computeroutput> y a las descripciones de <computeroutput>stage2=</computeroutput> en <ulink url=\"http://fedoraproject.org/wiki/Anaconda/Options\"/>."
#: en_US/Installation_notes.xml:134(title)
msgid "Installation related issues"
@@ -4779,66 +2544,32 @@ msgid "PXE booting from a <filename>.iso</filename>"
msgstr "Arranque desde la Red usando PXE"
#: en_US/Installation_notes.xml:137(para)
-msgid ""
-"When PXE booting and using a <filename>.iso</filename> file mounted via NFS "
-"for the installation media, add <userinput>method=nfsiso:server:/path</"
-"userinput> to the command line. This is a new requirement."
-msgstr ""
-"Cuando se arranqua PXE y se usa un archivo <filename>.iso</filename> montado "
-"vía NFS como medio de instalación, agregue <userinput>method=nfsiso:server:/"
-"path</userinput> a la línea de comando. Este es un requerimiento nuevo."
+msgid "When PXE booting and using a <filename>.iso</filename> file mounted via NFS for the installation media, add <userinput>method=nfsiso:server:/path</userinput> to the command line. This is a new requirement."
+msgstr "Cuando se arranqua PXE y se usa un archivo <filename>.iso</filename> montado vía NFS como medio de instalación, agregue <userinput>method=nfsiso:server:/path</userinput> a la línea de comando. Este es un requerimiento nuevo."
#: en_US/Installation_notes.xml:143(title)
msgid "IDE device names"
msgstr "Nombres de Dispositivos IDE"
#: en_US/Installation_notes.xml:144(para)
-msgid ""
-"Use of <filename>/dev/hdX</filename> on i386 and x86_64 for IDE drives "
-"changed to <filename>/dev/sdX</filename> in Fedora 7. If you are upgrading "
-"from an earlier version than Fedora 7, you need to research about the "
-"importance of labeling devices for upgrades and any partition limitations."
-msgstr ""
-"El uso de <filename class=\"devicefile\">/dev/hdX</filename> es obsoleto en "
-"i386 y x86_64 para discos IDE, y ha cambiado a <filename>/dev/sdX</"
-"filename>. Vea la nota acerca de la importancia del etiquetado de "
-"dispositivos para actualizaciones desde Fedora 7 y las limitaciones de "
-"partición."
+msgid "Use of <filename>/dev/hdX</filename> on i386 and x86_64 for IDE drives changed to <filename>/dev/sdX</filename> in Fedora 7. If you are upgrading from an earlier version than Fedora 7, you need to research about the importance of labeling devices for upgrades and any partition limitations."
+msgstr "El uso de <filename class=\"devicefile\">/dev/hdX</filename> es obsoleto en i386 y x86_64 para discos IDE, y ha cambiado a <filename>/dev/sdX</filename>. Vea la nota acerca de la importancia del etiquetado de dispositivos para actualizaciones desde Fedora 7 y las limitaciones de partición."
#: en_US/Installation_notes.xml:151(title)
msgid "IDE RAID"
msgstr "RAID IDE"
#: en_US/Installation_notes.xml:152(para)
-msgid ""
-"Not all IDE RAID controllers are supported. If your RAID controller is not "
-"yet supported by <systemitem class=\"daemon\">dmraid</systemitem>, you may "
-"combine drives into RAID arrays by configuring Linux software RAID. For "
-"supported controllers, configure the RAID functions in the computer BIOS."
-msgstr ""
-"No hay soporte para todos los controladores IDE RAID. Si su controlador RAID "
-"no es soportado todavía por <package>dmraid</package>, puede combinar "
-"controladores dentro del arreglo RAID configurando el software RAID de "
-"Linux. Para los controladores soportados, configure las funciones RAID en el "
-"BIOS de la computadora."
+msgid "Not all IDE RAID controllers are supported. If your RAID controller is not yet supported by <systemitem class=\"daemon\">dmraid</systemitem>, you may combine drives into RAID arrays by configuring Linux software RAID. For supported controllers, configure the RAID functions in the computer BIOS."
+msgstr "No hay soporte para todos los controladores IDE RAID. Si su controlador RAID no es soportado todavía por <package>dmraid</package>, puede combinar controladores dentro del arreglo RAID configurando el software RAID de Linux. Para los controladores soportados, configure las funciones RAID en el BIOS de la computadora."
#: en_US/Installation_notes.xml:160(title)
msgid "Multiple NICs and PXE installation"
msgstr "Instalación PXE y Placas múltiples"
#: en_US/Installation_notes.xml:161(para)
-msgid ""
-"Some servers with multiple network interfaces may not assign eth0 to the "
-"first network interface as BIOS knows it, which can cause the installer to "
-"try using a different network interface than was used by PXE. To change this "
-"behavior, use the following in <filename>pxelinux.cfg/*</filename> config "
-"files:"
-msgstr ""
-"Algunos servidores con muchas interfases de red pueden no asignar eth0 a la "
-"primera interfase de red en la forma en que el BIOS la reconoce, lo que "
-"puede causar que el instalador intente usar una interfase de red distinta a "
-"la que se usó en PXE. Para cambiar este comportamiento, haga lo siguiente en "
-"los archivos de configuración <filename>pxelinux.cfg/*</filename> :"
+msgid "Some servers with multiple network interfaces may not assign eth0 to the first network interface as BIOS knows it, which can cause the installer to try using a different network interface than was used by PXE. To change this behavior, use the following in <filename>pxelinux.cfg/*</filename> config files:"
+msgstr "Algunos servidores con muchas interfases de red pueden no asignar eth0 a la primera interfase de red en la forma en que el BIOS la reconoce, lo que puede causar que el instalador intente usar una interfase de red distinta a la que se usó en PXE. Para cambiar este comportamiento, haga lo siguiente en los archivos de configuración <filename>pxelinux.cfg/*</filename> :"
#: en_US/Installation_notes.xml:168(computeroutput)
#, no-wrap
@@ -4850,12 +2581,8 @@ msgstr ""
"\t ksdevice=bootif"
#: en_US/Installation_notes.xml:171(para)
-msgid ""
-"The configuration options above causes the installer to use the same network "
-"interface as BIOS and PXE use. You can also use the following option:"
-msgstr ""
-"Las opciones de configuración de arriba hacen que el instalador use la misma "
-"placa de red que usan el BIOS y PXE. También puede usar la siguiente opción:"
+msgid "The configuration options above causes the installer to use the same network interface as BIOS and PXE use. You can also use the following option:"
+msgstr "Las opciones de configuración de arriba hacen que el instalador use la misma placa de red que usan el BIOS y PXE. También puede usar la siguiente opción:"
#: en_US/Installation_notes.xml:175(computeroutput)
#, no-wrap
@@ -4863,98 +2590,44 @@ msgid "ksdevice=link"
msgstr "ksdevice=link"
#: en_US/Installation_notes.xml:177(para)
-msgid ""
-"This option causes the installer to use the first network device it finds "
-"that is linked to a network switch."
-msgstr ""
-"Esta opción hace que el instalador use la primera placa de red que encuentre "
-"y que esté conectada a un switch."
+msgid "This option causes the installer to use the first network device it finds that is linked to a network switch."
+msgstr "Esta opción hace que el instalador use la primera placa de red que encuentre y que esté conectada a un switch."
#: en_US/Installation_notes.xml:182(title)
msgid "Upgrade related issues"
msgstr "Cuestiones Relacionadas con la Actualización"
#: en_US/Installation_notes.xml:183(para)
-msgid ""
-"Refer to <ulink url=\"http://fedoraproject.org/wiki/DistributionUpgrades\"/> "
-"for detailed recommended procedures for upgrading Fedora."
-msgstr ""
-"Vaya a <ulink url=\"http://fedoraproject.org/wiki/DistributionUpgrades\"/> "
-"para procedimientos detallados recomendados para actualizar Fedora."
+msgid "Refer to <ulink url=\"http://fedoraproject.org/wiki/DistributionUpgrades\"/> for detailed recommended procedures for upgrading Fedora."
+msgstr "Vaya a <ulink url=\"http://fedoraproject.org/wiki/DistributionUpgrades\"/> para procedimientos detallados recomendados para actualizar Fedora."
#: en_US/Installation_notes.xml:187(title)
msgid "SCSI driver partition limits"
msgstr "Límites de la partición en el controlador SCSI"
#: en_US/Installation_notes.xml:188(para)
-msgid ""
-"Whereas older IDE drivers supported up to 63 partitions per device, SCSI "
-"devices are limited to 15 partitions per device. <application>Anaconda</"
-"application> uses the <systemitem class=\"library\">libata</systemitem> "
-"driver in the same fashion as the rest of Fedora, so it is unable to detect "
-"more than 15 partitions on an IDE disk during the installation or upgrade "
-"process."
-msgstr ""
-"Donde controladores IDE viejos soportaban hasta 63 particiones por "
-"dispositivo, los dispositivos SCSI están limitados a 15 particiones por "
-"dispositivos. <application>Anaconda</application> usa el controlador nuevo "
-"<systemitem class=\"library\">libata</systemitem> en la misma forma que el "
-"resto de Fedora, por lo que es inútil detectar más de 15 particiones en un "
-"disco IDE durante el proceso de instalación o actualización."
+msgid "Whereas older IDE drivers supported up to 63 partitions per device, SCSI devices are limited to 15 partitions per device. <application>Anaconda</application> uses the <systemitem class=\"library\">libata</systemitem> driver in the same fashion as the rest of Fedora, so it is unable to detect more than 15 partitions on an IDE disk during the installation or upgrade process."
+msgstr "Donde controladores IDE viejos soportaban hasta 63 particiones por dispositivo, los dispositivos SCSI están limitados a 15 particiones por dispositivos. <application>Anaconda</application> usa el controlador nuevo <systemitem class=\"library\">libata</systemitem> en la misma forma que el resto de Fedora, por lo que es inútil detectar más de 15 particiones en un disco IDE durante el proceso de instalación o actualización."
#: en_US/Installation_notes.xml:195(para)
-msgid ""
-"If you are upgrading a system with more than 15 partitions, you may need to "
-"migrate the disk to Logical Volume Management (LVM). This restriction may "
-"cause conflicts with other installed systems if they do not support LVM. "
-"Most modern Linux distributions support LVM and drivers are available for "
-"other operating systems as well."
-msgstr ""
-"Si está actualizando un sistema con más de 15 particiones, puede necesitar "
-"migrar el disco a una Administración de Volúmen Lógico (LVM). Esta "
-"restricción puede causar conflictos con otros sistemas instalados que no "
-"tienen soporte para LVM. La mayoría de las distribuciones de Linux modernas "
-"dan soporte a LVM, y los controladores están disponibles también para otros "
-"sistemas operativos."
+msgid "If you are upgrading a system with more than 15 partitions, you may need to migrate the disk to Logical Volume Management (LVM). This restriction may cause conflicts with other installed systems if they do not support LVM. Most modern Linux distributions support LVM and drivers are available for other operating systems as well."
+msgstr "Si está actualizando un sistema con más de 15 particiones, puede necesitar migrar el disco a una Administración de Volúmen Lógico (LVM). Esta restricción puede causar conflictos con otros sistemas instalados que no tienen soporte para LVM. La mayoría de las distribuciones de Linux modernas dan soporte a LVM, y los controladores están disponibles también para otros sistemas operativos."
#: en_US/Installation_notes.xml:203(title)
msgid "Disk partitions must be labeled"
msgstr "Las particiones de disco deben estar etiquetadas"
#: en_US/Installation_notes.xml:204(para)
-msgid ""
-"A change in the way that the Linux kernel handles storage devices means that "
-"device names such as <filename>/dev/hdX</filename> or <filename>/dev/sdX</"
-"filename> may differ from the values used in earlier releases. "
-"<application>Anaconda</application> solves this problem by relying on "
-"partition labels or UUIDs for finding devices. If these are not present, "
-"then <application>Anaconda</application> presents a warning indicating that "
-"partitions need to be labelled and that the upgrade can not proceed. Systems "
-"that use Logical Volume Management (LVM) and the device mapper usually do "
-"not require relabeling."
-msgstr ""
-"Un cambio en la forma en que el kernel de Linux maneja los dispositivos de "
-"almacenamiento significa que los dispositivos como <filename>/dev/hdX</"
-"filename> o <filename>/dev/sdX</filename> pueden diferir respecto de valores "
-"usados en lanzamientos previos. <application>Anaconda</application> resuelve "
-"este problema confiando en el etiquetado de las particiones. Si estas "
-"etiquetas no están presentes, entonces <application>Anaconda</application> "
-"presenta un aviso indicando las particiones que necesitan ser etiquetadas y "
-"que la actualización no puede continuar. Los sistemas que usan "
-"Administración de Volúmenes Lógicos (LVM en inglés) y el mapeador de "
-"dispositivos normalmente no requieren reetiquetados."
+msgid "A change in the way that the Linux kernel handles storage devices means that device names such as <filename>/dev/hdX</filename> or <filename>/dev/sdX</filename> may differ from the values used in earlier releases. <application>Anaconda</application> solves this problem by relying on partition labels or UUIDs for finding devices. If these are not present, then <application>Anaconda</application> presents a warning indicating that partitions need to be labelled and that the upgrade can not proceed. Systems that use Logical Volume Management (LVM) and the device mapper usually do not require relabeling."
+msgstr "Un cambio en la forma en que el kernel de Linux maneja los dispositivos de almacenamiento significa que los dispositivos como <filename>/dev/hdX</filename> o <filename>/dev/sdX</filename> pueden diferir respecto de valores usados en lanzamientos previos. <application>Anaconda</application> resuelve este problema confiando en el etiquetado de las particiones. Si estas etiquetas no están presentes, entonces <application>Anaconda</application> presenta un aviso indicando las particiones que necesitan ser etiquetadas y que la actualización no puede continuar. Los sistemas que usan Administración de Volúmenes Lógicos (LVM en inglés) y el mapeador de dispositivos normalmente no requieren reetiquetados."
#: en_US/Installation_notes.xml:216(title)
msgid "To check disk partition labels"
msgstr "Para verificar las etiquetas de las particiones de disco"
#: en_US/Installation_notes.xml:217(para)
-msgid ""
-"To view partition labels, boot the existing Fedora installation, and enter "
-"the following at a terminal prompt:"
-msgstr ""
-"Para ver las etiquetas de las particiones, inicie la instalación de Fedora "
-"actual, e ingrese lo siguiente desde una ventana de terminal:"
+msgid "To view partition labels, boot the existing Fedora installation, and enter the following at a terminal prompt:"
+msgstr "Para ver las etiquetas de las particiones, inicie la instalación de Fedora actual, e ingrese lo siguiente desde una ventana de terminal:"
#: en_US/Installation_notes.xml:221(userinput)
#, no-wrap
@@ -4962,12 +2635,8 @@ msgid "/sbin/blkid"
msgstr "/sbin/blkid"
#: en_US/Installation_notes.xml:223(para)
-msgid ""
-"Confirm that each volume line in the list has a <computeroutput>LABEL=</"
-"computeroutput> value, as shown below:"
-msgstr ""
-"Confirme que cada línea de volumen en la lista tiene un valor "
-"<option>LABEL=</option>, como se muestra más abajo:"
+msgid "Confirm that each volume line in the list has a <computeroutput>LABEL=</computeroutput> value, as shown below:"
+msgstr "Confirme que cada línea de volumen en la lista tiene un valor <option>LABEL=</option>, como se muestra más abajo:"
#: en_US/Installation_notes.xml:227(computeroutput)
#, no-wrap
@@ -4985,10 +2654,8 @@ msgid "To set disk partition labels"
msgstr "Para poner las etiquetas de las particiones de disco"
#: en_US/Installation_notes.xml:234(para)
-msgid ""
-"For ext2 and ext3 partitions without a label, use the following command:"
-msgstr ""
-"Para particiones ext2 y ext3 sin una etiqueta, use el siguiente comando:"
+msgid "For ext2 and ext3 partitions without a label, use the following command:"
+msgstr "Para particiones ext2 y ext3 sin una etiqueta, use el siguiente comando:"
#: en_US/Installation_notes.xml:237(userinput)
#, no-wrap
@@ -4996,31 +2663,16 @@ msgid "su -c 'e2label /dev/example f7-slash'"
msgstr "su -c 'e2label /dev/ejemplo f7-slash'"
#: en_US/Installation_notes.xml:239(para)
-msgid ""
-"For a VFAT file system use <command>dosfslabel</command> from the "
-"<package>dosfstools</package> package, and for NTFS file system use "
-"<command>ntfslabel</command> from the <package>ntfsprogs</package> package. "
-"Before rebooting the machine, also update the file system mount entries, and "
-"the GRUB kernel root entry."
-msgstr ""
-"Para un sistema de archivo VFAT use <command>dosfslabel</command> del "
-"paquete <package>dosfstools</package> y para un sistema de archivo NTFS use "
-"<command>ntfslabel</command> del paquete <package>ntfsprogs</package>. Antes "
-"de reiniciar la máquina, también actualice las entradas de montaje del "
-"sistema de archivos y la entrada raíz del kernel en GRUB."
+msgid "For a VFAT file system use <command>dosfslabel</command> from the <package>dosfstools</package> package, and for NTFS file system use <command>ntfslabel</command> from the <package>ntfsprogs</package> package. Before rebooting the machine, also update the file system mount entries, and the GRUB kernel root entry."
+msgstr "Para un sistema de archivo VFAT use <command>dosfslabel</command> del paquete <package>dosfstools</package> y para un sistema de archivo NTFS use <command>ntfslabel</command> del paquete <package>ntfsprogs</package>. Antes de reiniciar la máquina, también actualice las entradas de montaje del sistema de archivos y la entrada raíz del kernel en GRUB."
#: en_US/Installation_notes.xml:247(title)
msgid "Update the file system mount entries"
msgstr "Actualizar las entradas de montaje del sistema de archivo"
#: en_US/Installation_notes.xml:248(para)
-msgid ""
-"If any file system labels were added or modified, then the device entries in "
-"<filename>/etc/fstab</filename> must be adjusted to match:"
-msgstr ""
-"Si cualquier etiqueta de sistema de archivo fue agregada o modificada, "
-"entonces las entradas de dispositivos en <filename>/etc/fstab</filename> "
-"deben ajustarse para que se parezcan a:"
+msgid "If any file system labels were added or modified, then the device entries in <filename>/etc/fstab</filename> must be adjusted to match:"
+msgstr "Si cualquier etiqueta de sistema de archivo fue agregada o modificada, entonces las entradas de dispositivos en <filename>/etc/fstab</filename> deben ajustarse para que se parezcan a:"
#: en_US/Installation_notes.xml:252(userinput)
#, no-wrap
@@ -5046,18 +2698,11 @@ msgstr ""
#: en_US/Installation_notes.xml:262(title)
msgid "Update the <filename>grub.conf</filename> kernel root entry"
-msgstr ""
-"Actualizar la entrada raíz del kernel en <filename>grub.conf</filename>"
+msgstr "Actualizar la entrada raíz del kernel en <filename>grub.conf</filename>"
#: en_US/Installation_notes.xml:264(para)
-msgid ""
-"If the label for the <filename>/</filename> (root) file system was modified, "
-"the kernel boot parameter in the grub configuration file must also be "
-"modified:"
-msgstr ""
-"Si la etiqueta para el sistema de archivo (raíz) <filename>/</filename> fue "
-"modificada, el parámetro de arranque del kernel en el archivo de "
-"configuración de grub también se debe modificar:"
+msgid "If the label for the <filename>/</filename> (root) file system was modified, the kernel boot parameter in the grub configuration file must also be modified:"
+msgstr "Si la etiqueta para el sistema de archivo (raíz) <filename>/</filename> fue modificada, el parámetro de arranque del kernel en el archivo de configuración de grub también se debe modificar:"
#: en_US/Installation_notes.xml:268(userinput)
#, no-wrap
@@ -5082,68 +2727,28 @@ msgid "Test changes made to labels"
msgstr "Verifique los cambios hechos a las etiquetas"
#: en_US/Installation_notes.xml:278(para)
-msgid ""
-"If partition labels were adjusted, or the <filename>/etc/fstab</filename> "
-"file modified, then boot the existing Fedora installation to confirm that "
-"all partitions still mount normally and login is successful. When complete, "
-"reboot with the installation media to start the installer and begin the "
-"upgrade."
-msgstr ""
-"Si las etiquetas de las particiones fueron modificadas, o el archivo "
-"<filename>/etc/fstab</filename> fue modificado, entonces inicie la "
-"instalación Fedora actual para confirmar que todavía todas las particiones "
-"se montan normalmente y que se puede ingresar sin problemas. Cuando se "
-"complete, reinicie con el medio de instalación para iniciar el instalador y "
-"comenzar la actualización."
+msgid "If partition labels were adjusted, or the <filename>/etc/fstab</filename> file modified, then boot the existing Fedora installation to confirm that all partitions still mount normally and login is successful. When complete, reboot with the installation media to start the installer and begin the upgrade."
+msgstr "Si las etiquetas de las particiones fueron modificadas, o el archivo <filename>/etc/fstab</filename> fue modificado, entonces inicie la instalación Fedora actual para confirmar que todavía todas las particiones se montan normalmente y que se puede ingresar sin problemas. Cuando se complete, reinicie con el medio de instalación para iniciar el instalador y comenzar la actualización."
#: en_US/Installation_notes.xml:287(title)
msgid "Upgrades versus fresh installations"
msgstr "Actualizaciones versus instalaciones frescas"
#: en_US/Installation_notes.xml:288(para)
-msgid ""
-"In general, fresh installations are recommended over upgrades. This is "
-"particularly true for systems that include software from third-party "
-"repositories. Third-party packages remaining from a previous installation "
-"may not work as expected on an upgraded Fedora system. If you decide to "
-"perform an upgrade anyway, the following information may be helpful:"
-msgstr ""
-"En general, las instalaciones frescas son preferidas a las actualizaciones, "
-"particularmente para sistemas que incluyen repositorios de software de "
-"terceros. Los paquetes de terceros que queden de una instalación previa "
-"pueden no funcionar como se espera en un sistema actualizado de Fedora. Si "
-"de todos modos decide realizar una actualización, la información siguiente "
-"le será de utilidad:"
+msgid "In general, fresh installations are recommended over upgrades. This is particularly true for systems that include software from third-party repositories. Third-party packages remaining from a previous installation may not work as expected on an upgraded Fedora system. If you decide to perform an upgrade anyway, the following information may be helpful:"
+msgstr "En general, las instalaciones frescas son preferidas a las actualizaciones, particularmente para sistemas que incluyen repositorios de software de terceros. Los paquetes de terceros que queden de una instalación previa pueden no funcionar como se espera en un sistema actualizado de Fedora. Si de todos modos decide realizar una actualización, la información siguiente le será de utilidad:"
#: en_US/Installation_notes.xml:294(para)
-msgid ""
-"Before you upgrade, back up the system completely. In particular, preserve "
-"<filename>/etc</filename>, <filename>/home</filename>, and possibly "
-"<filename>/opt</filename> and <filename>/usr/local</filename> if customized "
-"packages are installed there. You may want to use a multi-boot approach with "
-"a \"clone\" of the old installation on alternate partition(s) as a fallback. "
-"In that case, create alternate boot media, such as a GRUB boot floppy."
-msgstr ""
-"Antes de actualizar, respalde el sistema completamente. En particular, "
-"preserve <filename>/etc</filename>, <filename>/home</filename>, y "
-"posiblemente <filename>/opt</filename> y <filename>/usr/local</filename> si "
-"tiene paquetes personalizados instalados ahí. Puede desear usar una "
-"aproximación multiarranque con un \"clon\" de la instalación vieja en una "
-"partición alternativa por si falla. En ese caso, crear un medio de arranque "
-"alternativo como un disco flexible de arranque GRUB."
+msgid "Before you upgrade, back up the system completely. In particular, preserve <filename>/etc</filename>, <filename>/home</filename>, and possibly <filename>/opt</filename> and <filename>/usr/local</filename> if customized packages are installed there. You may want to use a multi-boot approach with a \"clone\" of the old installation on alternate partition(s) as a fallback. In that case, create alternate boot media, such as a GRUB boot floppy."
+msgstr "Antes de actualizar, respalde el sistema completamente. En particular, preserve <filename>/etc</filename>, <filename>/home</filename>, y posiblemente <filename>/opt</filename> y <filename>/usr/local</filename> si tiene paquetes personalizados instalados ahí. Puede desear usar una aproximación multiarranque con un \"clon\" de la instalación vieja en una partición alternativa por si falla. En ese caso, crear un medio de arranque alternativo como un disco flexible de arranque GRUB."
#: en_US/Installation_notes.xml:303(title)
msgid "Configuration backups"
msgstr "Respaldo de la Configuración"
#: en_US/Installation_notes.xml:304(para)
-msgid ""
-"Backups of configurations in <filename>/etc</filename> are also useful in "
-"reconstructing system settings after a fresh installation."
-msgstr ""
-"Los respaldos de configuraciones en <filename>/etc</filename> son también "
-"útiles en la reconstrucción de configuración del sistema luego de una "
-"instalación fresca."
+msgid "Backups of configurations in <filename>/etc</filename> are also useful in reconstructing system settings after a fresh installation."
+msgstr "Los respaldos de configuraciones en <filename>/etc</filename> son también útiles en la reconstrucción de configuración del sistema luego de una instalación fresca."
#: en_US/Installation_notes.xml:310(para)
msgid "After you complete the upgrade, run the following command:"
@@ -5155,18 +2760,8 @@ msgid "rpm -qa --last > RPMS_by_Install_Time.txt"
msgstr "rpm -qa --last > RPMS_por_fecha_de_instalacion.txt"
#: en_US/Installation_notes.xml:315(para)
-msgid ""
-"Inspect the end of the output for packages that pre-date the upgrade. Remove "
-"or upgrade those packages from third-party repositories, or otherwise deal "
-"with them as necessary. Some previously installed packages may no longer be "
-"available in any configured repository. To list all these packages, use the "
-"following command:"
-msgstr ""
-"Inspeccione el final de la salida de los paquetes previos a la "
-"actualización. Elimine o actualice esos paquetes desde repositorios de "
-"terceros, o sino manéjelos como sea necesario. Algunos paquetes previamente "
-"instalados pueden no estar más disponibles en cualquier repositirio "
-"configurado. Para listar todos los paquetes use el siguiente comando:"
+msgid "Inspect the end of the output for packages that pre-date the upgrade. Remove or upgrade those packages from third-party repositories, or otherwise deal with them as necessary. Some previously installed packages may no longer be available in any configured repository. To list all these packages, use the following command:"
+msgstr "Inspeccione el final de la salida de los paquetes previos a la actualización. Elimine o actualice esos paquetes desde repositorios de terceros, o sino manéjelos como sea necesario. Algunos paquetes previamente instalados pueden no estar más disponibles en cualquier repositirio configurado. Para listar todos los paquetes use el siguiente comando:"
#: en_US/Installation_notes.xml:322(userinput)
#, no-wrap
@@ -5178,45 +2773,20 @@ msgid "Kickstart HTTP issue"
msgstr "Problema HTTP en kickstart"
#: en_US/Installation_notes.xml:328(para)
-msgid ""
-"When using a Kickstart configuration file via HTTP, kickstart file retrieval "
-"may fail with an error that indicates the file could not be retrieved. Click "
-"the <guibutton>OK</guibutton> button several times without making "
-"modifications to override this error successfully. As a workaround, use one "
-"of the other supported methods to retrieve Kickstart configurations."
-msgstr ""
-"Cuando se usa un archivo de configuración Kickstart vía HTTP, la obtención "
-"del archivo kickstart puede fallar con un error indicando que el archivo no "
-"pudo ser extraído. Haga clic en el botón <guibutton>Aceptar</guibutton> "
-"varias veces sin hacer modificaciones para omitir este error exitosamente. "
-"Como alternativa, use uno de los otros métodos soportados para extraer "
-"configuraciones Kickstart."
+msgid "When using a Kickstart configuration file via HTTP, kickstart file retrieval may fail with an error that indicates the file could not be retrieved. Click the <guibutton>OK</guibutton> button several times without making modifications to override this error successfully. As a workaround, use one of the other supported methods to retrieve Kickstart configurations."
+msgstr "Cuando se usa un archivo de configuración Kickstart vía HTTP, la obtención del archivo kickstart puede fallar con un error indicando que el archivo no pudo ser extraído. Haga clic en el botón <guibutton>Aceptar</guibutton> varias veces sin hacer modificaciones para omitir este error exitosamente. Como alternativa, use uno de los otros métodos soportados para extraer configuraciones Kickstart."
#: en_US/Installation_notes.xml:336(title)
msgid "Firstboot requires creation of non-root user"
msgstr "Firstboot requiere la creación de un usuario distinto a root"
#: en_US/Installation_notes.xml:337(para)
-msgid ""
-"The <application>Firstboot</application> application requires the creation "
-"of a non-root user for the system. This is to support <systemitem class="
-"\"daemon\">gdm</systemitem> no longer allowing the root user to log in to "
-"the graphical desktop."
-msgstr ""
-"La aplicación <application>Firstboot</application> requiere la creación de "
-"un usuario de sistema distinto a root. Esto es para dar soporte a que "
-"<systemitem class=\"daemon\">gdm</systemitem> ya n o permite que un usuario "
-"root ingrese a un escritorio gráfico."
+msgid "The <application>Firstboot</application> application requires the creation of a non-root user for the system. This is to support <systemitem class=\"daemon\">gdm</systemitem> no longer allowing the root user to log in to the graphical desktop."
+msgstr "La aplicación <application>Firstboot</application> requiere la creación de un usuario de sistema distinto a root. Esto es para dar soporte a que <systemitem class=\"daemon\">gdm</systemitem> ya n o permite que un usuario root ingrese a un escritorio gráfico."
#: en_US/Installation_notes.xml:341(para)
-msgid ""
-"If a network authentication mechanism is chosen during installation, "
-"<application>Firstboot</application> does not require creating a non-root "
-"local user."
-msgstr ""
-"Si un mecanismo de autenticación de red se elige durante la instalación, "
-"<application>Firstboot</application> no pedirá la creación de un usuario "
-"local distinto a root."
+msgid "If a network authentication mechanism is chosen during installation, <application>Firstboot</application> does not require creating a non-root local user."
+msgstr "Si un mecanismo de autenticación de red se elige durante la instalación, <application>Firstboot</application> no pedirá la creación de un usuario local distinto a root."
#: en_US/How_are_Things_for_Developers.xml:6(title)
msgid "What is New for Developers"
@@ -5227,28 +2797,12 @@ msgid "Hardware overview"
msgstr "Vista global del Hardware"
#: en_US/Hardware_overview.xml:6(para)
-msgid ""
-"Users often request that Fedora provide a <firstterm>hardware compatibility "
-"list</firstterm> (<abbrev>HCL</abbrev>), which we have carefully avoided "
-"doing. Why? It is a difficult and thankless task that is best handled by the "
-"community at large than by one little Linux distribution."
-msgstr ""
-"Los usuarios a menudo piden que Fedora provea una <firstterm>lista de "
-"compatibilidad de hardware</firstterm> (<abbrev>HCL</abbrev>), lo que se ha "
-"evitado hacer. ¿Por qué? Es una tarea difícil y poco gratificante que es "
-"manejada mejor por la comunidad en general en vez de una pequeña "
-"distribución de Linux."
+msgid "Users often request that Fedora provide a <firstterm>hardware compatibility list</firstterm> (<abbrev>HCL</abbrev>), which we have carefully avoided doing. Why? It is a difficult and thankless task that is best handled by the community at large than by one little Linux distribution."
+msgstr "Los usuarios a menudo piden que Fedora provea una <firstterm>lista de compatibilidad de hardware</firstterm> (<abbrev>HCL</abbrev>), lo que se ha evitado hacer. ¿Por qué? Es una tarea difícil y poco gratificante que es manejada mejor por la comunidad en general en vez de una pequeña distribución de Linux."
#: en_US/Hardware_overview.xml:11(para)
-msgid ""
-"However, because of our stance against closed-source hardware drivers and "
-"the problems of binary firmware for hardware, there is some additional "
-"information the Fedora Project wants to provide Fedora users."
-msgstr ""
-"Sin embargo, debido a nuestra postura en contra de los controladores de "
-"hardware de código cerrado y los problemas de los firmware binarios para el "
-"hardware, hay alguna información adicional que el Proyecto Fedora desea dar "
-"a los usuarios de Fedora."
+msgid "However, because of our stance against closed-source hardware drivers and the problems of binary firmware for hardware, there is some additional information the Fedora Project wants to provide Fedora users."
+msgstr "Sin embargo, debido a nuestra postura en contra de los controladores de hardware de código cerrado y los problemas de los firmware binarios para el hardware, hay alguna información adicional que el Proyecto Fedora desea dar a los usuarios de Fedora."
#: en_US/Hardware_overview.xml:16(title)
msgid "Useful hardware information in these release notes"
@@ -5263,12 +2817,8 @@ msgid "For 64-bit x86 - <xref linkend=\"x86_64_specifics_for_Fedora\"/>"
msgstr "Para x86 de 64-bit - <xref linkend=\"x86_64_specifics_for_Fedora\"/>"
#: en_US/Hardware_overview.xml:27(para)
-msgid ""
-"For PowerPC (<abbrev>PPC</abbrev>)- <xref linkend=\"sn-"
-"PPC_specifics_for_Fedora\"/>"
-msgstr ""
-"Para PowerPC (<abbrev>PPC</abbrev>)- <xref linkend=\"sn-"
-"PPC_specifics_for_Fedora\"/>"
+msgid "For PowerPC (<abbrev>PPC</abbrev>)- <xref linkend=\"sn-PPC_specifics_for_Fedora\"/>"
+msgstr "Para PowerPC (<abbrev>PPC</abbrev>)- <xref linkend=\"sn-PPC_specifics_for_Fedora\"/>"
#: en_US/Hardware_overview.xml:33(title)
msgid "Hardware stance"
@@ -5287,73 +2837,36 @@ msgid "If it is legally encumbered, it cannot be included in Fedora."
msgstr "Si está cubierto legalmente, no se puede incluir en Fedora."
#: en_US/Hardware_overview.xml:44(para)
-msgid ""
-"If it violates United States federal law, it cannot be included in Fedora."
-msgstr ""
-"Si viola una ley federal de los Estados Unidos, no se puede incluir en "
-"Fedora."
+msgid "If it violates United States federal law, it cannot be included in Fedora."
+msgstr "Si viola una ley federal de los Estados Unidos, no se puede incluir en Fedora."
#: en_US/Hardware_overview.xml:49(title)
msgid "What can you do?"
msgstr "¿Qué puede hacer?"
#: en_US/Hardware_overview.xml:52(para)
-msgid ""
-"Get active. Tell your hardware vendors you only want free, open source "
-"drivers and firmware"
-msgstr ""
-"Tome parte activa. Dígale a sus vendedores de equipos que sólo quiere "
-"controladores y firmware de código abierto y libres"
+msgid "Get active. Tell your hardware vendors you only want free, open source drivers and firmware"
+msgstr "Tome parte activa. Dígale a sus vendedores de equipos que sólo quiere controladores y firmware de código abierto y libres"
#: en_US/Hardware_overview.xml:56(para)
-msgid ""
-"Use your buying power and only purchase from hardware vendors that support "
-"their hardware with open drivers and firmware. Refer to <ulink url=\"http://"
-"www.fsf.org/campaigns/hardware.html\"/> for more information."
-msgstr ""
-"Use su poder de compra y solamente compre a los vendedores de hardware que "
-"dan soporte a su hardware a través de firmware y de controladores abiertos. "
-"Vaya a <ulink url=\"http://www.fsf.org/campaigns/hardware.html\"/> para más "
-"información."
+msgid "Use your buying power and only purchase from hardware vendors that support their hardware with open drivers and firmware. Refer to <ulink url=\"http://www.fsf.org/campaigns/hardware.html\"/> for more information."
+msgstr "Use su poder de compra y solamente compre a los vendedores de hardware que dan soporte a su hardware a través de firmware y de controladores abiertos. Vaya a <ulink url=\"http://www.fsf.org/campaigns/hardware.html\"/> para más información."
#: en_US/Games_and_entertainment.xml:6(title)
msgid "Games and entertainment"
msgstr "Juegos y entretenimiento"
#: en_US/Games_and_entertainment.xml:7(para)
-msgid ""
-"Fedora provides a selection of games that cover a variety of genres. Users "
-"can install a small package of games for GNOME (<package>gnome-games</"
-"package>) and KDE (<package>kdegames</package>). There are also many "
-"additional games that span every major genre available in the repositories."
-msgstr ""
-"Fedora provee una selección de juegos que cubren una variedad de géneros. "
-"Los usuarios pueden instalar un pequeño paquetes de juegos para GNOME "
-"(llamado <package>gnome-games</package>) y KDE (<package>kdegames</"
-"package>). Hay también muchos juegos adicionales que cubren la mayoría de "
-"los géneros disponibles en los repositorios."
+msgid "Fedora provides a selection of games that cover a variety of genres. Users can install a small package of games for GNOME (<package>gnome-games</package>) and KDE (<package>kdegames</package>). There are also many additional games that span every major genre available in the repositories."
+msgstr "Fedora provee una selección de juegos que cubren una variedad de géneros. Los usuarios pueden instalar un pequeño paquetes de juegos para GNOME (llamado <package>gnome-games</package>) y KDE (<package>kdegames</package>). Hay también muchos juegos adicionales que cubren la mayoría de los géneros disponibles en los repositorios."
#: en_US/Games_and_entertainment.xml:12(para)
-msgid ""
-"The Fedora Project website features a section dedicated to games that "
-"details many of the available games, including overviews and installation "
-"instructions. For more information, refer to:"
-msgstr ""
-"El sitio web del Proyecto Fedora tiene una sección dedicada a juegos que "
-"detalla muchos de los juegos disponibles, incluyendo presentaciones e "
-"instrucciones de instalación. Para más información vaya a <ulink url="
-"\"http://fedoraproject.org/wiki/Games\">http://fedoraproject.org/wiki/Games</"
-"ulink>."
+msgid "The Fedora Project website features a section dedicated to games that details many of the available games, including overviews and installation instructions. For more information, refer to:"
+msgstr "El sitio web del Proyecto Fedora tiene una sección dedicada a juegos que detalla muchos de los juegos disponibles, incluyendo presentaciones e instrucciones de instalación. Para más información vaya a <ulink url=\"http://fedoraproject.org/wiki/Games\">http://fedoraproject.org/wiki/Games</ulink>."
#: en_US/Games_and_entertainment.xml:18(para)
-msgid ""
-"For a list of other games that are available for installation, select "
-"<menuchoice><guimenu>Applications</guimenu><guimenuitem>Add/Remove Software</"
-"guimenuitem></menuchoice>, or via the command line:"
-msgstr ""
-"Para una lista de otros juegos disponibles para instalar, seleccione "
-"<menuchoice><guimenu>Aplicaciones</guimenu><guimenuitem>Añadir/Quitar "
-"Software</guimenuitem></menuchoice> o por la línea de comando:"
+msgid "For a list of other games that are available for installation, select <menuchoice><guimenu>Applications</guimenu><guimenuitem>Add/Remove Software</guimenuitem></menuchoice>, or via the command line:"
+msgstr "Para una lista de otros juegos disponibles para instalar, seleccione <menuchoice><guimenu>Aplicaciones</guimenu><guimenuitem>Añadir/Quitar Software</guimenuitem></menuchoice> o por la línea de comando:"
#: en_US/Games_and_entertainment.xml:22(userinput)
#, no-wrap
@@ -5361,12 +2874,8 @@ msgid "yum groupinfo \"Games and Entertainment\""
msgstr "yum groupinfo \"Games and Entertainment\""
#: en_US/Games_and_entertainment.xml:24(para)
-msgid ""
-"For help using <command>yum</command> to install the assorted game packages, "
-"refer to the guide available at:"
-msgstr ""
-"Para ayuda acerca del uso de <command>yum</command> para instalar los "
-"paquetes de juegos vaya a la guía disponible en:"
+msgid "For help using <command>yum</command> to install the assorted game packages, refer to the guide available at:"
+msgstr "Para ayuda acerca del uso de <command>yum</command> para instalar los paquetes de juegos vaya a la guía disponible en:"
#: en_US/File_systems.xml:6(title)
msgid "File systems"
@@ -5377,185 +2886,88 @@ msgid "eCryptfs"
msgstr "eCryptfs"
#: en_US/File_systems.xml:9(para)
-msgid ""
-"Fedora 10 builds on the encrypted file system support that debuted in Fedora "
-"9, and fixes a number of problems that could have resulted in data "
-"corruption."
-msgstr ""
-"Fedora 10 se construyó con el soporte para el sistema de archivos encriptado "
-"que debutó en Fedora 9, y corrige un número de problemas que pudieran haber "
-"resultado en la corrupción de datos."
+msgid "Fedora 10 builds on the encrypted file system support that debuted in Fedora 9, and fixes a number of problems that could have resulted in data corruption."
+msgstr "Fedora 10 se construyó con el soporte para el sistema de archivos encriptado que debutó en Fedora 9, y corrige un número de problemas que pudieran haber resultado en la corrupción de datos."
#: en_US/File_systems.xml:16(title)
msgid "EXT4"
msgstr "EXT4"
#: en_US/File_systems.xml:17(para)
-msgid ""
-"Fedora 9 featured a preview of ext4 support. Fedora 10 brings a fully ext4-"
-"compatible <package>e2fsprogs</package>. In addition, the "
-"<application>Anaconda</application> partition screen has an ext4 file system "
-"option available if you start the installer with the <option>ext4</option> "
-"option at the boot prompt. Fedora 10 also includes delayed allocation for "
-"ext4. However, ext4 in Fedora 10 does not currently support file systems "
-"larger than 16 TiB."
-msgstr ""
-"Fedora 9 tenía una versión preliminar de soporte de ext4. Fedora 10 trae un "
-"<package>e2fsprogs</package> compatible con ext4. Además, la pantalla de "
-"partición de <application>Anaconda</application> tiene una opción de sistema "
-"de archivo ext4 disponible si inicia el instalador con la opción "
-"<option>ext4</option> en el indicador de arranque. Fedora 10 también incluye "
-"la asignación retrasada para ext4. Sin embargo, ext4 en Fedora 10 "
-"actualmente no dan soporte a sistemas de archivo mayores de 16 TiB."
+msgid "Fedora 9 featured a preview of ext4 support. Fedora 10 brings a fully ext4-compatible <package>e2fsprogs</package>. In addition, the <application>Anaconda</application> partition screen has an ext4 file system option available if you start the installer with the <option>ext4</option> option at the boot prompt. Fedora 10 also includes delayed allocation for ext4. However, ext4 in Fedora 10 does not currently support file systems larger than 16 TiB."
+msgstr "Fedora 9 tenía una versión preliminar de soporte de ext4. Fedora 10 trae un <package>e2fsprogs</package> compatible con ext4. Además, la pantalla de partición de <application>Anaconda</application> tiene una opción de sistema de archivo ext4 disponible si inicia el instalador con la opción <option>ext4</option> en el indicador de arranque. Fedora 10 también incluye la asignación retrasada para ext4. Sin embargo, ext4 en Fedora 10 actualmente no dan soporte a sistemas de archivo mayores de 16 TiB."
#: en_US/File_systems.xml:27(title)
msgid "XFS"
msgstr "XFS"
#: en_US/File_systems.xml:28(para)
-msgid ""
-"XFS is now a supported file system and an option within the partitioning "
-"screen of <application>Anaconda</application>."
-msgstr ""
-"XFS es ahora un sistema de archivo soportado y es una opción más en la "
-"pantalla de particionado de <application>Anaconda</application>."
+msgid "XFS is now a supported file system and an option within the partitioning screen of <application>Anaconda</application>."
+msgstr "XFS es ahora un sistema de archivo soportado y es una opción más en la pantalla de particionado de <application>Anaconda</application>."
#: en_US/File_servers.xml:6(title)
msgid "File servers"
msgstr "Servidores de Archivo"
#: en_US/File_servers.xml:7(para)
-msgid ""
-"This section refers to file transfer and sharing servers. Refer to <ulink "
-"url=\"http://fedoraproject.org/wiki/Docs/Beats/WebServers\"/> and <ulink url="
-"\"http://fedoraproject.org/wiki/Docs/Beats/Samba\"/> for information on HTTP "
-"(Web) file transfer and Samba (Microsoft Windows) file sharing services."
-msgstr ""
-"Esta sección se refiere a los servidores de transferencia de archivo y de "
-"compartición. Vaya a <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/"
-"WebServers\"/> y a <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/"
-"Samba\"/> para información de transferencia de archivo sobre servicios HTTP "
-"(Web) y Samba (Microsoft Windows)."
+msgid "This section refers to file transfer and sharing servers. Refer to <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/WebServers\"/> and <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/Samba\"/> for information on HTTP (Web) file transfer and Samba (Microsoft Windows) file sharing services."
+msgstr "Esta sección se refiere a los servidores de transferencia de archivo y de compartición. Vaya a <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/WebServers\"/> y a <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/Samba\"/> para información de transferencia de archivo sobre servicios HTTP (Web) y Samba (Microsoft Windows)."
#: en_US/File_servers.xml:14(title)
msgid "Maybe you know what should be on this page?"
msgstr "¿Tal vez sepa lo que debe ir en esta página?"
#: en_US/File_servers.xml:15(para)
-msgid ""
-"The Fedora release notes are a collective effort of dozens of people. You "
-"can contribute by editing the wiki page that corresponds to this part of the "
-"release notes."
-msgstr ""
-"Las notas del lanzamiento de Fedora son un esfuerzo colectivo de mucha "
-"gente. Puede contribuir editando la página wiki que corresponde a esta parte "
-"de las notas del lanzamiento."
+msgid "The Fedora release notes are a collective effort of dozens of people. You can contribute by editing the wiki page that corresponds to this part of the release notes."
+msgstr "Las notas del lanzamiento de Fedora son un esfuerzo colectivo de mucha gente. Puede contribuir editando la página wiki que corresponde a esta parte de las notas del lanzamiento."
#: en_US/File_servers.xml:19(para)
-msgid ""
-"This section has not been updated for Fedora 10 by the beat writer (<ulink "
-"url=\"http://fedoraproject.org/wiki/Docs/Beats#Beat_Assignments\"/>.) If you "
-"have some ideas or knowledge of what should be in this part of the release "
-"notes, you are encouraged to edit the wiki directly. Read <ulink url="
-"\"https://fedoraproject.org/wiki/Docs/Beats/HowTo/\"/> for more information, "
-"then get an account and start writing."
-msgstr ""
-"Esta sección no ha sido actualizada por su responsable para Fedora 10 "
-"(<ulink url=\"http://fedoraproject.org/wiki/Docs/Beats#Beat_Assignments\"/"
-">.) Si tiene alguna idea o conocimiento sobre lo que debe ir en esta parte "
-"de las notas del lanzamiento, se lo desafía a editar la wiki directamente. "
-"Lea <ulink url=\"https://fedoraproject.org/wiki/Docs/Beats/HowTo/\"/> para "
-"más información, luego obtenga una cuenta y comience a escribir."
+msgid "This section has not been updated for Fedora 10 by the beat writer (<ulink url=\"http://fedoraproject.org/wiki/Docs/Beats#Beat_Assignments\"/>.) If you have some ideas or knowledge of what should be in this part of the release notes, you are encouraged to edit the wiki directly. Read <ulink url=\"https://fedoraproject.org/wiki/Docs/Beats/HowTo/\"/> for more information, then get an account and start writing."
+msgstr "Esta sección no ha sido actualizada por su responsable para Fedora 10 (<ulink url=\"http://fedoraproject.org/wiki/Docs/Beats#Beat_Assignments\"/>.) Si tiene alguna idea o conocimiento sobre lo que debe ir en esta parte de las notas del lanzamiento, se lo desafía a editar la wiki directamente. Lea <ulink url=\"https://fedoraproject.org/wiki/Docs/Beats/HowTo/\"/> para más información, luego obtenga una cuenta y comience a escribir."
#: en_US/Feedback.xml:5(title)
msgid "Feedback"
msgstr "Retroalimentación"
#: en_US/Feedback.xml:6(para)
-msgid ""
-"Thank you for taking the time to provide your comments, suggestions, and bug "
-"reports to the Fedora community; this helps improve the state of Fedora, "
-"Linux, and free software worldwide."
-msgstr ""
-"Gracias por tomarse el tiempo para darnos sus comentarios, sugerencias, e "
-"informes de errores a la comunidad Fedora. Haciendo eso, ayuda a mejorar el "
-"estado de Fedora, Linux y del software libre en todo el mundo."
+msgid "Thank you for taking the time to provide your comments, suggestions, and bug reports to the Fedora community; this helps improve the state of Fedora, Linux, and free software worldwide."
+msgstr "Gracias por tomarse el tiempo para darnos sus comentarios, sugerencias, e informes de errores a la comunidad Fedora. Haciendo eso, ayuda a mejorar el estado de Fedora, Linux y del software libre en todo el mundo."
#: en_US/Feedback.xml:11(title)
msgid "Providing Feedback on Fedora Software"
msgstr "Dando Retroalimentación sobre el Software de Fedora"
#: en_US/Feedback.xml:12(para)
-msgid ""
-"To provide feedback on Fedora software or other system elements, please "
-"refer to <ulink url=\"http://fedoraproject.org/wiki/BugsAndFeatureRequests\"/"
-">. A list of commonly reported bugs and known issues for this release is "
-"available from <ulink url=\"http://fedoraproject.org/wiki/Bugs/F10Common\"/>."
-msgstr ""
-"Para proveer retroalimentación sobre el software de Fedora u otros elementos "
-"del sistema, por favor vaya a <ulink url=\"http://fedoraproject.org/wiki/"
-"BugsAndFeatureRequests\"/>. Una lista de errores comúnmente reportados y "
-"cuestiones conocidas acerca de este lanzamiento están disponibles en <ulink "
-"url=\"http://fedoraproject.org/wiki/Bugs/F10Common\"/>."
+msgid "To provide feedback on Fedora software or other system elements, please refer to <ulink url=\"http://fedoraproject.org/wiki/BugsAndFeatureRequests\"/>. A list of commonly reported bugs and known issues for this release is available from <ulink url=\"http://fedoraproject.org/wiki/Bugs/F10Common\"/>."
+msgstr "Para proveer retroalimentación sobre el software de Fedora u otros elementos del sistema, por favor vaya a <ulink url=\"http://fedoraproject.org/wiki/BugsAndFeatureRequests\"/>. Una lista de errores comúnmente reportados y cuestiones conocidas acerca de este lanzamiento están disponibles en <ulink url=\"http://fedoraproject.org/wiki/Bugs/F10Common\"/>."
#: en_US/Feedback.xml:21(title)
msgid "Common bugs"
msgstr "Errores comunes"
#: en_US/Feedback.xml:22(para)
-msgid ""
-"No software is without bugs. One of the features of free and open source "
-"software is the ability to report bugs, helping to fix or improve the "
-"software you use."
-msgstr ""
-"Ningún software esta libre de errores. Una de las características del "
-"software libre y de código abierto es la posibilidad de informar errores, lo "
-"que ayuda a corregirlos o mejorar el software que usa."
+msgid "No software is without bugs. One of the features of free and open source software is the ability to report bugs, helping to fix or improve the software you use."
+msgstr "Ningún software esta libre de errores. Una de las características del software libre y de código abierto es la posibilidad de informar errores, lo que ayuda a corregirlos o mejorar el software que usa."
#: en_US/Feedback.xml:25(para)
-msgid ""
-"A list of common bugs is maintained for each release by the Fedora Project "
-"as a good place to start when you are having a problem that might be a bug "
-"in the software:"
-msgstr ""
-"Una lista de errores comunes se mantiene para cada lanzamiento del Proyecto "
-"Fedora como un buen lugar donde comenzar cuando está teniendo problema que "
-"puede ser algún error en el software:"
+msgid "A list of common bugs is maintained for each release by the Fedora Project as a good place to start when you are having a problem that might be a bug in the software:"
+msgstr "Una lista de errores comunes se mantiene para cada lanzamiento del Proyecto Fedora como un buen lugar donde comenzar cuando está teniendo problema que puede ser algún error en el software:"
#: en_US/Feedback.xml:32(title)
msgid "Providing Feedback on Release Notes"
msgstr "Dando Retroalimentación para las Notas de la Versión"
#: en_US/Feedback.xml:33(para)
-msgid ""
-"If you feel these release notes could be improved in any way, you can "
-"provide your feedback directly to the beat writers. There are several ways "
-"to provide feedback, in order of preference:"
-msgstr ""
-"Agradecemos su interés en darnos retroalimentación en estas notas de la "
-"versión. Si siente que estas notas pueden ser mejoradas de alguna manera, "
-"puede proveer su retroalimentación a los escritores de compaces. Aquí hay "
-"varias maneras de hacerlo, en orden de preferencia:"
+msgid "If you feel these release notes could be improved in any way, you can provide your feedback directly to the beat writers. There are several ways to provide feedback, in order of preference:"
+msgstr "Agradecemos su interés en darnos retroalimentación en estas notas de la versión. Si siente que estas notas pueden ser mejoradas de alguna manera, puede proveer su retroalimentación a los escritores de compaces. Aquí hay varias maneras de hacerlo, en orden de preferencia:"
#: en_US/Feedback.xml:39(para)
-msgid ""
-"If you have a Fedora account, edit content directly at <ulink url=\"http://"
-"fedoraproject.org/wiki/Docs/Beats\"/>."
-msgstr ""
-"Si tiene una cuenta de Fedora, edite el contenido directamente en <ulink url="
-"\"http://fedoraproject.org/wiki/Docs/Beats\"/>."
+msgid "If you have a Fedora account, edit content directly at <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats\"/>."
+msgstr "Si tiene una cuenta de Fedora, edite el contenido directamente en <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats\"/>."
#: en_US/Feedback.xml:43(para)
-msgid ""
-"Fill out a bug request using this template: <ulink url=\"http://tinyurl.com/"
-"nej3u\"/> - <emphasis>This link is ONLY for feedback on the release notes "
-"themselves.</emphasis> Refer to <xref linkend=\"sn-"
-"Providing_feedback_on_Fedora_software\"/> for details."
-msgstr ""
-"Completar un informe de error usando este template:<ulink url=\"http://"
-"tinyurl.com/nej3u\"/>. <emphasis>Este enlace es SOLO para retroalimentación "
-"acerca de las notas del lanzamiento únicamente.</emphasis> Ver <xref linkend="
-"\"sn-Providing_feedback_on_Fedora_software\"/> para más detalles."
+msgid "Fill out a bug request using this template: <ulink url=\"http://tinyurl.com/nej3u\"/> - <emphasis>This link is ONLY for feedback on the release notes themselves.</emphasis> Refer to <xref linkend=\"sn-Providing_feedback_on_Fedora_software\"/> for details."
+msgstr "Completar un informe de error usando este template:<ulink url=\"http://tinyurl.com/nej3u\"/>. <emphasis>Este enlace es SOLO para retroalimentación acerca de las notas del lanzamiento únicamente.</emphasis> Ver <xref linkend=\"sn-Providing_feedback_on_Fedora_software\"/> para más detalles."
#: en_US/Feedback.xml:50(para)
msgid "Email <ulink url=\"mailto:relnotes@fedoraproject.org\"/>."
@@ -5566,203 +2978,84 @@ msgid "Fedora Project"
msgstr "Proyecto Fedora"
#: en_US/Fedora_Project.xml:6(para)
-msgid ""
-"The goal of the Fedora Project is to work with the Linux community to build "
-"a complete, general-purpose operating system exclusively from free and open "
-"source software. The Fedora Project is driven by the individuals that "
-"contribute to it. As a tester, developer, documenter, or translator, you can "
-"make a difference. Refer to <ulink url=\"http://join.fedoraproject.org\"/> "
-"for details. For information on the channels of communication for Fedora "
-"users and contributors, refer to <ulink url=\"http://fedoraproject.org/wiki/"
-"Communicate\"/>."
-msgstr ""
-"El objetivo del Proyecto Fedora es trabajar con la comunidad de Linux para "
-"construir un sistema operativo de propósito general, completo y con software "
-"libre y de código abierto exclusivamente. El Proyecto Fedora es manejado por "
-"individuos que contribuyen a él. Como un testeador, desarrollador, "
-"documentador o traductor, Ud. puede hacer la diferencia. Vea en <ulink url="
-"\"http://join.fedoraproject.org\"/> para más detalles. Para más información "
-"acerca de los canales de comunicación para los usuarios de Fedora y los "
-"contribuyentes, vaya a <ulink url=\"http://fedoraproject.org/wiki/Communicate"
-"\"/>."
+msgid "The goal of the Fedora Project is to work with the Linux community to build a complete, general-purpose operating system exclusively from free and open source software. The Fedora Project is driven by the individuals that contribute to it. As a tester, developer, documenter, or translator, you can make a difference. Refer to <ulink url=\"http://join.fedoraproject.org\"/> for details. For information on the channels of communication for Fedora users and contributors, refer to <ulink url=\"http://fedoraproject.org/wiki/Communicate\"/>."
+msgstr "El objetivo del Proyecto Fedora es trabajar con la comunidad de Linux para construir un sistema operativo de propósito general, completo y con software libre y de código abierto exclusivamente. El Proyecto Fedora es manejado por individuos que contribuyen a él. Como un testeador, desarrollador, documentador o traductor, Ud. puede hacer la diferencia. Vea en <ulink url=\"http://join.fedoraproject.org\"/> para más detalles. Para más información acerca de los canales de comunicación para los usuarios de Fedora y los contribuyentes, vaya a <ulink url=\"http://fedoraproject.org/wiki/Communicate\"/>."
#: en_US/Fedora_Project.xml:16(para)
msgid "In addition to the website, the following mailing lists are available:"
-msgstr ""
-"Además del sitio web, están disponibles las siguientes listas de correo:"
+msgstr "Además del sitio web, están disponibles las siguientes listas de correo:"
#: en_US/Fedora_Project.xml:20(para)
-msgid ""
-"<ulink url=\"mailto:fedora-list@redhat.com\"/>, for users of Fedora releases"
-msgstr ""
-"<ulink url=\"mailto:fedora-list@redhat.com\"/>, para usuarios de las "
-"versiones finales de Fedora"
+msgid "<ulink url=\"mailto:fedora-list@redhat.com\"/>, for users of Fedora releases"
+msgstr "<ulink url=\"mailto:fedora-list@redhat.com\"/>, para usuarios de las versiones finales de Fedora"
#: en_US/Fedora_Project.xml:23(para)
-msgid ""
-"<ulink url=\"mailto:fedora-test-list@redhat.com\"/>, for testers of Fedora "
-"test releases"
-msgstr ""
-"<ulink url=\"mailto:fedora-test-list@redhat.com\"/>, para testeadores de "
-"versiones de prueba de Fedora"
+msgid "<ulink url=\"mailto:fedora-test-list@redhat.com\"/>, for testers of Fedora test releases"
+msgstr "<ulink url=\"mailto:fedora-test-list@redhat.com\"/>, para testeadores de versiones de prueba de Fedora"
#: en_US/Fedora_Project.xml:26(para)
-msgid ""
-"<ulink url=\"mailto:fedora-devel-list@redhat.com\"/>, for developers, "
-"developers, developers"
-msgstr ""
-"<ulink url=\"mailto:fedora-devel-list@redhat.com\"/>, para desarrolladores, "
-"desarrolladores, desarrolladores!"
+msgid "<ulink url=\"mailto:fedora-devel-list@redhat.com\"/>, for developers, developers, developers"
+msgstr "<ulink url=\"mailto:fedora-devel-list@redhat.com\"/>, para desarrolladores, desarrolladores, desarrolladores!"
#: en_US/Fedora_Project.xml:29(para)
-msgid ""
-"<ulink url=\"mailto:fedora-docs-list@redhat.com\"/>, for participants of the "
-"Documentation Project"
-msgstr ""
-"<ulink url=\"mailto:fedora-docs-list@redhat.com\"/>, para participantes del "
-"Proyecto de Documentación"
+msgid "<ulink url=\"mailto:fedora-docs-list@redhat.com\"/>, for participants of the Documentation Project"
+msgstr "<ulink url=\"mailto:fedora-docs-list@redhat.com\"/>, para participantes del Proyecto de Documentación"
#: en_US/Fedora_Project.xml:33(para)
-msgid ""
-"To subscribe to any of these lists, send an email with the word \"subscribe"
-"\" in the subject to <replaceable><listname>-request</replaceable>, "
-"where <replaceable><listname></replaceable> is one of the above list "
-"names. Alternately, you can subscribe to Fedora mailing lists through the "
-"Web interface at <ulink url=\"http://www.redhat.com/mailman/listinfo/\"/>."
-msgstr ""
-"Para suscribir a cualquiera de estas listas, envíe un email con la palabra "
-"\"subscribe\" en asunto para <replaceable><listname>-request</"
-"replaceable>, donde <replaceable><listname>-request</replaceable> es "
-"uno de los nombres de listas de más arriba. Como alternativa, puede "
-"suscribir a las listas de correo de Fedora a través de la interfase Web en "
-"<ulink url=\"http://www.redhat.com/mailman/listinfo/\"/>."
+msgid "To subscribe to any of these lists, send an email with the word \"subscribe\" in the subject to <replaceable><listname>-request</replaceable>, where <replaceable><listname></replaceable> is one of the above list names. Alternately, you can subscribe to Fedora mailing lists through the Web interface at <ulink url=\"http://www.redhat.com/mailman/listinfo/\"/>."
+msgstr "Para suscribir a cualquiera de estas listas, envíe un email con la palabra \"subscribe\" en asunto para <replaceable><listname>-request</replaceable>, donde <replaceable><listname>-request</replaceable> es uno de los nombres de listas de más arriba. Como alternativa, puede suscribir a las listas de correo de Fedora a través de la interfase Web en <ulink url=\"http://www.redhat.com/mailman/listinfo/\"/>."
#: en_US/Fedora_Project.xml:41(para)
-msgid ""
-"The Fedora Project also uses several IRC (Internet Relay Chat) channels. IRC "
-"is a real-time, text-based form of communication, similar to Instant "
-"Messaging. With it, you may have conversations with multiple people in an "
-"open channel, or chat with someone privately one-on-one. To talk with other "
-"Fedora Project participants via IRC, access the Freenode IRC network. Refer "
-"to the Freenode website at <ulink url=\"http://www.freenode.net/\"/> for "
-"more information."
-msgstr ""
-"El Proyecto Fedora también usa varios canales IRC (para chat). IRC es una "
-"forma basada en texto de comunicación en tiempo real, similar al mensaje "
-"instantáneo. Con él, puede tener conversaciones con muchas personas en un "
-"canal abierto, o bien charlar con alguien en forma privada uno-a-uno. Para "
-"conversar con otros participantes del Proyecto Fedora via IRC, acceda a la "
-"red de Freenode IRC. Vaya al sitio web de Freenode en <ulink url=\"http://"
-"www.freenode.net/\"/> para más información."
+msgid "The Fedora Project also uses several IRC (Internet Relay Chat) channels. IRC is a real-time, text-based form of communication, similar to Instant Messaging. With it, you may have conversations with multiple people in an open channel, or chat with someone privately one-on-one. To talk with other Fedora Project participants via IRC, access the Freenode IRC network. Refer to the Freenode website at <ulink url=\"http://www.freenode.net/\"/> for more information."
+msgstr "El Proyecto Fedora también usa varios canales IRC (para chat). IRC es una forma basada en texto de comunicación en tiempo real, similar al mensaje instantáneo. Con él, puede tener conversaciones con muchas personas en un canal abierto, o bien charlar con alguien en forma privada uno-a-uno. Para conversar con otros participantes del Proyecto Fedora via IRC, acceda a la red de Freenode IRC. Vaya al sitio web de Freenode en <ulink url=\"http://www.freenode.net/\"/> para más información."
#: en_US/Fedora_Project.xml:48(para)
-msgid ""
-"Fedora Project participants frequent the <computeroutput>#fedora</"
-"computeroutput> channel on the Freenode network, while Fedora Project "
-"developers may often be found on the <computeroutput>#fedora-devel</"
-"computeroutput> channel. Some of the larger projects may have their own "
-"channels as well. This information may be found on the webpage for the "
-"project, and at <ulink url=\"http://fedoraproject.org/w/index.php?"
-"title=Communicate\"/>."
-msgstr ""
-"Los participantes del Proyecto Fedora frecuentan el canal #fedora en la red "
-"Freenode, mientras que los desarrolladores del Proyecto Fedora pueden ser "
-"contactados a menudo en el canal #fedora-devel. Algunos proyectos grandes "
-"pueden tener sus propios canales. Esta información se puede encontrar en la "
-"página web del proyecto, y en <ulink url=\"http://fedoraproject.org/w/index."
-"php?title=Communicate\"/>."
+msgid "Fedora Project participants frequent the <computeroutput>#fedora</computeroutput> channel on the Freenode network, while Fedora Project developers may often be found on the <computeroutput>#fedora-devel</computeroutput> channel. Some of the larger projects may have their own channels as well. This information may be found on the webpage for the project, and at <ulink url=\"http://fedoraproject.org/w/index.php?title=Communicate\"/>."
+msgstr "Los participantes del Proyecto Fedora frecuentan el canal #fedora en la red Freenode, mientras que los desarrolladores del Proyecto Fedora pueden ser contactados a menudo en el canal #fedora-devel. Algunos proyectos grandes pueden tener sus propios canales. Esta información se puede encontrar en la página web del proyecto, y en <ulink url=\"http://fedoraproject.org/w/index.php?title=Communicate\"/>."
#: en_US/Fedora_Project.xml:56(para)
-msgid ""
-"In order to talk on the <computeroutput>#fedora</computeroutput> channel, "
-"you need to register your nickname, or <firstterm>nick</firstterm>. "
-"Instructions are given when you <userinput>/join</userinput> the channel."
-msgstr ""
-"Para charlar en el canal <computeroutput>#fedora</computeroutput>, "
-"necesitará registrar su <firstterm>nick</firstterm>. Las intrucciones las "
-"recibirá al ingresar (<userinput>/join</userinput>) al canal."
+msgid "In order to talk on the <computeroutput>#fedora</computeroutput> channel, you need to register your nickname, or <firstterm>nick</firstterm>. Instructions are given when you <userinput>/join</userinput> the channel."
+msgstr "Para charlar en el canal <computeroutput>#fedora</computeroutput>, necesitará registrar su <firstterm>nick</firstterm>. Las intrucciones las recibirá al ingresar (<userinput>/join</userinput>) al canal."
#: en_US/Fedora_Project.xml:61(title)
msgid "IRC Channels"
msgstr "Canales IRC"
#: en_US/Fedora_Project.xml:62(para)
-msgid ""
-"The Fedora Project and Red Hat have no control over the Fedora Project IRC "
-"channels or their content."
-msgstr ""
-"El Proyecto Fedora y Red Hat no tienen control sobre los canales IRC del "
-"Proyecto Fedora o de su contenido."
+msgid "The Fedora Project and Red Hat have no control over the Fedora Project IRC channels or their content."
+msgstr "El Proyecto Fedora y Red Hat no tienen control sobre los canales IRC del Proyecto Fedora o de su contenido."
#: en_US/Fedora_Live_images.xml:5(title)
msgid "Fedora Live Images"
msgstr "Imágenes Viva de Fedora"
#: en_US/Fedora_Live_images.xml:6(para)
-msgid ""
-"The Fedora 10 release includes several Fedora Live ISO images in addition to "
-"the traditional installation images. These ISO images are bootable, and you "
-"can burn them to media and use them to try out Fedora. They also include a "
-"feature that allows you to install the Fedora Live image content to your "
-"hard drive for persistence and higher performance."
-msgstr ""
-"El lanzamiento de Fedora 10 incluye varias imágenes ISO vivas, además de las "
-"imágenes de instalación tradicionales. Estas imágenes ISO son arrancables, y "
-"las puede grabar en discos para probar Fedora. También incluye una "
-"característica que le permite instalar el contenido de la imagen Viva de "
-"Fedora en su disco para persistencia y una performance superior."
+msgid "The Fedora 10 release includes several Fedora Live ISO images in addition to the traditional installation images. These ISO images are bootable, and you can burn them to media and use them to try out Fedora. They also include a feature that allows you to install the Fedora Live image content to your hard drive for persistence and higher performance."
+msgstr "El lanzamiento de Fedora 10 incluye varias imágenes ISO vivas, además de las imágenes de instalación tradicionales. Estas imágenes ISO son arrancables, y las puede grabar en discos para probar Fedora. También incluye una característica que le permite instalar el contenido de la imagen Viva de Fedora en su disco para persistencia y una performance superior."
#: en_US/Fedora_Live_images.xml:13(title)
msgid "Available Images"
msgstr "Imágenes Disponibles"
#: en_US/Fedora_Live_images.xml:14(para)
-msgid ""
-"For a complete list of current spins available, and instructions for using "
-"them, refer to:"
-msgstr ""
-"Para una lista completa de los spins actualmente disponibles, e "
-"instrucciones de cómo usarlos, vaya a:"
+msgid "For a complete list of current spins available, and instructions for using them, refer to:"
+msgstr "Para una lista completa de los spins actualmente disponibles, e instrucciones de cómo usarlos, vaya a:"
#: en_US/Fedora_Live_images.xml:21(title)
msgid "Usage Information"
msgstr "Información de Uso"
#: en_US/Fedora_Live_images.xml:22(para)
-msgid ""
-"To boot from the Fedora Live image, insert the media into your computer and "
-"restart. To log in and use the desktop environment, enter the username "
-"<systemitem class=\"username\">fedora</systemitem>. There is no password on "
-"this account. The GNOME-based Fedora Live images automatically login after "
-"one minute, so users have time to select a preferred language. After logging "
-"in, if you wish to install the contents of the Live image to your hard "
-"drive, click on the <guiicon>Install to Hard Drive</guiicon> icon on the "
-"desktop."
-msgstr ""
-"Para arrancar desde una imagen Viva de Fedora, inserte el medio en la "
-"computadora y reinicie. Para ingresar y usar el entorno de escritorio, "
-"ingrese el nombre de usuario <systemitem class=\"username\">fedora</"
-"systemitem>. Esa cuenta no tiene contraseña. Las imágenes Vivas de Fedora "
-"basadas en GNOME ingresan automáticamente después de 1 minuto, por lo que "
-"los usuarios tienen tiempo para elegir su idioma preferido. Luego de "
-"ingresar, si desea instalar el contenido de la imágen a su disco rígido, "
-"haga clic en el ícono <guilabel>Instalar en el Disco Rígido</guilabel> del "
-"escritorio."
+msgid "To boot from the Fedora Live image, insert the media into your computer and restart. To log in and use the desktop environment, enter the username <systemitem class=\"username\">fedora</systemitem>. There is no password on this account. The GNOME-based Fedora Live images automatically login after one minute, so users have time to select a preferred language. After logging in, if you wish to install the contents of the Live image to your hard drive, click on the <guiicon>Install to Hard Drive</guiicon> icon on the desktop."
+msgstr "Para arrancar desde una imagen Viva de Fedora, inserte el medio en la computadora y reinicie. Para ingresar y usar el entorno de escritorio, ingrese el nombre de usuario <systemitem class=\"username\">fedora</systemitem>. Esa cuenta no tiene contraseña. Las imágenes Vivas de Fedora basadas en GNOME ingresan automáticamente después de 1 minuto, por lo que los usuarios tienen tiempo para elegir su idioma preferido. Luego de ingresar, si desea instalar el contenido de la imágen a su disco rígido, haga clic en el ícono <guilabel>Instalar en el Disco Rígido</guilabel> del escritorio."
#: en_US/Fedora_Live_images.xml:33(title)
msgid "Checking Your Media"
msgstr "Se están comprobando los medios..."
#: en_US/Fedora_Live_images.xml:34(para)
-msgid ""
-"To check Fedora Live media, press any key during the initial boot countdown "
-"to display a boot option menu. Select <guilabel>Verify</guilabel> and boot "
-"to perform the media test."
-msgstr ""
-"Para chequear un medio Vivo de Fedora, presione cualquier tecla durante la "
-"cuenta regresiva del arranque para que le muestre un menú de arranque. "
-"Seleccione <guilabel>Verificar</guilabel> y arrancar para chequear cualquier "
-"prueba del medio."
+msgid "To check Fedora Live media, press any key during the initial boot countdown to display a boot option menu. Select <guilabel>Verify</guilabel> and boot to perform the media test."
+msgstr "Para chequear un medio Vivo de Fedora, presione cualquier tecla durante la cuenta regresiva del arranque para que le muestre un menú de arranque. Seleccione <guilabel>Verificar</guilabel> y arrancar para chequear cualquier prueba del medio."
#: en_US/Fedora_Live_images.xml:39(para)
msgid "Perform this test for any new Live medium."
@@ -5773,30 +3066,16 @@ msgid "Text Mode Installation"
msgstr "Instalación en Modo Texto"
#: en_US/Fedora_Live_images.xml:45(para)
-msgid ""
-"To perform a text mode installation of the Fedora Live image, use the "
-"<command>liveinst</command> command in the console."
-msgstr ""
-"Puede hacer una instalación en modo texto de la imágen Viva, use el comando "
-"<command>liveinst</command> en la consola."
+msgid "To perform a text mode installation of the Fedora Live image, use the <command>liveinst</command> command in the console."
+msgstr "Puede hacer una instalación en modo texto de la imágen Viva, use el comando <command>liveinst</command> en la consola."
#: en_US/Fedora_Live_images.xml:50(title)
msgid "USB Booting"
msgstr "Arranque desde USB"
#: en_US/Fedora_Live_images.xml:51(para)
-msgid ""
-"Another way to use these Fedora Live images is to put them on a USB stick. "
-"To do this, use the <package>liveusb-creator</package> graphical interface. "
-"Use <guimenuitem>Add/Remove Software</guimenuitem> to search for and install "
-"<package>liveusb-creator</package>, or to install using <command>yum</"
-"command>:"
-msgstr ""
-"Otra forma de usar estas imágenes vivas de Fedora es ponerlas en un disco "
-"USB (pendrives). Para hacerlo, use la interfase gráfica <package>liveusb-"
-"creator</package>. Use <guimenuitem>Añadir/Quitar Software</guimenuitem> "
-"para buscar e instalar <package>liveusb-creator</package>, o para instalar "
-"usando yum <command>yum</command>:"
+msgid "Another way to use these Fedora Live images is to put them on a USB stick. To do this, use the <package>liveusb-creator</package> graphical interface. Use <guimenuitem>Add/Remove Software</guimenuitem> to search for and install <package>liveusb-creator</package>, or to install using <command>yum</command>:"
+msgstr "Otra forma de usar estas imágenes vivas de Fedora es ponerlas en un disco USB (pendrives). Para hacerlo, use la interfase gráfica <package>liveusb-creator</package>. Use <guimenuitem>Añadir/Quitar Software</guimenuitem> para buscar e instalar <package>liveusb-creator</package>, o para instalar usando yum <command>yum</command>:"
#: en_US/Fedora_Live_images.xml:58(userinput)
#, no-wrap
@@ -5804,63 +3083,36 @@ msgid "su -c 'yum install liveusb-creator'"
msgstr "su -c 'yum install liveusb-creator'"
#: en_US/Fedora_Live_images.xml:60(para)
-msgid ""
-"Instead of the graphical tool, you can use the command line interface from "
-"the <package>livecd-tools</package> package. Then, run the <command>livecd-"
-"iso-to-disk</command> script:"
-msgstr ""
-"En vez de la herramienta gráfica, puede usar la interfase de línea de "
-"comando de <package>livecd-tools</package>. Luego ejecute el script "
-"<command>livecd-iso-to-disk</command>:"
+msgid "Instead of the graphical tool, you can use the command line interface from the <package>livecd-tools</package> package. Then, run the <command>livecd-iso-to-disk</command> script:"
+msgstr "En vez de la herramienta gráfica, puede usar la interfase de línea de comando de <package>livecd-tools</package>. Luego ejecute el script <command>livecd-iso-to-disk</command>:"
#: en_US/Fedora_Live_images.xml:63(userinput)
#, no-wrap
msgid "/usr/bin/livecd-iso-to-disk /path/to/live.iso /dev/sdb1"
msgstr "/usr/bin/livecd-iso-to-disk /dir/de/la/img-viva.iso /dev/sdb1"
-#: en_US/Fedora_Live_images.xml:64(para) en_US/Fedora_Live_images.xml:85(para)
+#: en_US/Fedora_Live_images.xml:64(para)
+#: en_US/Fedora_Live_images.xml:85(para)
#: en_US/Fedora_Live_images.xml:110(para)
#: en_US/Fedora_Live_images.xml:130(para)
-msgid ""
-"Replace <filename>/dev/sdb1</filename> with the partition where you want to "
-"put the image."
-msgstr ""
-"Reemplace <filename>/dev/sdb1</filename> con la partición donde quiere poner "
-"la imagen."
+msgid "Replace <filename>/dev/sdb1</filename> with the partition where you want to put the image."
+msgstr "Reemplace <filename>/dev/sdb1</filename> con la partición donde quiere poner la imagen."
#: en_US/Fedora_Live_images.xml:66(para)
-msgid ""
-"This is <emphasis>not</emphasis> a destructive process; any data you "
-"currently have on your USB stick <emphasis>is preserved</emphasis>."
-msgstr ""
-"Este <emphasis>no</emphasis> es un proceso destructivo; cualquier dato que "
-"tenga en su disco USB <emphasis>seguirá ahí</emphasis>."
+msgid "This is <emphasis>not</emphasis> a destructive process; any data you currently have on your USB stick <emphasis>is preserved</emphasis>."
+msgstr "Este <emphasis>no</emphasis> es un proceso destructivo; cualquier dato que tenga en su disco USB <emphasis>seguirá ahí</emphasis>."
#: en_US/Fedora_Live_images.xml:69(para)
-msgid ""
-"A Windows version of this tools is also available that allows users to try "
-"out or migrate to Fedora."
-msgstr ""
-"Una versión de Windows de estas herramientas están también disponibles para "
-"permitir a los usarios probarla o migrar a Fedora."
+msgid "A Windows version of this tools is also available that allows users to try out or migrate to Fedora."
+msgstr "Una versión de Windows de estas herramientas están también disponibles para permitir a los usarios probarla o migrar a Fedora."
#: en_US/Fedora_Live_images.xml:75(title)
msgid "Persistent Home Directory"
msgstr "Directorio Home Persistente"
#: en_US/Fedora_Live_images.xml:76(para)
-msgid ""
-"Support for keeping a persistent <filename>/home</filename> with the rest of "
-"the system stateless has been added for Fedora 10. This includes support for "
-"encrypting <filename>/home</filename> to protect your system if your USB "
-"stick is lost or stolen. To use this feature, download the Live image and "
-"run the following command:"
-msgstr ""
-"El soporte para mantener un <filename>/home</filename> persistente con el "
-"resto de los sistemas sin estado ha sido agregado a Fedora 10. Esto incluye "
-"el soporte para <filename>/home</filename> encriptado para proteger su "
-"sistema si su disco USB se pierde o se lo roban. Para usar esta "
-"característica, descargue la imágen Viva y ejecute el siguiente comando:"
+msgid "Support for keeping a persistent <filename>/home</filename> with the rest of the system stateless has been added for Fedora 10. This includes support for encrypting <filename>/home</filename> to protect your system if your USB stick is lost or stolen. To use this feature, download the Live image and run the following command:"
+msgstr "El soporte para mantener un <filename>/home</filename> persistente con el resto de los sistemas sin estado ha sido agregado a Fedora 10. Esto incluye el soporte para <filename>/home</filename> encriptado para proteger su sistema si su disco USB se pierde o se lo roban. Para usar esta característica, descargue la imágen Viva y ejecute el siguiente comando:"
#: en_US/Fedora_Live_images.xml:83(userinput)
#, no-wrap
@@ -5868,52 +3120,20 @@ msgid "livecd-iso-to-disk --home-size-mb 512 /path/to/live.iso /dev/sdb1"
msgstr "livecd-iso-to-disk --home-size-mb 512 /dir/de/la/img-viva.iso /dev/sdb1"
#: en_US/Fedora_Live_images.xml:87(para)
-msgid ""
-"Replace <computeroutput>512</computeroutput> with the desired size in "
-"megabytes of the persistent <filename>/home</filename>. The <command>livecd-"
-"iso-to-disk</command> shell script is stored in the <filename>LiveOS</"
-"filename> directory at the top level of the CD image. The USB media must "
-"have sufficient free space for the Fedora Live image, plus the <filename>/"
-"home</filename>, plus any other data to be stored on the media. By default, "
-"this encrypts your data and prompts for a passphrase to use. If you want to "
-"have an unencrypted <filename>/home</filename>, then you can specify "
-"<option>--unencrypted-home</option>."
-msgstr ""
-"Reemplace <replaceable>512</replaceable> con el tamaño deseado en megabytes "
-"del <filename>/home</filename> persistente. El script de shell "
-"<command>livecd-iso-to-disk</command> se almacena ahora en el directorio "
-"<filename class=\"directory\">LiveOS</filename> en el nivel más alto en la "
-"imágen del CD. El medio USB debe tener suficiente espacio libre para la "
-"imágen Viva, más el overlay, más otros datos que se almacenarán en el medio. "
-"Por defecto, este encripta sus datos y le pregunta por una contraseña a "
-"usar. Si quiere tener <filename>/home</filename> desencriptado, entonces "
-"especificar <option>--unencrypted-home</option>."
+msgid "Replace <computeroutput>512</computeroutput> with the desired size in megabytes of the persistent <filename>/home</filename>. The <command>livecd-iso-to-disk</command> shell script is stored in the <filename>LiveOS</filename> directory at the top level of the CD image. The USB media must have sufficient free space for the Fedora Live image, plus the <filename>/home</filename>, plus any other data to be stored on the media. By default, this encrypts your data and prompts for a passphrase to use. If you want to have an unencrypted <filename>/home</filename>, then you can specify <option>--unencrypted-home</option>."
+msgstr "Reemplace <replaceable>512</replaceable> con el tamaño deseado en megabytes del <filename>/home</filename> persistente. El script de shell <command>livecd-iso-to-disk</command> se almacena ahora en el directorio <filename class=\"directory\">LiveOS</filename> en el nivel más alto en la imágen del CD. El medio USB debe tener suficiente espacio libre para la imágen Viva, más el overlay, más otros datos que se almacenarán en el medio. Por defecto, este encripta sus datos y le pregunta por una contraseña a usar. Si quiere tener <filename>/home</filename> desencriptado, entonces especificar <option>--unencrypted-home</option>."
#: en_US/Fedora_Live_images.xml:97(para)
-msgid ""
-"Note that later runs of <command>livecd-iso-to-disk</command> preserve the "
-"<filename>/home</filename> that is created on the USB stick, continuing to "
-"use it even if you change your Live image."
-msgstr ""
-"Note que en ejecuciones posteriores de <command>livecd-iso-to-disk</command> "
-"se preserva el <filename>/home</filename> que se crea en el disco USB, para "
-"continuar usándolo aún cuando cambie su imágen Viva."
+msgid "Note that later runs of <command>livecd-iso-to-disk</command> preserve the <filename>/home</filename> that is created on the USB stick, continuing to use it even if you change your Live image."
+msgstr "Note que en ejecuciones posteriores de <command>livecd-iso-to-disk</command> se preserva el <filename>/home</filename> que se crea en el disco USB, para continuar usándolo aún cuando cambie su imágen Viva."
#: en_US/Fedora_Live_images.xml:103(title)
msgid "Live USB Persistence"
msgstr "Persistencia de USB Vivo"
#: en_US/Fedora_Live_images.xml:104(para)
-msgid ""
-"Support for persistent changes with a Fedora Live image exists for Fedora 9 "
-"and later. The primary use case is booting from a Fedora Live image on a USB "
-"flash drive and storing changes to that same device. To do this, download "
-"the Fedora Live image and then run the following command:"
-msgstr ""
-"También hay soporte para persistencia de cambios en una imágen Viva de "
-"Fedora 9 y posterior. El caso de uso primario es arrancar desde una imágen "
-"Viva en un disco USB y guardar los cambios en el mismo dispositivo. Para "
-"hacer esto, descargue la imágen Viva y luego ejecute el siguiente comando:"
+msgid "Support for persistent changes with a Fedora Live image exists for Fedora 9 and later. The primary use case is booting from a Fedora Live image on a USB flash drive and storing changes to that same device. To do this, download the Fedora Live image and then run the following command:"
+msgstr "También hay soporte para persistencia de cambios en una imágen Viva de Fedora 9 y posterior. El caso de uso primario es arrancar desde una imágen Viva en un disco USB y guardar los cambios en el mismo dispositivo. Para hacer esto, descargue la imágen Viva y luego ejecute el siguiente comando:"
#: en_US/Fedora_Live_images.xml:109(userinput)
#, no-wrap
@@ -5921,38 +3141,16 @@ msgid "livecd-iso-to-disk --overlay-size-mb 512 /path/to/live.iso /dev/sdb1"
msgstr "livecd-iso-to-disk --overlay-size-mb 512 /dir/de/la/img-viva.iso /dev/sdb1"
#: en_US/Fedora_Live_images.xml:112(para)
-msgid ""
-"Replace <computeroutput>512</computeroutput> with the desired size in "
-"megabytes of the persistent data, or <firstterm>overlay</firstterm>. The "
-"<command>livecd-iso-to-disk</command> shell script is stored in the "
-"<filename>LiveOS</filename> directory at the top level of the CD image. The "
-"USB media must have sufficient free space for the Fedora Live image, plus "
-"the overlay, plus any other data to be stored on the media."
-msgstr ""
-"Reemplace <replaceable>512</replaceable> con el tamaño deseado en megabytes "
-"de los datos persistentes u <firstterm>overlay</firstterm>. El script de "
-"shell <command>livecd-iso-to-disk</command> se almacena ahora en el "
-"directorio <filename>LiveOS</filename> en el nivel más alto en la imágen del "
-"CD. El medio USB debe tener suficiente espacio libre para la imágen Viva, "
-"más el overlay, más otros datos que se almacenarán en el medio."
+msgid "Replace <computeroutput>512</computeroutput> with the desired size in megabytes of the persistent data, or <firstterm>overlay</firstterm>. The <command>livecd-iso-to-disk</command> shell script is stored in the <filename>LiveOS</filename> directory at the top level of the CD image. The USB media must have sufficient free space for the Fedora Live image, plus the overlay, plus any other data to be stored on the media."
+msgstr "Reemplace <replaceable>512</replaceable> con el tamaño deseado en megabytes de los datos persistentes u <firstterm>overlay</firstterm>. El script de shell <command>livecd-iso-to-disk</command> se almacena ahora en el directorio <filename>LiveOS</filename> en el nivel más alto en la imágen del CD. El medio USB debe tener suficiente espacio libre para la imágen Viva, más el overlay, más otros datos que se almacenarán en el medio."
#: en_US/Fedora_Live_images.xml:122(title)
msgid "Booting a Fedora Live Image from USB on Intel-based Apple Hardware"
-msgstr ""
-"Arranque de una Imágen Viva de Fedora desde USB en equipos de Apple basados "
-"en Intel"
+msgstr "Arranque de una Imágen Viva de Fedora desde USB en equipos de Apple basados en Intel"
#: en_US/Fedora_Live_images.xml:124(para)
-msgid ""
-"Fedora 10 includes support for putting the Live image onto a USB image and "
-"then booting it on Intel processor-based Apple hardware. Unlike most x86 "
-"machines, this hardware requires reformatting the USB stick. To set up a USB "
-"stick, run this command:"
-msgstr ""
-"Fedora 10 incluye soporte para poner una imágen Viva en una imágen USB y "
-"luego arrancarla en un equipo Apple basado en procesadores Intel. A "
-"diferencia de la mayoría de las máquinas x86, este equipo requiere "
-"reformatear el disco USB. Para configurar un disco USB, ejecute este comando:"
+msgid "Fedora 10 includes support for putting the Live image onto a USB image and then booting it on Intel processor-based Apple hardware. Unlike most x86 machines, this hardware requires reformatting the USB stick. To set up a USB stick, run this command:"
+msgstr "Fedora 10 incluye soporte para poner una imágen Viva en una imágen USB y luego arrancarla en un equipo Apple basado en procesadores Intel. A diferencia de la mayoría de las máquinas x86, este equipo requiere reformatear el disco USB. Para configurar un disco USB, ejecute este comando:"
#: en_US/Fedora_Live_images.xml:129(userinput)
#, no-wrap
@@ -5960,62 +3158,28 @@ msgid "/usr/bin/livecd-iso-to-disk --mactel /path/to/live.iso /dev/sdb1"
msgstr "/usr/bin/livecd-iso-to-disk --mactel /dir/de/la/img-viva.iso /dev/sdb1"
#: en_US/Fedora_Live_images.xml:132(para)
-msgid ""
-"Note that all of the other arguments for the <command>livecd-iso-to-disk</"
-"command> tool as described above can be used here as well."
-msgstr ""
-"Note que todos los demás argumentos de la herramienta <command>livecd-iso-to-"
-"disk</command> como se describieron anteriormente se pueden usar."
+msgid "Note that all of the other arguments for the <command>livecd-iso-to-disk</command> tool as described above can be used here as well."
+msgstr "Note que todos los demás argumentos de la herramienta <command>livecd-iso-to-disk</command> como se describieron anteriormente se pueden usar."
#: en_US/Fedora_Live_images.xml:137(title)
msgid "Differences from a Regular Fedora Installation"
msgstr "Diferencias con la Instalación Normal de Fedora"
#: en_US/Fedora_Live_images.xml:138(para)
-msgid ""
-"The Fedora Live image is different from a normal Fedora installation as "
-"shown below."
-msgstr ""
-"La imágen Viva de Fedora es distinta a la instalación normal de Fedora, como "
-"se muestra más abajo."
+msgid "The Fedora Live image is different from a normal Fedora installation as shown below."
+msgstr "La imágen Viva de Fedora es distinta a la instalación normal de Fedora, como se muestra más abajo."
#: en_US/Fedora_Live_images.xml:142(para)
-msgid ""
-"Fedora Live images provide a subset of packages available in the regular DVD "
-"image. Both connect to the same repository that has all the packages."
-msgstr ""
-"Las imágenes Viva proveen un subconjunto de paquetes disponibles en la "
-"imágen regular de DVD. Ambos conectan al mismo repositorio que tiene todos "
-"los paquetes."
+msgid "Fedora Live images provide a subset of packages available in the regular DVD image. Both connect to the same repository that has all the packages."
+msgstr "Las imágenes Viva proveen un subconjunto de paquetes disponibles en la imágen regular de DVD. Ambos conectan al mismo repositorio que tiene todos los paquetes."
#: en_US/Fedora_Live_images.xml:146(para)
-msgid ""
-"The SSH daemon <systemitem class=\"daemon\">sshd</systemitem> is disabled by "
-"default. The daemon is disabled because the default username in the Fedora "
-"Live images does not have a password. However, installation to hard disk "
-"prompts for creating a new username and password."
-msgstr ""
-"El demonio SSH está deshabilitado por defecto. SSH está deshabilitado debido "
-"a que el nombre de usuario por defecto en las imágenes Viva no tiene ninguna "
-"clave. Sin embargo, la instalación al disco rígido le pregunta si desea "
-"crear un nombre de usuario nuevo y contraseña."
+msgid "The SSH daemon <systemitem class=\"daemon\">sshd</systemitem> is disabled by default. The daemon is disabled because the default username in the Fedora Live images does not have a password. However, installation to hard disk prompts for creating a new username and password."
+msgstr "El demonio SSH está deshabilitado por defecto. SSH está deshabilitado debido a que el nombre de usuario por defecto en las imágenes Viva no tiene ninguna clave. Sin embargo, la instalación al disco rígido le pregunta si desea crear un nombre de usuario nuevo y contraseña."
#: en_US/Fedora_Live_images.xml:153(para)
-msgid ""
-"Fedora Live image installations do not allow any package selection or "
-"upgrade capability since they copy the entire file system from the Live "
-"media to the hard disk. After the installation is complete, and your system "
-"has been rebooted, you can add and remove packages as desired with the "
-"<guimenuitem>Add/Remove Software</guimenuitem> tool, <command>yum</command>, "
-"or the other software management tools."
-msgstr ""
-"Las instalaciones de una imágen Viva no permiten ninguna selección de "
-"paquete o capacidad de actualización, dado que copian todo el sistema de "
-"archivo desde el medio o disco USB al disco rígido. Después que la "
-"instalación se completa y se reinicia, los paquetes pueden ser agregados y "
-"quitados como se deseen, con la herramienta <guimenuitem>Añadur/Quitar "
-"Software</guimenuitem>, <command>yum</command> o con cualquier otra "
-"herramienta de administración de software."
+msgid "Fedora Live image installations do not allow any package selection or upgrade capability since they copy the entire file system from the Live media to the hard disk. After the installation is complete, and your system has been rebooted, you can add and remove packages as desired with the <guimenuitem>Add/Remove Software</guimenuitem> tool, <command>yum</command>, or the other software management tools."
+msgstr "Las instalaciones de una imágen Viva no permiten ninguna selección de paquete o capacidad de actualización, dado que copian todo el sistema de archivo desde el medio o disco USB al disco rígido. Después que la instalación se completa y se reinicia, los paquetes pueden ser agregados y quitados como se deseen, con la herramienta <guimenuitem>Añadur/Quitar Software</guimenuitem>, <command>yum</command> o con cualquier otra herramienta de administración de software."
#: en_US/Fedora_Live_images.xml:162(para)
msgid "Fedora Live images do not work on i586 architecture."
@@ -6026,11 +3190,8 @@ msgid "Fedora Desktop"
msgstr "Escritorio de Fedora"
#: en_US/Fedora_desktop.xml:6(para)
-msgid ""
-"This section details changes that affect Fedora graphical desktop users."
-msgstr ""
-"Esta sección detalla los cambios que afectan a los usuarios del escritorio "
-"gráfico de Fedora."
+msgid "This section details changes that affect Fedora graphical desktop users."
+msgstr "Esta sección detalla los cambios que afectan a los usuarios del escritorio gráfico de Fedora."
#: en_US/Fedora_desktop.xml:9(title)
msgid "Better webcam support"
@@ -6041,134 +3202,48 @@ msgid "Fedora 10 comes with improved support for webcams."
msgstr "Fedora 10 viene con un soporte mejorado para webcams."
#: en_US/Fedora_desktop.xml:11(para)
-msgid ""
-"This support follows on the improvements to the UVC driver first introduced "
-"in Fedora 9 that added support for any webcam with a Windows Vista compliant "
-"logo. Fedora 10 features a new V4L2 version of <package>gspca</package>, a "
-"USB webcam driver framework with support for many different USB webcam "
-"bridges and sensors."
-msgstr ""
-"Este soporte continúa con las mejoras del controlador UVC introducido "
-"primero en Fedora 9, que agregaban soporte para cualquier cámara web con el "
-"logo de compatible con Windows Vista. Fedora 10 tiene la versión nueva V4L2 "
-"de <package>gspca</package>, un marco de trabajo de controladores webcam USB "
-"con soporte para la gran mayoría de puentes webcab USB y sensores."
+msgid "This support follows on the improvements to the UVC driver first introduced in Fedora 9 that added support for any webcam with a Windows Vista compliant logo. Fedora 10 features a new V4L2 version of <package>gspca</package>, a USB webcam driver framework with support for many different USB webcam bridges and sensors."
+msgstr "Este soporte continúa con las mejoras del controlador UVC introducido primero en Fedora 9, que agregaban soporte para cualquier cámara web con el logo de compatible con Windows Vista. Fedora 10 tiene la versión nueva V4L2 de <package>gspca</package>, un marco de trabajo de controladores webcam USB con soporte para la gran mayoría de puentes webcab USB y sensores."
#: en_US/Fedora_desktop.xml:17(para)
-msgid ""
-"Userspace support for webcams has also been improved by adding <systemitem "
-"class=\"library\">libv4l</systemitem> and updating all webcam using "
-"applications to use <systemitem class=\"library\">libv4l</systemitem>. This "
-"support makes these applications understand the manufacturer specific and "
-"custom video formats emitted by many webcams, especially by many of the "
-"webcams supported by <package>gspca</package>."
-msgstr ""
-"El soporte en espacio del usuario para webcams también fue mejorado al "
-"agregar <systemitem class=\"library\">libv4l</systemitem> y actualizar todas "
-"las aplicaciones que usan cámaras web para que usen <systemitem class="
-"\"library\">libv4l</systemitem>. Este soporte hace que estas aplicaciones "
-"entiendan los formatos de video específicos y particulares emitidos por "
-"muchas webcams, especialemnte muchas de las cámaras web soportadas por "
-"<package>gspca</package>."
+msgid "Userspace support for webcams has also been improved by adding <systemitem class=\"library\">libv4l</systemitem> and updating all webcam using applications to use <systemitem class=\"library\">libv4l</systemitem>. This support makes these applications understand the manufacturer specific and custom video formats emitted by many webcams, especially by many of the webcams supported by <package>gspca</package>."
+msgstr "El soporte en espacio del usuario para webcams también fue mejorado al agregar <systemitem class=\"library\">libv4l</systemitem> y actualizar todas las aplicaciones que usan cámaras web para que usen <systemitem class=\"library\">libv4l</systemitem>. Este soporte hace que estas aplicaciones entiendan los formatos de video específicos y particulares emitidos por muchas webcams, especialemnte muchas de las cámaras web soportadas por <package>gspca</package>."
#: en_US/Fedora_desktop.xml:24(para)
-msgid ""
-"For a list of all webcams and applications where Fedora 10's new webcam "
-"support has been tested refer to <ulink url=\"https://fedoraproject.org/wiki/"
-"Features/BetterWebcamSupport\"/>. For a list of all webcams supported by the "
-"original version of <package>gspca</package> refer to the original "
-"<package>gspca</package> website."
-msgstr ""
-"Para una lista de todas las cámaras web y las aplicacioens donde el nuevo "
-"soporte de webcam de Fedora 10 ha sido probado, vaya a <ulink url=\"https://"
-"fedoraproject.org/wiki/Features/BetterWebcamSupport\"/>. Para una lista de "
-"todas las webcam soportadas por la versión original de <package>gspca</"
-"package> vaya al sitio web original de <package>gspca</package>."
+msgid "For a list of all webcams and applications where Fedora 10's new webcam support has been tested refer to <ulink url=\"https://fedoraproject.org/wiki/Features/BetterWebcamSupport\"/>. For a list of all webcams supported by the original version of <package>gspca</package> refer to the original <package>gspca</package> website."
+msgstr "Para una lista de todas las cámaras web y las aplicacioens donde el nuevo soporte de webcam de Fedora 10 ha sido probado, vaya a <ulink url=\"https://fedoraproject.org/wiki/Features/BetterWebcamSupport\"/>. Para una lista de todas las webcam soportadas por la versión original de <package>gspca</package> vaya al sitio web original de <package>gspca</package>."
#: en_US/Fedora_desktop.xml:31(para)
-msgid ""
-"The V4L2 version of <package>gspca</package> in Fedora 10 supports all these "
-"webcams and more."
-msgstr ""
-"La versión V4L2 de <package>gspca</package> en Fedora 10 soporta todas estas "
-"cámaras web y más."
+msgid "The V4L2 version of <package>gspca</package> in Fedora 10 supports all these webcams and more."
+msgstr "La versión V4L2 de <package>gspca</package> en Fedora 10 soporta todas estas cámaras web y más."
#: en_US/Fedora_desktop.xml:35(title)
msgid "Plymouth graphical boot"
msgstr "Arranque Gráfico Plymouth"
#: en_US/Fedora_desktop.xml:36(para)
-msgid ""
-"For information about the new graphical boot mode read <xref linkend=\"sn-"
-"Fedora_10_boot-time\"/>."
-msgstr ""
-"Para información sobre el nuevo modo de arranque gráfico lea <xref linkend="
-"\"sn-Fedora_10_boot-time\"/>."
+msgid "For information about the new graphical boot mode read <xref linkend=\"sn-Fedora_10_boot-time\"/>."
+msgstr "Para información sobre el nuevo modo de arranque gráfico lea <xref linkend=\"sn-Fedora_10_boot-time\"/>."
#: en_US/Fedora_desktop.xml:41(para)
-msgid ""
-"New to Fedora 10 is the <package>gnome-lirc-properties</package> package "
-"with a new graphical front-end for configuring LIRC to use with applications "
-"supporting the protocol. For more information refer to <xref linkend=\"sn-"
-"Infrared_remote_support\"/>."
-msgstr ""
-"Un paquete nuevo en Fedora 10 es <package>gnome-lirc-properties</package> "
-"con una nueva interfase gráfica para configurar LIRC, para que use las "
-"aplicaciones que den soporte al protocolo. Para más información vaya a <xref "
-"linkend=\"sn-Infrared_remote_support\"/>."
+msgid "New to Fedora 10 is the <package>gnome-lirc-properties</package> package with a new graphical front-end for configuring LIRC to use with applications supporting the protocol. For more information refer to <xref linkend=\"sn-Infrared_remote_support\"/>."
+msgstr "Un paquete nuevo en Fedora 10 es <package>gnome-lirc-properties</package> con una nueva interfase gráfica para configurar LIRC, para que use las aplicaciones que den soporte al protocolo. Para más información vaya a <xref linkend=\"sn-Infrared_remote_support\"/>."
#: en_US/Fedora_desktop.xml:45(para)
-msgid ""
-"LIRC is routinely used in multimedia applications to implement support for "
-"infrared remote controls, and using it in <application>Rhythmbox</"
-"application> and <application>Totem</application> should be as easy as "
-"plugging the remote receiver into your computer, then selecting "
-"<guimenuitem>Auto-detect</guimenuitem> in the <guimenu>Infrared Remote "
-"Control</guimenu> preferences. Refer to the feature page for more "
-"information:"
-msgstr ""
-"LIRC es usado rutinariamente en aplicaciones multimedia para dar soporte a "
-"controles remoto infrarrojo, y su uso en <application>Rhythmbox</"
-"application> y <application>Totem</application> debería ser tan fácil como "
-"conectar un receptor remoto en su computadora, luego seleccionar "
-"<guimenuitem>Auto-detectar</guimenuitem> en las preferencias de "
-"<guimenu>Control Remoto Infrarrojo</guimenu>. Vaya a la página de esta "
-"característica para más información:"
+msgid "LIRC is routinely used in multimedia applications to implement support for infrared remote controls, and using it in <application>Rhythmbox</application> and <application>Totem</application> should be as easy as plugging the remote receiver into your computer, then selecting <guimenuitem>Auto-detect</guimenuitem> in the <guimenu>Infrared Remote Control</guimenu> preferences. Refer to the feature page for more information:"
+msgstr "LIRC es usado rutinariamente en aplicaciones multimedia para dar soporte a controles remoto infrarrojo, y su uso en <application>Rhythmbox</application> y <application>Totem</application> debería ser tan fácil como conectar un receptor remoto en su computadora, luego seleccionar <guimenuitem>Auto-detectar</guimenuitem> en las preferencias de <guimenu>Control Remoto Infrarrojo</guimenu>. Vaya a la página de esta característica para más información:"
#: en_US/Fedora_desktop.xml:58(title)
msgid "Bluetooth BlueZ 4.0"
msgstr "Bluetooth BlueZ 4.0"
#: en_US/Fedora_desktop.xml:59(para)
-msgid ""
-"The Bluetooth support stack, called BlueZ (<ulink url=\"http://www.bluez.org"
-"\"/>,) has been updated to version 4.x in Fedora 10. Most changes in this "
-"version are useful for application developers, but users can notice the new, "
-"easier to use wizard for setting up keyboards, mice, and other supported "
-"Bluetooth devices. There is also the ability to turn-off the Bluetooth "
-"adapter on most brands of laptops through the preferences. This new version "
-"will also allow better support for audio devices in the future, through "
-"PulseAudio."
-msgstr ""
-"La pila de soporte Bluetooth, llamada BlueZ(<ulink url=\"http://www.bluez.org"
-"\"/>) se actualizó a la versión 4.x en Fedora 10. La mayoría de los cambios "
-"en esta versión son útiles para los desarrolladores de aplicaciones, pero "
-"los usuarios pueden también notar el asistente más fácil de usar para "
-"configurar teclados, ratones y otros dispositivos Bluetooth soportado. Está "
-"también la posibilidad de apagar el adaptador Bluetooth en la mayoría de las "
-"marcas de portátiles a través de las preferencias. Esta nueva versión "
-"también le permite un mejor soporte para dispositivos de audio en el futuro, "
-"a través de PulseAudio."
+msgid "The Bluetooth support stack, called BlueZ (<ulink url=\"http://www.bluez.org\"/>,) has been updated to version 4.x in Fedora 10. Most changes in this version are useful for application developers, but users can notice the new, easier to use wizard for setting up keyboards, mice, and other supported Bluetooth devices. There is also the ability to turn-off the Bluetooth adapter on most brands of laptops through the preferences. This new version will also allow better support for audio devices in the future, through PulseAudio."
+msgstr "La pila de soporte Bluetooth, llamada BlueZ(<ulink url=\"http://www.bluez.org\"/>) se actualizó a la versión 4.x en Fedora 10. La mayoría de los cambios en esta versión son útiles para los desarrolladores de aplicaciones, pero los usuarios pueden también notar el asistente más fácil de usar para configurar teclados, ratones y otros dispositivos Bluetooth soportado. Está también la posibilidad de apagar el adaptador Bluetooth en la mayoría de las marcas de portátiles a través de las preferencias. Esta nueva versión también le permite un mejor soporte para dispositivos de audio en el futuro, a través de PulseAudio."
#: en_US/Fedora_desktop.xml:68(para)
-msgid ""
-"Note that the default Bluetooth kernel driver was also switched to "
-"<command>btusb</command>, which cuts down power consumption compared to its "
-"predecessor <command>hci_usb</command>."
-msgstr ""
-"Note que el controlador Bluetooth predeterminado del kernel también se "
-"cambio a <command>btusb</command>, lo que consume menos energía en "
-"comparación con su predecesor <command>hci_usb</command>."
+msgid "Note that the default Bluetooth kernel driver was also switched to <command>btusb</command>, which cuts down power consumption compared to its predecessor <command>hci_usb</command>."
+msgstr "Note que el controlador Bluetooth predeterminado del kernel también se cambio a <command>btusb</command>, lo que consume menos energía en comparación con su predecesor <command>hci_usb</command>."
#: en_US/Fedora_desktop.xml:74(title)
msgid "GNOME"
@@ -6183,20 +3258,8 @@ msgid "Empathy instant messenger"
msgstr "Mensajería instantánea con Empathy"
#: en_US/Fedora_desktop.xml:83(para)
-msgid ""
-"<application>Empathy</application> instant messenger is available in this "
-"release. It has support for multiple protocols including IRC, XMPP (Jabber), "
-"Yahoo, MSN, and others via plugins. It also supports video and voice in the "
-"XMPP protocol, with support for other protocols under active development. "
-"Empathy uses the <command>telepathy</command> framework that has a number of "
-"additional plugins:"
-msgstr ""
-"El mensajero instantáneo <application>Empathy</application> está disponible "
-"en este lanzamiento. Tiene soporte para muchos protocolos incluyendo el IRC, "
-"XMPP (Jabber), Yahoo, MSN y otros vía complementos. También soporta video y "
-"voz en el protocolo XMPP, con soporte para otros protocolos bajo activo "
-"desarrollo. Empathy usa el marco de trabajo <command>telepathy</command> que "
-"tiene un número de complementos adicionales:"
+msgid "<application>Empathy</application> instant messenger is available in this release. It has support for multiple protocols including IRC, XMPP (Jabber), Yahoo, MSN, and others via plugins. It also supports video and voice in the XMPP protocol, with support for other protocols under active development. Empathy uses the <command>telepathy</command> framework that has a number of additional plugins:"
+msgstr "El mensajero instantáneo <application>Empathy</application> está disponible en este lanzamiento. Tiene soporte para muchos protocolos incluyendo el IRC, XMPP (Jabber), Yahoo, MSN y otros vía complementos. También soporta video y voz en el protocolo XMPP, con soporte para otros protocolos bajo activo desarrollo. Empathy usa el marco de trabajo <command>telepathy</command> que tiene un número de complementos adicionales:"
#: en_US/Fedora_desktop.xml:93(para)
msgid "<command>telepathy-gabble</command> - Jabber/XMPP plugin"
@@ -6215,61 +3278,28 @@ msgid "<command>telepathy-sofiasip</command> - SIP plugin"
msgstr "<command>telepathy-sofiasip</command> - Complemento SIP"
#: en_US/Fedora_desktop.xml:109(para)
-msgid ""
-"<command>telepathy-haze</command> - Libpurple (Pidgin) library connection "
-"manager provides support for other protocols such as Yahoo"
-msgstr ""
-"<command>telepathy-haze</command> - El administrador de conexión "
-"biblioteca libpurple (Pidgin) provee soporte para otros protocolos tales "
-"como Yahoo"
+msgid "<command>telepathy-haze</command> - Libpurple (Pidgin) library connection manager provides support for other protocols such as Yahoo"
+msgstr "<command>telepathy-haze</command> - El administrador de conexión biblioteca libpurple (Pidgin) provee soporte para otros protocolos tales como Yahoo"
#: en_US/Fedora_desktop.xml:115(para)
-msgid ""
-"<application>Pidgin</application> continues to be available in the Fedora "
-"software repository and is retained as the default for users upgrading from "
-"previous releases of Fedora."
-msgstr ""
-"<application>Pidgin</application> continúa disponible en el repositorio de "
-"Fedora y todavía es el predeterminado para los usuarios que actualizan desde "
-"versiones previas de Fedora."
+msgid "<application>Pidgin</application> continues to be available in the Fedora software repository and is retained as the default for users upgrading from previous releases of Fedora."
+msgstr "<application>Pidgin</application> continúa disponible en el repositorio de Fedora y todavía es el predeterminado para los usuarios que actualizan desde versiones previas de Fedora."
#: en_US/Fedora_desktop.xml:121(title)
msgid "GNOME Display Manager"
msgstr "Administrador de Pantalla de GNOME"
#: en_US/Fedora_desktop.xml:122(para)
-msgid ""
-"The GNOME Display Manager (<systemitem class=\"daemon\">gdm</systemitem>) "
-"has been updated to the latest upstream code, which is a complete rewrite "
-"driven by Fedora developers. PolicyKit can be used to control shutdown and "
-"reboot. The configuration tool <command>gdmsetup</command> is missing "
-"currently, and is set to be replaced. For configuration changes, refer to:"
-msgstr ""
-"El Administrador de Pantalla de GNOME (<systemitem class=\"daemon\">gdm</"
-"systemitem>) fue actualizado a la última versión de su proveedor, que es una "
-"reescritura completa hecha por los desarrolladores de Fedora. PolicyKit se "
-"puede usar para controlar el apagado y reiniciado. La herramienta de "
-"configuración <command>gdmsetup</command> todavía falta, y en realidad será "
-"reemplazada. Para cambiar la configuración, vaya a:"
+msgid "The GNOME Display Manager (<systemitem class=\"daemon\">gdm</systemitem>) has been updated to the latest upstream code, which is a complete rewrite driven by Fedora developers. PolicyKit can be used to control shutdown and reboot. The configuration tool <command>gdmsetup</command> is missing currently, and is set to be replaced. For configuration changes, refer to:"
+msgstr "El Administrador de Pantalla de GNOME (<systemitem class=\"daemon\">gdm</systemitem>) fue actualizado a la última versión de su proveedor, que es una reescritura completa hecha por los desarrolladores de Fedora. PolicyKit se puede usar para controlar el apagado y reiniciado. La herramienta de configuración <command>gdmsetup</command> todavía falta, y en realidad será reemplazada. Para cambiar la configuración, vaya a:"
#: en_US/Fedora_desktop.xml:135(title)
msgid "Codec installation helper"
msgstr "Ayudante de instalación de codec"
#: en_US/Fedora_desktop.xml:136(para)
-msgid ""
-"The GStreamer codec installation helper <command>codeina</command> was "
-"replaced by a PackageKit-based solution for Fedora 10. When Totem, "
-"Rhythmbox, or another GStreamer application require a plugin to read a film "
-"or song, a PackageKit dialog appears, allowing the user to search for the "
-"necessary package in the configured repositories."
-msgstr ""
-"El ayudante de instalación de codec de GStreamer <command>codeina</command> "
-"fue reemplazado por una solución basada en PackageKit en Fedora 10. Cuando "
-"Totem, Rhythmbox o cualquier otra aplicación GStreamer requieran un "
-"complemento para leer una película o canción, aparece un diálogo de "
-"PackageKit, que le permite al usuario buscar el paquete necesario en los "
-"repositorios configurados."
+msgid "The GStreamer codec installation helper <command>codeina</command> was replaced by a PackageKit-based solution for Fedora 10. When Totem, Rhythmbox, or another GStreamer application require a plugin to read a film or song, a PackageKit dialog appears, allowing the user to search for the necessary package in the configured repositories."
+msgstr "El ayudante de instalación de codec de GStreamer <command>codeina</command> fue reemplazado por una solución basada en PackageKit en Fedora 10. Cuando Totem, Rhythmbox o cualquier otra aplicación GStreamer requieran un complemento para leer una película o canción, aparece un diálogo de PackageKit, que le permite al usuario buscar el paquete necesario en los repositorios configurados."
#: en_US/Fedora_desktop.xml:143(para)
msgid "More details are available on the feature page:"
@@ -6280,111 +3310,32 @@ msgid "KDE"
msgstr "KDE"
#: en_US/Fedora_desktop.xml:151(para)
-msgid ""
-"This release features KDE 4.1.2. As the <package>kdevelop</package> packages "
-"is not part of KDE 4.1 and <package>kdewebdev</package> is only partially "
-"available (no <application>Quanta</application>) in KDE 4.1, the KDE 3.5.10 "
-"versions of those packages are shipped. A <package>kdegames3</package> "
-"package containing the games not yet ported to KDE 4 is also available."
-msgstr ""
-"Este lanzamiento tiene KDE 4.1.2. Como el paquete <package>kdevelop</"
-"package> no es parte de KDE 4.1 y <package>kdewebdev</package> está sólo "
-"parcialmente disponible (sin <application>Quanta</application>) en KDE 4.1, "
-"las versiones de KDE 3.5.10 de esos paquetes fueron incluídas. Un paquete "
-"<package>kdegames3</package> conteniendo los juegos que todavía no se "
-"portaron a KDE 4 está también disponible."
+msgid "This release features KDE 4.1.2. As the <package>kdevelop</package> packages is not part of KDE 4.1 and <package>kdewebdev</package> is only partially available (no <application>Quanta</application>) in KDE 4.1, the KDE 3.5.10 versions of those packages are shipped. A <package>kdegames3</package> package containing the games not yet ported to KDE 4 is also available."
+msgstr "Este lanzamiento tiene KDE 4.1.2. Como el paquete <package>kdevelop</package> no es parte de KDE 4.1 y <package>kdewebdev</package> está sólo parcialmente disponible (sin <application>Quanta</application>) en KDE 4.1, las versiones de KDE 3.5.10 de esos paquetes fueron incluídas. Un paquete <package>kdegames3</package> conteniendo los juegos que todavía no se portaron a KDE 4 está también disponible."
#: en_US/Fedora_desktop.xml:162(para)
-msgid ""
-"KDE 4.1 is the latest release of KDE 4 and provides several new features, "
-"many usability improvements, and bugfixes over KDE 4.0, the first KDE 4 "
-"release series. This new release includes a folder view desktop applet "
-"(<firstterm>Plasmoid</firstterm>), improvements to <application>Dolphin</"
-"application> and <application>Konqueror</application> and many new and "
-"improved applications. KDE 4.1.2 is a bugfix release from the KDE 4.1 "
-"release series."
-msgstr ""
-"KDE 4.1 es el último lanzamiento de KDE 4 y provee varias características "
-"nuevas, muchas mejoras de usabilidad y correcciones de errores de KDE 4.0, "
-"el primer KDE 4 de esta serie de lanzamiento. Este lanzamiento nuevo incluye "
-"un applet de escritorio de vista de carpeta (<firstterm>Plasmoid</"
-"firstterm>), mejoras a <application>Dolphin</application> y "
-"<application>Konqueror</application> y muchas nuevas y mejoradas "
-"aplicaciones. KDE 4.1.2 es un lanzamiento de corrección de errores de la "
-"serie KDE 4.1."
+msgid "KDE 4.1 is the latest release of KDE 4 and provides several new features, many usability improvements, and bugfixes over KDE 4.0, the first KDE 4 release series. This new release includes a folder view desktop applet (<firstterm>Plasmoid</firstterm>), improvements to <application>Dolphin</application> and <application>Konqueror</application> and many new and improved applications. KDE 4.1.2 is a bugfix release from the KDE 4.1 release series."
+msgstr "KDE 4.1 es el último lanzamiento de KDE 4 y provee varias características nuevas, muchas mejoras de usabilidad y correcciones de errores de KDE 4.0, el primer KDE 4 de esta serie de lanzamiento. Este lanzamiento nuevo incluye un applet de escritorio de vista de carpeta (<firstterm>Plasmoid</firstterm>), mejoras a <application>Dolphin</application> y <application>Konqueror</application> y muchas nuevas y mejoradas aplicaciones. KDE 4.1.2 es un lanzamiento de corrección de errores de la serie KDE 4.1."
#: en_US/Fedora_desktop.xml:170(para)
-msgid ""
-"Fedora 10 does <emphasis>not</emphasis> include the legacy KDE 3 Desktop. It "
-"does include a compatibility KDE 3 Development Platform, which can be used "
-"to build and run KDE 3 applications within KDE 4 or any other desktop "
-"environment. Refer to the <xref linkend=\"sn-KDE_3_devel\"/> section for "
-"more details about what is included."
-msgstr ""
-"Fedora 10 <emphasis>no</emphasis> incluye el Escritorio KDE 3. Si se incluye "
-"la plataforma de desarrollo de KDE 3 de compatibilidad, que se puede usar "
-"para desarrollar, construir y ejecutar aplicaciones KDE 3 dentro de KDE 4 o "
-"cualquier otro entorno de escritorio. Vea la sección <xref linkend=\"sn-"
-"KDE_3_devel\"/> para más detalle acerca de lo que se incluye."
+msgid "Fedora 10 does <emphasis>not</emphasis> include the legacy KDE 3 Desktop. It does include a compatibility KDE 3 Development Platform, which can be used to build and run KDE 3 applications within KDE 4 or any other desktop environment. Refer to the <xref linkend=\"sn-KDE_3_devel\"/> section for more details about what is included."
+msgstr "Fedora 10 <emphasis>no</emphasis> incluye el Escritorio KDE 3. Si se incluye la plataforma de desarrollo de KDE 3 de compatibilidad, que se puede usar para desarrollar, construir y ejecutar aplicaciones KDE 3 dentro de KDE 4 o cualquier otro entorno de escritorio. Vea la sección <xref linkend=\"sn-KDE_3_devel\"/> para más detalle acerca de lo que se incluye."
#: en_US/Fedora_desktop.xml:177(para)
-msgid ""
-"Fedora 10 includes a snapshot of <package>knetworkmanager</package>, which "
-"works with the prerelease of <application>NetworkManager</application> 0.7 "
-"in Fedora 10. As it was not considered ready for production use, the KDE "
-"Live images use <command>nm-applet</command> from <package>NetworkManager-"
-"gnome</package> instead (as in Fedora 8 and 9). The <systemitem class="
-"\"daemon\">gnome-keyring-daemon</systemitem> facility saves passwords for "
-"these encryption technologies. If you wish to try <command>knetworkmanager</"
-"command>, it can be installed from the repository."
-msgstr ""
-"Fedora 10 incluye una versión preliminar de <package>knetworkmanager</"
-"package>, que funciona con la versión preliminar 0.7 de "
-"<application>NetworkManager</application> en Fedora 10. Como se consideró "
-"que no estaba lista para su uso, las imágenes de KDE Vivo utilizan "
-"<command>nm-applet</command> de <package>NetworkManager-gnome</package> como "
-"reemplazo (como en Fedora 8 y 9). El <systemitem class=\"daemon\">gnome-"
-"keyring-daemon</systemitem> facilita almacenar contraseñas para estas "
-"tecnologías de encriptación. Si desea probar <package>knetworkmanager</"
-"package>, se puede instalar desde el repositorio."
+msgid "Fedora 10 includes a snapshot of <package>knetworkmanager</package>, which works with the prerelease of <application>NetworkManager</application> 0.7 in Fedora 10. As it was not considered ready for production use, the KDE Live images use <command>nm-applet</command> from <package>NetworkManager-gnome</package> instead (as in Fedora 8 and 9). The <systemitem class=\"daemon\">gnome-keyring-daemon</systemitem> facility saves passwords for these encryption technologies. If you wish to try <command>knetworkmanager</command>, it can be installed from the repository."
+msgstr "Fedora 10 incluye una versión preliminar de <package>knetworkmanager</package>, que funciona con la versión preliminar 0.7 de <application>NetworkManager</application> en Fedora 10. Como se consideró que no estaba lista para su uso, las imágenes de KDE Vivo utilizan <command>nm-applet</command> de <package>NetworkManager-gnome</package> como reemplazo (como en Fedora 8 y 9). El <systemitem class=\"daemon\">gnome-keyring-daemon</systemitem> facilita almacenar contraseñas para estas tecnologías de encriptación. Si desea probar <package>knetworkmanager</package>, se puede instalar desde el repositorio."
#: en_US/Fedora_desktop.xml:188(para)
-msgid ""
-"As the native <application>KWin</application> window manager now optionally "
-"supports compositing and desktop effects, the KDE Live images no longer "
-"include <application>Compiz/Beryl</application> (since Fedora 9). The "
-"<application>KWin</application> compositing/effects mode is disabled by "
-"default, but can be enabled in <guimenuitem>systemsettings</guimenuitem>. "
-"<application>Compiz</application> (with KDE 4 integration) is available from "
-"the repository by installing the <package>compiz-kde</package> package."
-msgstr ""
-"Como el administrador de ventanas nativo <application>KWin</application> "
-"ahora soporta opcionalmente la composición y efectos del escritorio, las "
-"imágenes Vivas KDE ya no incluyen <application>Compiz/Beryl</application> "
-"(desde Fedora 9). El modo de composición/Efectos de <application>KWin</"
-"application> está deshabilitado por defecto, pero se puede activar con "
-"<guimenuitem>systemsettings</guimenuitem>. <application>Compiz</application> "
-"(con integración KDE 4) está disponible en el repositorio instalando el "
-"paquete <package>compiz-kde</package>."
+msgid "As the native <application>KWin</application> window manager now optionally supports compositing and desktop effects, the KDE Live images no longer include <application>Compiz/Beryl</application> (since Fedora 9). The <application>KWin</application> compositing/effects mode is disabled by default, but can be enabled in <guimenuitem>systemsettings</guimenuitem>. <application>Compiz</application> (with KDE 4 integration) is available from the repository by installing the <package>compiz-kde</package> package."
+msgstr "Como el administrador de ventanas nativo <application>KWin</application> ahora soporta opcionalmente la composición y efectos del escritorio, las imágenes Vivas KDE ya no incluyen <application>Compiz/Beryl</application> (desde Fedora 9). El modo de composición/Efectos de <application>KWin</application> está deshabilitado por defecto, pero se puede activar con <guimenuitem>systemsettings</guimenuitem>. <application>Compiz</application> (con integración KDE 4) está disponible en el repositorio instalando el paquete <package>compiz-kde</package>."
#: en_US/Fedora_desktop.xml:199(title)
msgid "Enhancements"
msgstr "Mejoras"
#: en_US/Fedora_desktop.xml:202(para)
-msgid ""
-"<firstterm>Plasma</firstterm> is more mature and panel configuration has "
-"been extended. The new panel controller makes it easy to customize your "
-"panel providing direct visual feedback. The Plasma <command>folderview</"
-"command> applet provides a view of a directory and thus allows you to store "
-"files on the desktop. It is replaces other well known icons on the desktop."
-msgstr ""
-"<firstterm>Plasma</firstterm> está más maduro y se extendió el panel de "
-"configuración. El nuevo controlador del panel facilita personalizar su panel "
-"para obtener una retroalimentación visual directa. El applet "
-"<command>folderview</command> de Plasma provee una vista de un directorio y "
-"así le permite almacenar archivos en el escritorio. Reemplaza otros íconos "
-"bien conocidos en el escritorio."
+msgid "<firstterm>Plasma</firstterm> is more mature and panel configuration has been extended. The new panel controller makes it easy to customize your panel providing direct visual feedback. The Plasma <command>folderview</command> applet provides a view of a directory and thus allows you to store files on the desktop. It is replaces other well known icons on the desktop."
+msgstr "<firstterm>Plasma</firstterm> está más maduro y se extendió el panel de configuración. El nuevo controlador del panel facilita personalizar su panel para obtener una retroalimentación visual directa. El applet <command>folderview</command> de Plasma provee una vista de un directorio y así le permite almacenar archivos en el escritorio. Reemplaza otros íconos bien conocidos en el escritorio."
#: en_US/Fedora_desktop.xml:214(title)
msgid "Package and application changes"
@@ -6395,178 +3346,80 @@ msgid "Fedora 10 ships <package>kdepim</package> 4.1.2 instead of 3.5.x."
msgstr "Fedora 10 viene con <package>kdepim</package> 4.1.2 en vez de 3.5.x."
#: en_US/Fedora_desktop.xml:220(para)
-msgid ""
-"<package>libkipi</package>, <package>libkexiv2</package>, and "
-"<package>libkdcraw</package> have been obsoleted by the KDE 4 versions in "
-"the <package>kdegraphics</package> package. Accordingly, <package>kipi-"
-"plugins</package>, <package>digikam</package>, and <package>kphotoalbum</"
-"package> have been updated to KDE 4 versions."
-msgstr ""
-"Los paquetes <package>libkipi</package>, <package>libkexiv2</package> y "
-"<package>libkdcraw</package> son ahora obsoletos por las versiones KDE 4 en "
-"el paquete <package>kdegraphics</package>. Accordingly, <package>kipi-"
-"plugins</package>, <package>digikam</package>, y <package>kphotoalbum</"
-"package> se actualizaron a versiones KDE 4."
+msgid "<package>libkipi</package>, <package>libkexiv2</package>, and <package>libkdcraw</package> have been obsoleted by the KDE 4 versions in the <package>kdegraphics</package> package. Accordingly, <package>kipi-plugins</package>, <package>digikam</package>, and <package>kphotoalbum</package> have been updated to KDE 4 versions."
+msgstr "Los paquetes <package>libkipi</package>, <package>libkexiv2</package> y <package>libkdcraw</package> son ahora obsoletos por las versiones KDE 4 en el paquete <package>kdegraphics</package>. Accordingly, <package>kipi-plugins</package>, <package>digikam</package>, y <package>kphotoalbum</package> se actualizaron a versiones KDE 4."
#: en_US/Fedora_desktop.xml:230(para)
-msgid ""
-"<package>kpackagekit</package>, a KDE frontend to PackageKit, is now "
-"available. (It may be made available as an update for Fedora 9 at a later "
-"time.)"
-msgstr ""
-"<package>kpackagekit</package>, una interfase KDE para PackageKit, está "
-"ahora disponible. (Puede estar disponible como una actualización para Fedora "
-"9 más adelante.)"
+msgid "<package>kpackagekit</package>, a KDE frontend to PackageKit, is now available. (It may be made available as an update for Fedora 9 at a later time.)"
+msgstr "<package>kpackagekit</package>, una interfase KDE para PackageKit, está ahora disponible. (Puede estar disponible como una actualización para Fedora 9 más adelante.)"
#: en_US/Fedora_desktop.xml:235(para)
-msgid ""
-"In addition, the following changes made since the Fedora 9 release, which "
-"have been backported to Fedora 9 updates, are also part of Fedora 10:"
-msgstr ""
-"Además, los siguientes cambios se hicieron desde el lanzamiento de Fedora 9, "
-"que ha sido puesto también en las actualizaciones de Fedora 9, y que ya son "
-"parte de Fedora 10:"
+msgid "In addition, the following changes made since the Fedora 9 release, which have been backported to Fedora 9 updates, are also part of Fedora 10:"
+msgstr "Además, los siguientes cambios se hicieron desde el lanzamiento de Fedora 9, que ha sido puesto también en las actualizaciones de Fedora 9, y que ya son parte de Fedora 10:"
#: en_US/Fedora_desktop.xml:240(para)
msgid "KDE has been upgraded from version 4.0.3 to 4.1.2."
msgstr "KDE se ha actualizado desde la versión 4.0.3 a 4.1.2."
#: en_US/Fedora_desktop.xml:243(para)
-msgid ""
-"<package>qt</package> and <package>PyQt4</package> have been upgraded from "
-"4.3 to 4.4."
-msgstr ""
-"<package>qt</package> y <package>PyQt4</package> se actualizaron desde 4.3 a "
-"4.4."
+msgid "<package>qt</package> and <package>PyQt4</package> have been upgraded from 4.3 to 4.4."
+msgstr "<package>qt</package> y <package>PyQt4</package> se actualizaron desde 4.3 a 4.4."
#: en_US/Fedora_desktop.xml:248(para)
-msgid ""
-"<package>kdewebdev</package>, <package>kdevelop</package>, "
-"<package>kdegames3</package>, and the KDE 3 backwards-compatibility "
-"libraries have been upgraded from KDE 3.5.9 to 3.5.10."
-msgstr ""
-"<package>kdewebdev</package>, <package>kdevelop</package>, "
-"<package>kdegames3</package>, y las bibliotecas de compatibilidad hacia "
-"atrás de KDE 3 se actualizaron desde KDE 3.5.9 a 3.5.10."
+msgid "<package>kdewebdev</package>, <package>kdevelop</package>, <package>kdegames3</package>, and the KDE 3 backwards-compatibility libraries have been upgraded from KDE 3.5.9 to 3.5.10."
+msgstr "<package>kdewebdev</package>, <package>kdevelop</package>, <package>kdegames3</package>, y las bibliotecas de compatibilidad hacia atrás de KDE 3 se actualizaron desde KDE 3.5.9 a 3.5.10."
#: en_US/Fedora_desktop.xml:255(para)
-msgid ""
-"<emphasis>QtWebKit</emphasis> is now part of the <package>qt</package> "
-"package. The stand alone <package>WebKit-qt</package> package has been "
-"obsoleted."
-msgstr ""
-"<emphasis>QtWebKit</emphasis> es ahora parte del paquete <package>qt</"
-"package>. El paquete único <package>WebKit-qt</package> ya es obsoleto."
+msgid "<emphasis>QtWebKit</emphasis> is now part of the <package>qt</package> package. The stand alone <package>WebKit-qt</package> package has been obsoleted."
+msgstr "<emphasis>QtWebKit</emphasis> es ahora parte del paquete <package>qt</package>. El paquete único <package>WebKit-qt</package> ya es obsoleto."
#: en_US/Fedora_desktop.xml:261(para)
-msgid ""
-"The new package <package>qgtkstyle</package> contains a Qt 4 style using GTK"
-"+ for drawing, providing better integration of Qt 4 and KDE 4 applications "
-"into GNOME."
-msgstr ""
-"El paquete nuevo <package>qgtkstyle</package> contiene el estilo Qt 4 "
-"usando GTK+ para dibujar, proveyendo una mejor integración de aplicaciones "
-"Qt 4 y KDE 4 en GNOME."
+msgid "The new package <package>qgtkstyle</package> contains a Qt 4 style using GTK+ for drawing, providing better integration of Qt 4 and KDE 4 applications into GNOME."
+msgstr "El paquete nuevo <package>qgtkstyle</package> contiene el estilo Qt 4 usando GTK+ para dibujar, proveyendo una mejor integración de aplicaciones Qt 4 y KDE 4 en GNOME."
#: en_US/Fedora_desktop.xml:266(para)
-msgid ""
-"The <systemitem class=\"library\">phonon</systemitem> library, which was "
-"part of <package>kdelibs</package> in Fedora 9, is now a separate package. "
-"An optional <emphasis>GStreamer</emphasis> backend (<package>phonon-backend-"
-"gstreamer</package>) is now available, but the <emphasis>xine-lib</emphasis> "
-"backend, which is now packaged as <package>phonon-backend-xine</package>, is "
-"still the recommended default backend and is now required by the "
-"<package>phonon</package> package."
-msgstr ""
-"La biblioteca <systemitem class=\"library\">phonon</systemitem>, que era "
-"parte de <package>kdelibs</package> en Fedora 9, es ahora un paquete "
-"separado. Un backend opcional de <emphasis>GStreamer</emphasis> "
-"(<package>phonon-backend-gstreamer</package>) está ahora disponible, pero el "
-"backend <emphasis>xine-lib</emphasis>, que ahora se empaqueta como "
-"<package>phonon-backend-xine</package>, es todavía el backend recomendado y "
-"ahora se requiere para el paquete <package>phonon</package>."
+msgid "The <systemitem class=\"library\">phonon</systemitem> library, which was part of <package>kdelibs</package> in Fedora 9, is now a separate package. An optional <emphasis>GStreamer</emphasis> backend (<package>phonon-backend-gstreamer</package>) is now available, but the <emphasis>xine-lib</emphasis> backend, which is now packaged as <package>phonon-backend-xine</package>, is still the recommended default backend and is now required by the <package>phonon</package> package."
+msgstr "La biblioteca <systemitem class=\"library\">phonon</systemitem>, que era parte de <package>kdelibs</package> en Fedora 9, es ahora un paquete separado. Un backend opcional de <emphasis>GStreamer</emphasis> (<package>phonon-backend-gstreamer</package>) está ahora disponible, pero el backend <emphasis>xine-lib</emphasis>, que ahora se empaqueta como <package>phonon-backend-xine</package>, es todavía el backend recomendado y ahora se requiere para el paquete <package>phonon</package>."
#: en_US/Fedora_desktop.xml:276(para)
-msgid ""
-"The <package>kdegames3</package> package no longer provides development "
-"support for the KDE 3 version of <package>libkdegames</package> because "
-"nothing in Fedora outside of <package>kdegames3</package> itself requires "
-"that library any longer."
-msgstr ""
-"El paquete <package>kdegames3</package> ya no provee soporte para el "
-"desarrollo para la versión KDE 3 de <package>libkdegames</package> porque "
-"nada en Fedora aparte de <package>kdegames3</package> requieren esa "
-"biblioteca."
+msgid "The <package>kdegames3</package> package no longer provides development support for the KDE 3 version of <package>libkdegames</package> because nothing in Fedora outside of <package>kdegames3</package> itself requires that library any longer."
+msgstr "El paquete <package>kdegames3</package> ya no provee soporte para el desarrollo para la versión KDE 3 de <package>libkdegames</package> porque nada en Fedora aparte de <package>kdegames3</package> requieren esa biblioteca."
#: en_US/Fedora_desktop.xml:282(para)
-msgid ""
-"The package <package>okteta</package> is now part of <package>kdeutils</"
-"package>."
-msgstr ""
-"El paquete <package>okteta</package> ahora es parte de <package>kdeutils</"
-"package> ."
+msgid "The package <package>okteta</package> is now part of <package>kdeutils</package>."
+msgstr "El paquete <package>okteta</package> ahora es parte de <package>kdeutils</package> ."
#: en_US/Fedora_desktop.xml:285(para)
-msgid ""
-"The package <package>dragonplayer</package> is now part of "
-"<package>kdemultimedia</package>."
-msgstr ""
-"El paquete <package>dragonplayer</package> ahora es parte de "
-"<package>kdemultimedia</package> ."
+msgid "The package <package>dragonplayer</package> is now part of <package>kdemultimedia</package>."
+msgstr "El paquete <package>dragonplayer</package> ahora es parte de <package>kdemultimedia</package> ."
#: en_US/Fedora_desktop.xml:288(para)
-msgid ""
-"The program <package>kaider</package> has been renamed to "
-"<emphasis>Lokalize</emphasis> and is now part of <package>kdesdk</package>."
-msgstr ""
-"El programa <package>kaider</package> se renombró a <emphasis>Lokalize</"
-"emphasis> y ahora es parte de <package>kdesdk</package>."
+msgid "The program <package>kaider</package> has been renamed to <emphasis>Lokalize</emphasis> and is now part of <package>kdesdk</package>."
+msgstr "El programa <package>kaider</package> se renombró a <emphasis>Lokalize</emphasis> y ahora es parte de <package>kdesdk</package>."
#: en_US/Fedora_desktop.xml:292(para)
-msgid ""
-"The package <package>ksirk</package> has been ported to KDE 4 and is now "
-"part of <package>kdegames</package>."
-msgstr ""
-"El paquete <package>ksirk</package> fue portado a KDE 4 y ahora es parte de "
-"<package>kdegames</package> ."
+msgid "The package <package>ksirk</package> has been ported to KDE 4 and is now part of <package>kdegames</package>."
+msgstr "El paquete <package>ksirk</package> fue portado a KDE 4 y ahora es parte de <package>kdegames</package> ."
#: en_US/Fedora_desktop.xml:295(para)
-msgid ""
-"The package <package>extragear-plasma</package> has been renamed to "
-"<package>kdeplasma-addons</package>."
-msgstr ""
-"El paquete <package>extragear-plasma</package> se renombró a "
-"<package>kdeplasma-addons</package>."
+msgid "The package <package>extragear-plasma</package> has been renamed to <package>kdeplasma-addons</package>."
+msgstr "El paquete <package>extragear-plasma</package> se renombró a <package>kdeplasma-addons</package>."
#: en_US/Fedora_desktop.xml:302(title)
msgid "LXDE"
msgstr "LXDE"
#: en_US/Fedora_desktop.xml:303(para)
-msgid ""
-"This release of Fedora comes with an additional desktop environment named "
-"LXDE. LXDE is a new project that provides a lightweight, fast desktop "
-"environment designed to be usable and slim enough to keep resource usage "
-"low. To install the LXDE environment, use the <guilabel>Add/Remove Software</"
-"guilabel> tool or run:"
-msgstr ""
-"Este lanzamiento de Fedora viene con un entorno de escritorio adicional "
-"llamado LXDE. LXDE es un proyecto nuevo que provee un entorno de escritorio "
-"liviano y rápido diseñado para usar muy pocos recursos. Para instalar el "
-"entorno LXDE, use la herramienta <guilabel>Añadir/Quitar Software</guilabel> "
-"o ejecute:"
+msgid "This release of Fedora comes with an additional desktop environment named LXDE. LXDE is a new project that provides a lightweight, fast desktop environment designed to be usable and slim enough to keep resource usage low. To install the LXDE environment, use the <guilabel>Add/Remove Software</guilabel> tool or run:"
+msgstr "Este lanzamiento de Fedora viene con un entorno de escritorio adicional llamado LXDE. LXDE es un proyecto nuevo que provee un entorno de escritorio liviano y rápido diseñado para usar muy pocos recursos. Para instalar el entorno LXDE, use la herramienta <guilabel>Añadir/Quitar Software</guilabel> o ejecute:"
#: en_US/Fedora_desktop.xml:311(command)
msgid "su -c 'yum groupinstall LXDE'"
msgstr "su -c 'yum groupinstall LXDE'"
#: en_US/Fedora_desktop.xml:312(para)
-msgid ""
-"If you only need the base components of LXDE, install the lxde-common "
-"package:"
-msgstr ""
-"Si solamente necesita los componentes base de LXDE, instale el paquete lxde-"
-"common:"
+msgid "If you only need the base components of LXDE, install the lxde-common package:"
+msgstr "Si solamente necesita los componentes base de LXDE, instale el paquete lxde-common:"
#: en_US/Fedora_desktop.xml:316(command)
msgid "su -c 'yum install lxde-common'"
@@ -6577,33 +3430,20 @@ msgid "Sugar Desktop"
msgstr "Escritorio \"Sugar\""
#: en_US/Fedora_desktop.xml:320(para)
-msgid ""
-"The Sugar Desktop originated with the OLPC initiative. It allows for Fedora "
-"users and developers to do the following."
-msgstr ""
-"El Escritorio Sugar se originó con la iniciativa OLPC. Permite a los "
-"usuarios de Fedora y a los desarrolladores hacer lo siguiente."
+msgid "The Sugar Desktop originated with the OLPC initiative. It allows for Fedora users and developers to do the following."
+msgstr "El Escritorio Sugar se originó con la iniciativa OLPC. Permite a los usuarios de Fedora y a los desarrolladores hacer lo siguiente."
#: en_US/Fedora_desktop.xml:324(para)
msgid "Build upon the collaborative environment."
msgstr "Construir sobre el entorno colaborativo."
#: en_US/Fedora_desktop.xml:326(para)
-msgid ""
-"Test out Sugar on an existing Fedora system by selecting the Sugar "
-"environment from their display manager."
-msgstr ""
-"Probar sugar en un sistema Fedora existente seleccionando el entorno Sugar "
-"desde su administración de pantalla."
+msgid "Test out Sugar on an existing Fedora system by selecting the Sugar environment from their display manager."
+msgstr "Probar sugar en un sistema Fedora existente seleccionando el entorno Sugar desde su administración de pantalla."
#: en_US/Fedora_desktop.xml:329(para)
-msgid ""
-"Developers interested in working on the Sugar interface or writing "
-"activities can have a development platform without needing an XO laptop."
-msgstr ""
-"Los desarrolladores interesados en trabajar sobre la interfase Sugar o "
-"escribir actividades, puede tener una plataforma de desarrollo sin necesidad "
-"de una portátil XO."
+msgid "Developers interested in working on the Sugar interface or writing activities can have a development platform without needing an XO laptop."
+msgstr "Los desarrolladores interesados en trabajar sobre la interfase Sugar o escribir actividades, puede tener una plataforma de desarrollo sin necesidad de una portátil XO."
#: en_US/Fedora_desktop.xml:336(title)
msgid "Web browsers"
@@ -6614,20 +3454,8 @@ msgid "Enabling Flash plugin"
msgstr "Habilitando el Plugin de Flash"
#: en_US/Fedora_desktop.xml:339(para)
-msgid ""
-"Fedora includes <command>swfdec</command> and <command>gnash</command>, "
-"which are free and open source implementations of Flash. We encourage you to "
-"try either of them before seeking out Adobe's proprietary Flash Player "
-"plugin software. The Adobe Flash Player plugin uses a legacy sound framework "
-"that does not work correctly without additional support. Run the following "
-"command to enable this support:"
-msgstr ""
-"Fedora incluye <command>swfdec</command> y <command>gnash</command>, que son "
-"implementaciones de Flash libres y de código abierto. Tenga a bien "
-"experimentar con cualquiera de ellos antes de instalar el complemento Flash "
-"Player propietario de Adobe. El complemento de Flash Player de Adobe usa un "
-"marco de trabajo de sonido ya viejo que no funciona correctamente y no tiene "
-"soporte adicional. Ejecute el siguiente comando para activar este soporte:"
+msgid "Fedora includes <command>swfdec</command> and <command>gnash</command>, which are free and open source implementations of Flash. We encourage you to try either of them before seeking out Adobe's proprietary Flash Player plugin software. The Adobe Flash Player plugin uses a legacy sound framework that does not work correctly without additional support. Run the following command to enable this support:"
+msgstr "Fedora incluye <command>swfdec</command> y <command>gnash</command>, que son implementaciones de Flash libres y de código abierto. Tenga a bien experimentar con cualquiera de ellos antes de instalar el complemento Flash Player propietario de Adobe. El complemento de Flash Player de Adobe usa un marco de trabajo de sonido ya viejo que no funciona correctamente y no tiene soporte adicional. Ejecute el siguiente comando para activar este soporte:"
#: en_US/Fedora_desktop.xml:348(userinput)
#: en_US/Fedora_desktop.xml:368(userinput)
@@ -6636,34 +3464,16 @@ msgid "su -c 'yum install libflashsupport'"
msgstr "su -c 'yum install libflashsupport'"
#: en_US/Fedora_desktop.xml:350(para)
-msgid ""
-"If you are using Flash 10, you do not need <package>libflashsupport</"
-"package> anymore as the usage of ALSA has been fixed in this version."
-msgstr ""
-"Si está usando Flash 10, no necesitará <package>libflashsupport</package> "
-"más dado que el uso de ALSA fué mejorado en esta versión."
+msgid "If you are using Flash 10, you do not need <package>libflashsupport</package> anymore as the usage of ALSA has been fixed in this version."
+msgstr "Si está usando Flash 10, no necesitará <package>libflashsupport</package> más dado que el uso de ALSA fué mejorado en esta versión."
#: en_US/Fedora_desktop.xml:354(para)
-msgid ""
-"Users of Fedora x86_64 must install the <package>nspluginwrapper.i386</"
-"package> package to enable the 32-bit Adobe Flash Player plug-in in "
-"<application>Firefox</application>, and the <package>libflashsupport.i386</"
-"package> package to enable sound from the plugin."
-msgstr ""
-"Los usuarios de Fedora x86_64 deben instalar el paquete "
-"<package>nspluginwrapper.i386</package> para habilitar el complemento de 32 "
-"bits de Flash de Adobe en Firefox y el paquete <package>libflashsupport."
-"i386</package> para habilitar el sonido desde el complemento."
+msgid "Users of Fedora x86_64 must install the <package>nspluginwrapper.i386</package> package to enable the 32-bit Adobe Flash Player plug-in in <application>Firefox</application>, and the <package>libflashsupport.i386</package> package to enable sound from the plugin."
+msgstr "Los usuarios de Fedora x86_64 deben instalar el paquete <package>nspluginwrapper.i386</package> para habilitar el complemento de 32 bits de Flash de Adobe en Firefox y el paquete <package>libflashsupport.i386</package> para habilitar el sonido desde el complemento."
#: en_US/Fedora_desktop.xml:360(para)
-msgid ""
-"Install the <package>nspluginwrapper.i386</package>, "
-"<package>nspluginwrapper.x86_64</package>, and <package>libflashsupport."
-"i386</package> packages:"
-msgstr ""
-"Instalar los paquetes <package>nspluginwrapper.i386</package>, "
-"<package>nspluginwrapper.x86_64</package> y <package>pulseaudio-lib.i386</"
-"package>:"
+msgid "Install the <package>nspluginwrapper.i386</package>, <package>nspluginwrapper.x86_64</package>, and <package>libflashsupport.i386</package> packages:"
+msgstr "Instalar los paquetes <package>nspluginwrapper.i386</package>, <package>nspluginwrapper.x86_64</package> y <package>pulseaudio-lib.i386</package>:"
#: en_US/Fedora_desktop.xml:363(userinput)
#, no-wrap
@@ -6671,20 +3481,12 @@ msgid "su -c 'yum install nspluginwrapper.{i386,x86_64} libflashsupport.i386'"
msgstr "su -c 'yum install nspluginwrapper.{i386,x86_64} libflashsupport.i386'"
#: en_US/Fedora_desktop.xml:365(para)
-msgid ""
-"Install <package>flash-plugin</package> after <package>nspluginwrapper.i386</"
-"package> is installed:"
-msgstr ""
-"Instalar <package>flash-plugin</package> después de instalar "
-"<package>nspluginwrapper.i386</package>:"
+msgid "Install <package>flash-plugin</package> after <package>nspluginwrapper.i386</package> is installed:"
+msgstr "Instalar <package>flash-plugin</package> después de instalar <package>nspluginwrapper.i386</package>:"
#: en_US/Fedora_desktop.xml:370(para)
-msgid ""
-"Run <userinput>mozilla-plugin-config</userinput> to register the flash "
-"plugin:"
-msgstr ""
-"Ejecute <userinput>mozilla-plugin-config</userinput> para registrar el "
-"complemento de flash:"
+msgid "Run <userinput>mozilla-plugin-config</userinput> to register the flash plugin:"
+msgstr "Ejecute <userinput>mozilla-plugin-config</userinput> para registrar el complemento de flash:"
#: en_US/Fedora_desktop.xml:373(userinput)
#, no-wrap
@@ -6692,45 +3494,24 @@ msgid "su -c 'mozilla-plugin-config -i -g -v'"
msgstr "su -c 'mozilla-plugin-config -i -g -v'"
#: en_US/Fedora_desktop.xml:375(para)
-msgid ""
-"Close all <application>Firefox</application> windows, and then relaunch "
-"<application>Firefox</application>. Type <userinput>about:plugins</"
-"userinput> in the URL bar to ensure the plugin is loaded."
-msgstr ""
-"Cierre todas las ventanas de <application>Firefox</application>, y luego "
-"reinicie <application>Firefox</application>. Ingrese <userinput>about:"
-"plugins</userinput> en la barra de direcciones para asegurarse que el "
-"complemento está cargado."
+msgid "Close all <application>Firefox</application> windows, and then relaunch <application>Firefox</application>. Type <userinput>about:plugins</userinput> in the URL bar to ensure the plugin is loaded."
+msgstr "Cierre todas las ventanas de <application>Firefox</application>, y luego reinicie <application>Firefox</application>. Ingrese <userinput>about:plugins</userinput> en la barra de direcciones para asegurarse que el complemento está cargado."
#: en_US/Fedora_desktop.xml:381(title)
msgid "Disabling PC speaker"
msgstr "Deshabilitando el Parlante de la PC"
#: en_US/Fedora_desktop.xml:382(para)
-msgid ""
-"PC speaker is enabled by default in Fedora. If you do not prefer this, there "
-"are two ways to circumvent the sounds:"
-msgstr ""
-"El parlante de la PC está habilitado por defecto en esta versión, pero puede "
-"deshabilitarlo en un número de formas:"
+msgid "PC speaker is enabled by default in Fedora. If you do not prefer this, there are two ways to circumvent the sounds:"
+msgstr "El parlante de la PC está habilitado por defecto en esta versión, pero puede deshabilitarlo en un número de formas:"
#: en_US/Fedora_desktop.xml:386(para)
-msgid ""
-"Reduce its volume to a acceptable level or completely mute the PC speaker in "
-"<command>alsamixer</command> with the setting for "
-"<menuchoice><guimenuitem>PC Speak</guimenuitem></menuchoice>."
-msgstr ""
-"Reducir el volumen del parlante del PC a un nivel aceptable o completamente "
-"mudo en <command>alsamixer</command> con la configuración del "
-"<menuchoice><guimenuitem>Parlante del PC</guimenuitem></menuchoice>."
+msgid "Reduce its volume to a acceptable level or completely mute the PC speaker in <command>alsamixer</command> with the setting for <menuchoice><guimenuitem>PC Speak</guimenuitem></menuchoice>."
+msgstr "Reducir el volumen del parlante del PC a un nivel aceptable o completamente mudo en <command>alsamixer</command> con la configuración del <menuchoice><guimenuitem>Parlante del PC</guimenuitem></menuchoice>."
#: en_US/Fedora_desktop.xml:394(para)
-msgid ""
-"Disable the PC speaker system wide by running the following commands in a "
-"console:"
-msgstr ""
-"Deshabilite el parlante de PC a nivel del sistema ejecutando el siguiente "
-"comando en una consola:"
+msgid "Disable the PC speaker system wide by running the following commands in a console:"
+msgstr "Deshabilite el parlante de PC a nivel del sistema ejecutando el siguiente comando en una consola:"
#: en_US/Fedora_desktop.xml:397(userinput)
#, no-wrap
@@ -6742,175 +3523,80 @@ msgid "Fedora 10 Overview"
msgstr "Vista Global de Fedora 10"
#: en_US/Fedora_10_overview.xml:6(para)
-msgid ""
-"As always, Fedora continues to develop (<ulink url=\"http://www."
-"fedoraproject.org/wiki/RedHatContributions\"/>) and integrate the latest "
-"free and open source software (<ulink url=\"http://www.fedoraproject.org/"
-"wiki/Features\"/>.) The following sections provide a brief overview of major "
-"changes from the last release of Fedora. For more details about other "
-"features that are included in Fedora 10, refer to their individual wiki "
-"pages that detail feature goals and progress:"
-msgstr ""
-"Como siempre, Fedora continúa el desarrollo (<ulink url=\"http://www."
-"fedoraproject.org/wiki/RedHatContributions\"/>) e integra lo último en "
-"software libre y de código abierto (<ulink url=\"http://www.fedoraproject."
-"org/wiki/Features\"/>.) Las secciones siguientes proveen un breve repaso de "
-"los cambios importantes desde el último lanzamiento de Fedora. Para más "
-"detalle acerca de otras características incluídas en Fedora 10, vaya a sus "
-"páginas wiki individual en donde se detallan los objetivos y su progreso:"
+msgid "As always, Fedora continues to develop (<ulink url=\"http://www.fedoraproject.org/wiki/RedHatContributions\"/>) and integrate the latest free and open source software (<ulink url=\"http://www.fedoraproject.org/wiki/Features\"/>.) The following sections provide a brief overview of major changes from the last release of Fedora. For more details about other features that are included in Fedora 10, refer to their individual wiki pages that detail feature goals and progress:"
+msgstr "Como siempre, Fedora continúa el desarrollo (<ulink url=\"http://www.fedoraproject.org/wiki/RedHatContributions\"/>) e integra lo último en software libre y de código abierto (<ulink url=\"http://www.fedoraproject.org/wiki/Features\"/>.) Las secciones siguientes proveen un breve repaso de los cambios importantes desde el último lanzamiento de Fedora. Para más detalle acerca de otras características incluídas en Fedora 10, vaya a sus páginas wiki individual en donde se detallan los objetivos y su progreso:"
#: en_US/Fedora_10_overview.xml:17(para)
-msgid ""
-"Throughout the release cycle, there are interviews with the developers "
-"behind key features giving out the inside story:"
-msgstr ""
-"A lo largo del ciclo del lanzamiento, hay entrevistas con los "
-"desarrolladores para obtener la historia detrás de cámaras de las "
-"características principales:"
+msgid "Throughout the release cycle, there are interviews with the developers behind key features giving out the inside story:"
+msgstr "A lo largo del ciclo del lanzamiento, hay entrevistas con los desarrolladores para obtener la historia detrás de cámaras de las características principales:"
#: en_US/Fedora_10_overview.xml:24(para)
msgid "The following are major features for Fedora 10:"
msgstr "Las siguientes son las características más importantes de Fedora 10:"
#: en_US/Fedora_10_overview.xml:27(para)
-msgid ""
-"Wireless connection sharing enables ad hoc network sharing -- <ulink url="
-"\"http://www.fedoraproject.org/wiki/Features/ConnectionSharing\"/>"
-msgstr ""
-"La compartición de conexión inalámbrica habilita la compartición de red ad "
-"hoc -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/"
-"ConnectionSharing\"/>"
+msgid "Wireless connection sharing enables ad hoc network sharing -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/ConnectionSharing\"/>"
+msgstr "La compartición de conexión inalámbrica habilita la compartición de red ad hoc -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/ConnectionSharing\"/>"
#: en_US/Fedora_10_overview.xml:32(para)
-msgid ""
-"Better setup and use of printers through improved management tools -- <ulink "
-"url=\"http://www.fedoraproject.org/wiki/Features/BetterPrinting\"/>"
-msgstr ""
-"Una mejor configuración y uso de impresoras a través de herramientas de "
-"administración mejoradas -- <ulink url=\"http://www.fedoraproject.org/wiki/"
-"Features/BetterPrinting\"/>"
+msgid "Better setup and use of printers through improved management tools -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/BetterPrinting\"/>"
+msgstr "Una mejor configuración y uso de impresoras a través de herramientas de administración mejoradas -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/BetterPrinting\"/>"
#: en_US/Fedora_10_overview.xml:37(para)
-msgid ""
-"Virtualization storage provisioning for local and remote connections now "
-"simplified -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/"
-"VirtStorage\"/>"
-msgstr ""
-"Se simplifica la provisión de almacenamiento para conexiónes locales y "
-"remotas de virtualización -- <ulink url=\"http://www.fedoraproject.org/wiki/"
-"Features/VirtStorage\"/>"
+msgid "Virtualization storage provisioning for local and remote connections now simplified -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/VirtStorage\"/>"
+msgstr "Se simplifica la provisión de almacenamiento para conexiónes locales y remotas de virtualización -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/VirtStorage\"/>"
#: en_US/Fedora_10_overview.xml:42(para)
-msgid ""
-"SecTool is a new security audit and intrusion detection system -- <ulink url="
-"\"http://www.fedoraproject.org/wiki/Features/SecurityAudit\"/>"
-msgstr ""
-"SecTool es un sistema nuevo de auditoría de seguridad y detección de "
-"intrusión -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/"
-"SecurityAudit\"/>"
+msgid "SecTool is a new security audit and intrusion detection system -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/SecurityAudit\"/>"
+msgstr "SecTool es un sistema nuevo de auditoría de seguridad y detección de intrusión -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/SecurityAudit\"/>"
#: en_US/Fedora_10_overview.xml:47(para)
-msgid ""
-"RPM 4.6 is a major update to the powerful, flexible software management "
-"libraries -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/RPM4.6"
-"\"/>"
-msgstr ""
-"RPM 4.6 es una actualización importante a las bibliotecas de administración "
-"de software poderosa y flexible -- <ulink url=\"http://www.fedoraproject.org/"
-"wiki/Features/RPM4.6\"/>"
+msgid "RPM 4.6 is a major update to the powerful, flexible software management libraries -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/RPM4.6\"/>"
+msgstr "RPM 4.6 es una actualización importante a las bibliotecas de administración de software poderosa y flexible -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/RPM4.6\"/>"
#: en_US/Fedora_10_overview.xml:53(para)
msgid "Some other features in this release include:"
msgstr "Las nuevas características disponibles incluyen:"
#: en_US/Fedora_10_overview.xml:57(para)
-msgid ""
-"Glitch free audio and better performance is achieved through a rewrite of "
-"the PulseAudio sound server to use timer-based audio scheduling -- <ulink "
-"url=\"http://www.fedoraproject.org/wiki/Features/GlitchFreeAudio\"/>"
-msgstr ""
-"El audio sin interrupción y una mejor performance se obtuvo mediante la "
-"rescritura del servidor de sonido PulseAudio para que use la planificación "
-"de audio basada en temporizadores -- <ulink url=\"http://www.fedoraproject."
-"org/wiki/Features/GlitchFreeAudio\"/>"
+msgid "Glitch free audio and better performance is achieved through a rewrite of the PulseAudio sound server to use timer-based audio scheduling -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/GlitchFreeAudio\"/>"
+msgstr "El audio sin interrupción y una mejor performance se obtuvo mediante la rescritura del servidor de sonido PulseAudio para que use la planificación de audio basada en temporizadores -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/GlitchFreeAudio\"/>"
#: en_US/Fedora_10_overview.xml:63(para)
-msgid ""
-"Improved webcam support -- <ulink url=\"http://www.fedoraproject.org/wiki/"
-"Features/BetterWebcamSupport\"/>"
-msgstr ""
-"Soporte webcam mejorado -- <ulink url=\"http://www.fedoraproject.org/wiki/"
-"Features/BetterWebcamSupport\"/>"
+msgid "Improved webcam support -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/BetterWebcamSupport\"/>"
+msgstr "Soporte webcam mejorado -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/BetterWebcamSupport\"/>"
#: en_US/Fedora_10_overview.xml:67(para)
-msgid ""
-"Better support for infrared remote controls makes them easier to connect and "
-"work with many applications -- <ulink url=\"http://www.fedoraproject.org/"
-"wiki/Features/BetterLIRCSupport\"/>"
-msgstr ""
-"Un mejor soporte para controles remotos infrarrojos hace más fácil "
-"conectarse y trabajar con muchas aplicaciones -- <ulink url=\"http://www."
-"fedoraproject.org/wiki/Features/BetterLIRCSupport\"/>"
+msgid "Better support for infrared remote controls makes them easier to connect and work with many applications -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/BetterLIRCSupport\"/>"
+msgstr "Un mejor soporte para controles remotos infrarrojos hace más fácil conectarse y trabajar con muchas aplicaciones -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/BetterLIRCSupport\"/>"
#: en_US/Fedora_10_overview.xml:72(para)
-msgid ""
-"The paths <computeroutput>/usr/local/sbin:/usr/sbin:/sbin</computeroutput> "
-"have been added to the <envar>PATH</envar> for normal users, to simplify "
-"command-line administration tasks -- <ulink url=\"http://fedoraproject.org/"
-"wiki/Features/SbinSanity\"/>"
-msgstr ""
-"Las direcciones <computeroutput>/usr/local/sbin:/usr/sbin:/sbin</"
-"computeroutput> se agregaron a <envar>PATH</envar> para usuarios normales, "
-"para simplificar las tareas de administración en línea de comando -- <ulink "
-"url=\"http://fedoraproject.org/wiki/Features/SbinSanity\"/>"
+msgid "The paths <computeroutput>/usr/local/sbin:/usr/sbin:/sbin</computeroutput> have been added to the <envar>PATH</envar> for normal users, to simplify command-line administration tasks -- <ulink url=\"http://fedoraproject.org/wiki/Features/SbinSanity\"/>"
+msgstr "Las direcciones <computeroutput>/usr/local/sbin:/usr/sbin:/sbin</computeroutput> se agregaron a <envar>PATH</envar> para usuarios normales, para simplificar las tareas de administración en línea de comando -- <ulink url=\"http://fedoraproject.org/wiki/Features/SbinSanity\"/>"
#: en_US/Fedora_10_overview.xml:79(para)
-msgid ""
-"The online account service provides applications with credentials for online "
-"accounts listed on <ulink url=\"http://online.gnome.org\"/> or stored in "
-"GConf -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/"
-"OnlineAccountsService\"/>"
-msgstr ""
-"El servicio de cuenta en línea provee a las aplicaciones de credenciales de "
-"cuentas online listadas en <ulink url=\"http://online.gnome.org\"/> o "
-"almacenadas en GConf -- <ulink url=\"http://www.fedoraproject.org/wiki/"
-"Features/OnlineAccountsService\"/>"
+msgid "The online account service provides applications with credentials for online accounts listed on <ulink url=\"http://online.gnome.org\"/> or stored in GConf -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/OnlineAccountsService\"/>"
+msgstr "El servicio de cuenta en línea provee a las aplicaciones de credenciales de cuentas online listadas en <ulink url=\"http://online.gnome.org\"/> o almacenadas en GConf -- <ulink url=\"http://www.fedoraproject.org/wiki/Features/OnlineAccountsService\"/>"
#: en_US/Fedora_10_overview.xml:86(para)
msgid "Features for Fedora 10 are tracked on the feature list page:"
-msgstr ""
-"Las características de Fedora 10 son rastreadas en la página de lista de "
-"características:"
+msgstr "Las características de Fedora 10 son rastreadas en la página de lista de características:"
#: en_US/Fedora_10_boot-time.xml:5(title)
msgid "Fedora 10 boot-time"
msgstr "Tiempo de arranque de Fedora 10"
#: en_US/Fedora_10_boot-time.xml:6(para)
-msgid ""
-"Fedora 10 includes multiple boot-time updates, including changes that allow "
-"for faster booting and graphic booting changes."
-msgstr ""
-"Fedora 10 incluye actulaizaciónes de múltiples tiempo de arranques, que "
-"incluyen cambios que le permiten un arranque más rápido y cambios en la "
-"forma en que arranca gráficamente."
+msgid "Fedora 10 includes multiple boot-time updates, including changes that allow for faster booting and graphic booting changes."
+msgstr "Fedora 10 incluye actulaizaciónes de múltiples tiempo de arranques, que incluyen cambios que le permiten un arranque más rápido y cambios en la forma en que arranca gráficamente."
#: en_US/Fedora_10_boot-time.xml:9(title)
msgid "GRUB"
msgstr "GRUB"
#: en_US/Fedora_10_boot-time.xml:10(para)
-msgid ""
-"The GRUB menu is no longer shown at startup, except on dual-boot systems. To "
-"bring up the GRUB menu, hold the <keycap>Shift</keycap> key before the "
-"kernel is loaded. (Any other key works but the <keycap>Shift</keycap> key is "
-"the safest to use.)"
-msgstr ""
-"El menú GRUB ya no se muestra en el inicio, a excepción en sistema de "
-"arranque dual. Para mostrar el menú de GRUB, mantenga presionada la tecla "
-"<keycap>Shift</keycap> antes de que se cargue el kernel. (Cualquier otra "
-"tecla funciona, pero la tecla <keycap>Shift</keycap> es la más segura para "
-"usar.)"
+msgid "The GRUB menu is no longer shown at startup, except on dual-boot systems. To bring up the GRUB menu, hold the <keycap>Shift</keycap> key before the kernel is loaded. (Any other key works but the <keycap>Shift</keycap> key is the safest to use.)"
+msgstr "El menú GRUB ya no se muestra en el inicio, a excepción en sistema de arranque dual. Para mostrar el menú de GRUB, mantenga presionada la tecla <keycap>Shift</keycap> antes de que se cargue el kernel. (Cualquier otra tecla funciona, pero la tecla <keycap>Shift</keycap> es la más segura para usar.)"
#: en_US/Fedora_10_boot-time.xml:17(title)
msgid "Plymouth"
@@ -6921,78 +3607,24 @@ msgid "Plymouth is the graphical boot up system debuting with Fedora 10."
msgstr "Plymouth ies el sistema de arranque gráfico que debuta en Fedora 10."
#: en_US/Fedora_10_boot-time.xml:22(para)
-msgid ""
-"Adding <command>rhgb</command> on the <command>grub</command> command line "
-"directs Plymouth to load the appropriate plugin for your hardware."
-msgstr ""
-"Agregando <command>rhgb</command> en la línea de comando de <command>grub</"
-"command> le dice a Plymouth que cargue el complemento apropiado para su "
-"hardware."
+msgid "Adding <command>rhgb</command> on the <command>grub</command> command line directs Plymouth to load the appropriate plugin for your hardware."
+msgstr "Agregando <command>rhgb</command> en la línea de comando de <command>grub</command> le dice a Plymouth que cargue el complemento apropiado para su hardware."
#: en_US/Fedora_10_boot-time.xml:26(para)
-msgid ""
-"The graphical boot splash screen that comes with Plymouth requires kernel "
-"mode setting drivers to work best. There are not kernel modesetting drivers "
-"available for all hardware yet. To see the graphical splash before the "
-"drivers are generally available, add <userinput>vga=0x318</userinput> to the "
-"kernel <command>grub</command> command line. This uses <command>vesafb</"
-"command>, which does not necessarily give the native resolution for a flat "
-"panel, and may cause flickering or other weird interactions with X. Without "
-"kernel modesetting drivers or <userinput>vga=0x318</userinput>, Plymouth "
-"uses a text-based plugin that is plain but functional."
-msgstr ""
-"La pantalla de presentación gráfica del arranque que viene con Plymouth "
-"requiere los controladores de configuración de modo del kernel para "
-"funcionar mejor. No hay disponibles controladores de configuración de modo "
-"del kernel para todos los equipos actualmente. Para ver la presentación "
-"gráfica antes que los controladores estén disponibles, agregue "
-"<userinput>vga=0x318</userinput> a la línea de comando del kernel de "
-"<command>grub</command>. Este usa <command>vesafb</command>, que no "
-"necesariamente da una resolución nativa de un monitor lcd y puede causar "
-"parpadeos u otras interacciones raras con X. Sin los controladores de "
-"configuración de modo del kernel o con <userinput>vga=0x318</userinput>, "
-"Plymouth usa un complemento basado en texto que es plano pero funcional."
+msgid "The graphical boot splash screen that comes with Plymouth requires kernel mode setting drivers to work best. There are not kernel modesetting drivers available for all hardware yet. To see the graphical splash before the drivers are generally available, add <userinput>vga=0x318</userinput> to the kernel <command>grub</command> command line. This uses <command>vesafb</command>, which does not necessarily give the native resolution for a flat panel, and may cause flickering or other weird interactions with X. Without kernel modesetting drivers or <userinput>vga=0x318</userinput>, Plymouth uses a text-based plugin that is plain but functional."
+msgstr "La pantalla de presentación gráfica del arranque que viene con Plymouth requiere los controladores de configuración de modo del kernel para funcionar mejor. No hay disponibles controladores de configuración de modo del kernel para todos los equipos actualmente. Para ver la presentación gráfica antes que los controladores estén disponibles, agregue <userinput>vga=0x318</userinput> a la línea de comando del kernel de <command>grub</command>. Este usa <command>vesafb</command>, que no necesariamente da una resolución nativa de un monitor lcd y puede causar parpadeos u otras interacciones raras con X. Sin los controladores de configuración de modo del kernel o con <userinput>vga=0x318</userinput>, Plymouth usa un complemento basado en texto que es plano pero funcional."
#: en_US/Fedora_10_boot-time.xml:38(para)
-msgid ""
-"Currently, only Radeon R500 and higher users get kernel modesetting by "
-"default. There is work in progress to provide modesetting for R100 and R200. "
-"Additionally, Intel kernel modesetting drivers are in development, but not "
-"turned on by default."
-msgstr ""
-"Actualmente, solo Radeon R500 y los usuarios de versiones más altas obtienen "
-"el kernel con la configuración de modo por defecto. Se está trabajando para "
-"proveer la configuración del modo para R100 y R200. Además los controladores "
-"para configuración del modo en kernel para Intel están en desarrollo, pero "
-"no están activados por defecto."
+msgid "Currently, only Radeon R500 and higher users get kernel modesetting by default. There is work in progress to provide modesetting for R100 and R200. Additionally, Intel kernel modesetting drivers are in development, but not turned on by default."
+msgstr "Actualmente, solo Radeon R500 y los usuarios de versiones más altas obtienen el kernel con la configuración de modo por defecto. Se está trabajando para proveer la configuración del modo para R100 y R200. Además los controladores para configuración del modo en kernel para Intel están en desarrollo, pero no están activados por defecto."
#: en_US/Fedora_10_boot-time.xml:44(para)
-msgid ""
-"The kernel modesetting drivers are still in development and buggy. If you "
-"end up with nothing but a black screen during boot up, or a screen with "
-"nothing but random noise on it, then adding <userinput>nomodeset</userinput> "
-"to the kernel boot prompt in grub disables modesetting."
-msgstr ""
-"Los controladores de configuración de modo del kernel están todavía en "
-"desarrollo y tienen errores. Si termina con una pantalla negra durante el "
-"arranque, o con una pantalla sin más que un ruido aleatorio en ella, "
-"entonces agregue <userinput>nomodeset</userinput> al indicador de arranque "
-"del kernel en grub para deshabilitar la configuración del modo."
+msgid "The kernel modesetting drivers are still in development and buggy. If you end up with nothing but a black screen during boot up, or a screen with nothing but random noise on it, then adding <userinput>nomodeset</userinput> to the kernel boot prompt in grub disables modesetting."
+msgstr "Los controladores de configuración de modo del kernel están todavía en desarrollo y tienen errores. Si termina con una pantalla negra durante el arranque, o con una pantalla sin más que un ruido aleatorio en ella, entonces agregue <userinput>nomodeset</userinput> al indicador de arranque del kernel en grub para deshabilitar la configuración del modo."
#: en_US/Fedora_10_boot-time.xml:50(para)
-msgid ""
-"Plymouth hides boot messages. To view boot messages, press the <keycap>Esc</"
-"keycap> key during boot, or view them in <filename>/var/log/boot.log</"
-"filename> after boot up. Alternatively, remove <command>rhgb</command> from "
-"the kernel command line and plymouth displays all boot messages. There is "
-"also a status icon on the login screen to view boot warnings."
-msgstr ""
-"Plymouth oculta los mensajes de arranque. Para ver los mensajes de arranque, "
-"presione la tecla <keycap>Esc</keycap>, o véalos en <filename>/var/log/boot."
-"log</filename> después de arrancar. Alternativamente, elimine <command>rhgb</"
-"command> de la línea de comando del kernel y plymouth mostrará todos los "
-"mensajes de arranque. Tampoco hay un ícono de estado en la pantalla de "
-"ingreso para ver las advertencias de arranque."
+msgid "Plymouth hides boot messages. To view boot messages, press the <keycap>Esc</keycap> key during boot, or view them in <filename>/var/log/boot.log</filename> after boot up. Alternatively, remove <command>rhgb</command> from the kernel command line and plymouth displays all boot messages. There is also a status icon on the login screen to view boot warnings."
+msgstr "Plymouth oculta los mensajes de arranque. Para ver los mensajes de arranque, presione la tecla <keycap>Esc</keycap>, o véalos en <filename>/var/log/boot.log</filename> después de arrancar. Alternativamente, elimine <command>rhgb</command> de la línea de comando del kernel y plymouth mostrará todos los mensajes de arranque. Tampoco hay un ícono de estado en la pantalla de ingreso para ver las advertencias de arranque."
#: en_US/Fedora_10_boot-time.xml:61(title)
msgid "Faster booting"
@@ -7000,357 +3632,171 @@ msgstr "Arranque mas rápido"
#: en_US/Fedora_10_boot-time.xml:62(para)
msgid "Fedora 10 gets a faster boot from improvements in process start-up."
-msgstr ""
-"Fedora 10 tiene un arranque más rápido debido a mejoras en el proceso de "
-"iniciado."
+msgstr "Fedora 10 tiene un arranque más rápido debido a mejoras en el proceso de iniciado."
#: en_US/Fedora_10_boot-time.xml:66(para)
msgid "Readahead is started in parallel with the boot process."
msgstr "Readahead se inicia en paralelo con el proceso de arranque."
#: en_US/Fedora_10_boot-time.xml:69(para)
-msgid ""
-"Udev may appear to be slower but in fact readahead reads all disk buffers "
-"needed for the boot process in the background and shortens the whole boot "
-"process. Creation of the readahead file list is done monthly and can be "
-"triggered manually by touching <filename>/.readahead_collect</filename>. The "
-"configuration file <filename>/etc/sysconfig/readahead</filename> can be "
-"edited to turn off readahead-collector and/or readahead."
-msgstr ""
-"Udev puede parecerle más lento, pero en realidad readahead lee todos los "
-"búferes de disco necesarios para el proceso de arranque en segundo plano "
-"para acortar todo el proceso de arranque. La creación de un archivo "
-"readahead se hace mensualmente y se puede forzar manualmente tocando "
-"<filename>/.readahead_collect</filename>. El archivo de configuración "
-"<filename>/etc/sysconfig/readahead</filename> se puede editar para "
-"desactivar el colector de readahead y o readahead. "
+msgid "Udev may appear to be slower but in fact readahead reads all disk buffers needed for the boot process in the background and shortens the whole boot process. Creation of the readahead file list is done monthly and can be triggered manually by touching <filename>/.readahead_collect</filename>. The configuration file <filename>/etc/sysconfig/readahead</filename> can be edited to turn off readahead-collector and/or readahead."
+msgstr "Udev puede parecerle más lento, pero en realidad readahead lee todos los búferes de disco necesarios para el proceso de arranque en segundo plano para acortar todo el proceso de arranque. La creación de un archivo readahead se hace mensualmente y se puede forzar manualmente tocando <filename>/.readahead_collect</filename>. El archivo de configuración <filename>/etc/sysconfig/readahead</filename> se puede editar para desactivar el colector de readahead y o readahead. "
#: en_US/Fedora_10_boot-time.xml:81(title)
msgid "Kernel modesetting"
msgstr "Configuración de modo del Kernel"
#: en_US/Fedora_10_boot-time.xml:82(para)
-msgid ""
-"Kernel modesetting (KMS) can default to either enabled or disabled in the "
-"DRM driver and it can be enabled or disabled at boot-time."
-msgstr ""
-"La configuración de modo del kernel (KMS) puede estár habilitado o "
-"deshabilitado por defecto en el controlador DRM y se puede habilitar o "
-"deshabilitar en el momento del arranque."
+msgid "Kernel modesetting (KMS) can default to either enabled or disabled in the DRM driver and it can be enabled or disabled at boot-time."
+msgstr "La configuración de modo del kernel (KMS) puede estár habilitado o deshabilitado por defecto en el controlador DRM y se puede habilitar o deshabilitar en el momento del arranque."
#: en_US/Fedora_10_boot-time.xml:87(para)
-msgid ""
-"Both Plymouth and the DDX drivers detect whether KMS is present and enabled. "
-"If it is present and enabled, Plymouth and DDX drivers will take advantage "
-"of them."
-msgstr ""
-"Plymouth y los controladores DDX detectan si KMS está presente y activado. "
-"Si está presente y activado, Plymouth y los controladores DDX sacarán "
-"ventaja de él."
+msgid "Both Plymouth and the DDX drivers detect whether KMS is present and enabled. If it is present and enabled, Plymouth and DDX drivers will take advantage of them."
+msgstr "Plymouth y los controladores DDX detectan si KMS está presente y activado. Si está presente y activado, Plymouth y los controladores DDX sacarán ventaja de él."
#: en_US/Fedora_10_boot-time.xml:91(para)
-msgid ""
-"If KMS is not present or it is present but disabled then Plymouth will "
-"automatically fall back to the text splash and the DDX driver will "
-"automatically fall back to user-space modesetting."
-msgstr ""
-"Si KMS no está o si está pero está deshabiltado, entonces Plymouth pasará "
-"automáticamente a la pantalla texto y el controlador DDX pasará a la "
-"configuración de modo del espacio de usuario."
+msgid "If KMS is not present or it is present but disabled then Plymouth will automatically fall back to the text splash and the DDX driver will automatically fall back to user-space modesetting."
+msgstr "Si KMS no está o si está pero está deshabiltado, entonces Plymouth pasará automáticamente a la pantalla texto y el controlador DDX pasará a la configuración de modo del espacio de usuario."
#: en_US/Fedora_10_boot-time.xml:96(para)
-msgid ""
-"Allows for faster user switching, seamless X server switching, and graphical "
-"panic messages."
-msgstr ""
-"Permite un cambio de usuario más rápido, un cambio de servidor X sin "
-"problemas y mensajes gráficos de pánico."
+msgid "Allows for faster user switching, seamless X server switching, and graphical panic messages."
+msgstr "Permite un cambio de usuario más rápido, un cambio de servidor X sin problemas y mensajes gráficos de pánico."
#: en_US/Embedded.xml:5(title)
msgid "Embedded"
msgstr "Empotrado"
#: en_US/Embedded.xml:6(para)
-msgid ""
-"Fedora 10 includes a number of applications to support embedded development "
-"on a variety of targets. Included are assemblers, compilers, debuggers, "
-"programmers, IDEs and assorted utilities."
-msgstr ""
-"Fedora 10 incluye un número de aplicaciones para dar soporte al desarrollo "
-"incrustado en una variedad de destinos. Se incluyen ensambladores, "
-"compiladores, depuradores, programadores, IDES y otras utilidades."
+msgid "Fedora 10 includes a number of applications to support embedded development on a variety of targets. Included are assemblers, compilers, debuggers, programmers, IDEs and assorted utilities."
+msgstr "Fedora 10 incluye un número de aplicaciones para dar soporte al desarrollo incrustado en una variedad de destinos. Se incluyen ensambladores, compiladores, depuradores, programadores, IDES y otras utilidades."
#: en_US/Embedded.xml:11(title)
msgid "AVR"
msgstr "AVR"
#: en_US/Embedded.xml:14(term)
-msgid ""
-"<package>avrdude</package>Software for programming Atmel AVR microcontroller"
-msgstr ""
-"<package>avrdude</package> Software para la programación del "
-"microcontrolador Atmel AVR"
+msgid "<package>avrdude</package>Software for programming Atmel AVR microcontroller"
+msgstr "<package>avrdude</package> Software para la programación del microcontrolador Atmel AVR"
#: en_US/Embedded.xml:18(para)
-msgid ""
-"AVRDUDE is a program for programming Atmel's AVR CPU's. It can program the "
-"Flash and EEPROM, and where supported by the serial programming protocol, it "
-"can program fuse and lock bits. AVRDUDE also supplies a direct instruction "
-"mode allowing one to issue any programming instruction to the AVR chip "
-"regardless of whether AVRDUDE implements that specific feature of a "
-"particular chip."
-msgstr ""
-"AVRDUDE es un programa para programar las CPUs AVR de Atmel. Puede programar "
-"la Flash y la EEPROM, y donde haya soporte del protocolo de programación "
-"serie, se puede programar fuse y bloquear bits. AVRDUDE también provee el "
-"modo de instrucción directa para emitir cualquier instrucción de "
-"programación al chip AVR sin importar si AVRDUDE implementa esa "
-"característica específica para un chip particular. "
+msgid "AVRDUDE is a program for programming Atmel's AVR CPU's. It can program the Flash and EEPROM, and where supported by the serial programming protocol, it can program fuse and lock bits. AVRDUDE also supplies a direct instruction mode allowing one to issue any programming instruction to the AVR chip regardless of whether AVRDUDE implements that specific feature of a particular chip."
+msgstr "AVRDUDE es un programa para programar las CPUs AVR de Atmel. Puede programar la Flash y la EEPROM, y donde haya soporte del protocolo de programación serie, se puede programar fuse y bloquear bits. AVRDUDE también provee el modo de instrucción directa para emitir cualquier instrucción de programación al chip AVR sin importar si AVRDUDE implementa esa característica específica para un chip particular. "
#: en_US/Embedded.xml:28(term)
msgid "<package>avr-gcc</package>Cross Compiling GNU GCC targeted at avr"
msgstr "<package>avr-gcc</package>Compilación cruzada de GNU GCC para avr"
#: en_US/Embedded.xml:32(para)
-msgid ""
-"This is a Cross Compiling version of GNU GCC, which can be used to compile "
-"for the AVR platform, instead of for the native i386 platform."
-msgstr ""
-"Este es un Compilador Cruzada de GNU GCC, que se puede usar para compilar "
-"para la plataforma AVR, en vez de la plataforma nativa i386."
+msgid "This is a Cross Compiling version of GNU GCC, which can be used to compile for the AVR platform, instead of for the native i386 platform."
+msgstr "Este es un Compilador Cruzada de GNU GCC, que se puede usar para compilar para la plataforma AVR, en vez de la plataforma nativa i386."
#: en_US/Embedded.xml:38(term)
msgid "<package>avr-gcc-c++</package>Cross Compiling GNU GCC targeted at avr"
msgstr "<package>avr-gcc-c++</package> Compilación cruzada de GNU GCC para avr"
#: en_US/Embedded.xml:42(para)
-msgid ""
-"This package contains the Cross Compiling version of g++, which can be used "
-"to compile c++ code for the AVR platform, instead of for the native i386 "
-"platform."
-msgstr ""
-"Este paquete contiene el g++ para compilación cruzada, que se puede usar "
-"para compilar código c++ para la plataforma AVR, en vez de la plataforma "
-"nativa i386."
+msgid "This package contains the Cross Compiling version of g++, which can be used to compile c++ code for the AVR platform, instead of for the native i386 platform."
+msgstr "Este paquete contiene el g++ para compilación cruzada, que se puede usar para compilar código c++ para la plataforma AVR, en vez de la plataforma nativa i386."
#: en_US/Embedded.xml:48(term)
-msgid ""
-"<package>avr-libc</package>C library for use with GCC on Atmel AVR "
-"microcontrollers"
-msgstr ""
-"<package>avr-libc</package> Biblioteca en C para usar con los "
-"microcontroladores Atmel AVR"
+msgid "<package>avr-libc</package>C library for use with GCC on Atmel AVR microcontrollers"
+msgstr "<package>avr-libc</package> Biblioteca en C para usar con los microcontroladores Atmel AVR"
#: en_US/Embedded.xml:52(para)
-msgid ""
-"AVR Libc is a free software project with the goal to provide a high quality "
-"C library for use with GCC on Atmel AVR microcontrollers."
-msgstr ""
-"AVR Libc es un proyecto de software libre con el objetivo de proveer una "
-"biblioteca C de alta calidad para usar con GCC en los microcontroladores AVR "
-"de Atmel."
+msgid "AVR Libc is a free software project with the goal to provide a high quality C library for use with GCC on Atmel AVR microcontrollers."
+msgstr "AVR Libc es un proyecto de software libre con el objetivo de proveer una biblioteca C de alta calidad para usar con GCC en los microcontroladores AVR de Atmel."
#: en_US/Embedded.xml:55(para)
-msgid ""
-"AVR Libc is licensed under a single unified license. This so-called modified "
-"Berkeley license is intended to be compatible with most free software "
-"licenses such as the GPL, yet impose as little restrictions as possible for "
-"the use of the library in closed-source commercial applications."
-msgstr ""
-"Libc de AVR tiene una licencia unificada única. La así llamada Licencia de "
-"Berkeley modificada intenta ser compatible con la mayoría de las licencias "
-"de software libre tales como la GPL, aunque impone tan pocas restricciones "
-"como es posible para usar la biblioteca en aplicaciones comerciales de "
-"código cerrado."
+msgid "AVR Libc is licensed under a single unified license. This so-called modified Berkeley license is intended to be compatible with most free software licenses such as the GPL, yet impose as little restrictions as possible for the use of the library in closed-source commercial applications."
+msgstr "Libc de AVR tiene una licencia unificada única. La así llamada Licencia de Berkeley modificada intenta ser compatible con la mayoría de las licencias de software libre tales como la GPL, aunque impone tan pocas restricciones como es posible para usar la biblioteca en aplicaciones comerciales de código cerrado."
#: en_US/Embedded.xml:63(term)
-msgid ""
-"<package>avr-binutils</package>Cross Compiling GNU binutils targeted at avr"
-msgstr ""
-"<package>avr-binutils</package> binutils de GNU de compilación cruzada para "
-"avr"
+msgid "<package>avr-binutils</package>Cross Compiling GNU binutils targeted at avr"
+msgstr "<package>avr-binutils</package> binutils de GNU de compilación cruzada para avr"
#: en_US/Embedded.xml:67(para)
-msgid ""
-"This is a Cross Compiling version of GNU binutils, which can be used to "
-"assemble and link binaries for the AVR platform, instead of for the native "
-"i386 platform."
-msgstr ""
-"Este es una versión de compilación cruzada de las binutils de GNU, que se "
-"pueden usar para ensamblar y encadenar para la plataforma AVR, en vez de la "
-"plataforma nativa i386."
+msgid "This is a Cross Compiling version of GNU binutils, which can be used to assemble and link binaries for the AVR platform, instead of for the native i386 platform."
+msgstr "Este es una versión de compilación cruzada de las binutils de GNU, que se pueden usar para ensamblar y encadenar para la plataforma AVR, en vez de la plataforma nativa i386."
#: en_US/Embedded.xml:73(term)
msgid "<package>avr-gdb</package>GDB for (remote) debugging avr binaries"
msgstr "<package>avr-gdb</package>GDB para depuración (remota) de binarios avr"
#: en_US/Embedded.xml:77(para)
-msgid ""
-"This is a special version of GDB, the GNU Project debugger, for (remote) "
-"debugging AVR binaries. GDB allows you to see what is going on inside "
-"another program while it executes or what another program was doing at the "
-"moment it crashed."
-msgstr ""
-"Esta es una versión especial de GDB, el depurador del Proyecto GNU, para "
-"depuración (remota) de binarios AVR. GDB le permite ver lo que está pasando "
-"dentro de otro programa mientras lo ejecuta o lo que otro programa estuvo "
-"haciendo en el momento en que se colgó."
+msgid "This is a special version of GDB, the GNU Project debugger, for (remote) debugging AVR binaries. GDB allows you to see what is going on inside another program while it executes or what another program was doing at the moment it crashed."
+msgstr "Esta es una versión especial de GDB, el depurador del Proyecto GNU, para depuración (remota) de binarios AVR. GDB le permite ver lo que está pasando dentro de otro programa mientras lo ejecuta o lo que otro programa estuvo haciendo en el momento en que se colgó."
#: en_US/Embedded.xml:85(term)
-msgid ""
-"<package>avarice</package>Program for interfacing the Atmel JTAG ICE to GDB"
-msgstr ""
-"<package>avarice</package> Programa para interactuar el JTAG ICE de Atmel "
-"con GDB"
+msgid "<package>avarice</package>Program for interfacing the Atmel JTAG ICE to GDB"
+msgstr "<package>avarice</package> Programa para interactuar el JTAG ICE de Atmel con GDB"
#: en_US/Embedded.xml:89(para)
-msgid ""
-"Program for interfacing the Atmel JTAG ICE to GDB to allow users to debug "
-"their embedded AVR target"
-msgstr ""
-"Programa de interfase entre JTAG ICE de Atmel a GDB para permitir a los "
-"usuarios depurar sus destinos AVR incrustados"
+msgid "Program for interfacing the Atmel JTAG ICE to GDB to allow users to debug their embedded AVR target"
+msgstr "Programa de interfase entre JTAG ICE de Atmel a GDB para permitir a los usuarios depurar sus destinos AVR incrustados"
#: en_US/Embedded.xml:96(title)
msgid "Microchip PIC"
msgstr "PIC Microchip"
#: en_US/Embedded.xml:99(term)
-msgid ""
-"<package>gputils</package>Development utilities for Microchip (TM) PIC (TM) "
-"microcontrollers"
-msgstr ""
-"<package>gputils</package> Utilitarios de desarrollo para los "
-"microcontroladores Microchip (TM) PIC (TM)"
+msgid "<package>gputils</package>Development utilities for Microchip (TM) PIC (TM) microcontrollers"
+msgstr "<package>gputils</package> Utilitarios de desarrollo para los microcontroladores Microchip (TM) PIC (TM)"
#: en_US/Embedded.xml:103(para)
-msgid ""
-"This is a collection of development tools for Microchip (TM) PIC (TM) "
-"microcontrollers. This is ALPHA software: there may be serious bugs in it, "
-"and it's nowhere near complete. The <package>gputils</package> package "
-"currently only implements a subset of the features available with "
-"Microchip's tools. Refer to the documentation for an up-to-date list of what "
-"<package>gputils</package> can do."
-msgstr ""
-"Esta es una colección de herramientas de desarrollo para los "
-"microcontroladores PIC (TM) de Microchip (TM). Es software ALFA: pueden "
-"haber errores serios en él, y ni siquiera está completo. El paquete "
-"<package>gputils</package> actualmente sólo implementa un subconjunto de las "
-"características disponibes con las herramientas de Microchip. Vaya a la "
-"documentación para una lsita actualizada de qué puede hacer "
-"<package>gputils</package>."
+msgid "This is a collection of development tools for Microchip (TM) PIC (TM) microcontrollers. This is ALPHA software: there may be serious bugs in it, and it's nowhere near complete. The <package>gputils</package> package currently only implements a subset of the features available with Microchip's tools. Refer to the documentation for an up-to-date list of what <package>gputils</package> can do."
+msgstr "Esta es una colección de herramientas de desarrollo para los microcontroladores PIC (TM) de Microchip (TM). Es software ALFA: pueden haber errores serios en él, y ni siquiera está completo. El paquete <package>gputils</package> actualmente sólo implementa un subconjunto de las características disponibes con las herramientas de Microchip. Vaya a la documentación para una lsita actualizada de qué puede hacer <package>gputils</package>."
#: en_US/Embedded.xml:114(term)
-msgid ""
-"<package>gpsim</package> A simulator for Microchip (TM) PIC (TM) "
-"microcontrollers"
-msgstr ""
-"<package>gpsim</package> Un simulador de microcontroladores Microchip (TM) "
-"PIC (TM)"
+msgid "<package>gpsim</package> A simulator for Microchip (TM) PIC (TM) microcontrollers"
+msgstr "<package>gpsim</package> Un simulador de microcontroladores Microchip (TM) PIC (TM)"
#: en_US/Embedded.xml:117(para)
-msgid ""
-"The <package>gpsim</package> software is a simulator for Microchip (TM) PIC "
-"(TM) microcontrollers. It supports most devices in Microchip's 12-bit, "
-"14bit, and 16-bit core families. In addition, gpsim supports dynamically "
-"loadable modules such as LED's, LCD's, resistors, and so forth, to extend "
-"the simulation environment beyond the PIC."
-msgstr ""
-"El software <package>gpsim</package> es un simulador de microcontroladores "
-"PIC (TM) de Microchip (TM). Soporta la mayoría de los dispositivos de 12-"
-"bit, 14-bit y 16-bit de la familia de núcleos de Microchip. Además, gpsim "
-"soporta módulos cargables dinámicamente tales como LED's, LCD's, resistores "
-"y demás, para extender el entorno de simulación más allá del PIC."
+msgid "The <package>gpsim</package> software is a simulator for Microchip (TM) PIC (TM) microcontrollers. It supports most devices in Microchip's 12-bit, 14bit, and 16-bit core families. In addition, gpsim supports dynamically loadable modules such as LED's, LCD's, resistors, and so forth, to extend the simulation environment beyond the PIC."
+msgstr "El software <package>gpsim</package> es un simulador de microcontroladores PIC (TM) de Microchip (TM). Soporta la mayoría de los dispositivos de 12-bit, 14-bit y 16-bit de la familia de núcleos de Microchip. Además, gpsim soporta módulos cargables dinámicamente tales como LED's, LCD's, resistores y demás, para extender el entorno de simulación más allá del PIC."
#: en_US/Embedded.xml:126(term)
-msgid ""
-"<package>ktechlab</package> Development and simulation of microcontrollers "
-"and electronic circuits"
-msgstr ""
-"<package>ktechlab</package> Desarrollo y simulación de microcontroladores y "
-"circuitos electrónicos"
+msgid "<package>ktechlab</package> Development and simulation of microcontrollers and electronic circuits"
+msgstr "<package>ktechlab</package> Desarrollo y simulación de microcontroladores y circuitos electrónicos"
#: en_US/Embedded.xml:129(para)
-msgid ""
-"<application>KTechlab</application> is a development and simulation "
-"environment for microcontrollers and electronic circuits, distributed under "
-"the GNU General Public License. <application>KTechlab</application> consists "
-"of several well-integrated components:"
-msgstr ""
-"<application>KTechlab</application> es un entorno de desarrollo y simulación "
-"para microcontroladores y circuitos electrónicos, distribuido bajo la "
-"Licencia Pública General de GNU. <application>KTechlab</application> "
-"consiste de varios componentes bien integrados:"
+msgid "<application>KTechlab</application> is a development and simulation environment for microcontrollers and electronic circuits, distributed under the GNU General Public License. <application>KTechlab</application> consists of several well-integrated components:"
+msgstr "<application>KTechlab</application> es un entorno de desarrollo y simulación para microcontroladores y circuitos electrónicos, distribuido bajo la Licencia Pública General de GNU. <application>KTechlab</application> consiste de varios componentes bien integrados:"
#: en_US/Embedded.xml:136(para)
-msgid ""
-"A circuit simulator, capable of simulating logic, linear devices and some "
-"nonlinear devices."
-msgstr ""
-"Un simulador de circuitos, capaz de simular la lógica, dispositivos lineales "
-"y algunos dispositivos no lineales."
+msgid "A circuit simulator, capable of simulating logic, linear devices and some nonlinear devices."
+msgstr "Un simulador de circuitos, capaz de simular la lógica, dispositivos lineales y algunos dispositivos no lineales."
#: en_US/Embedded.xml:139(para)
-msgid ""
-"Integration with <command>gpsim</command>, allowing PICs to be simulated in "
-"circuit."
-msgstr ""
-"Integración con <command>gpsim</command>, que permite que las PICS sean "
-"simuladas en circuitos."
+msgid "Integration with <command>gpsim</command>, allowing PICs to be simulated in circuit."
+msgstr "Integración con <command>gpsim</command>, que permite que las PICS sean simuladas en circuitos."
#: en_US/Embedded.xml:142(para)
-msgid ""
-"A schematic editor, which provides a rich real-time feedback of the "
-"simulation."
-msgstr ""
-"Un editor esquemático, que provee mucha información en tiempo real de la "
-"simulación."
+msgid "A schematic editor, which provides a rich real-time feedback of the simulation."
+msgstr "Un editor esquemático, que provee mucha información en tiempo real de la simulación."
#: en_US/Embedded.xml:145(para)
msgid "A flowchart editor, allowing PIC programs to be constructed visually."
-msgstr ""
-"Un editor de diagrama de flujos, que permite que se puedan construir los "
-"programas PIC en forma visual."
+msgstr "Un editor de diagrama de flujos, que permite que se puedan construir los programas PIC en forma visual."
#: en_US/Embedded.xml:148(para)
-msgid ""
-"MicroBASIC; a BASIC-like compiler for PICs, written as a companion program "
-"to <application>KTechlab</application>."
-msgstr ""
-"MicroBASIC; un compilador parecido al BASIC para PICs, que se escribió como "
-"parte de <application>KTechlab</application>."
+msgid "MicroBASIC; a BASIC-like compiler for PICs, written as a companion program to <application>KTechlab</application>."
+msgstr "MicroBASIC; un compilador parecido al BASIC para PICs, que se escribió como parte de <application>KTechlab</application>."
#: en_US/Embedded.xml:152(para)
-msgid ""
-"An embedded <application>Kate</application> part, which provides a powerful "
-"editor for PIC programs."
-msgstr ""
-"Una parte de <application>Kate</application> incrustada, que provee un "
-"editor potente para programas PIC."
+msgid "An embedded <application>Kate</application> part, which provides a powerful editor for PIC programs."
+msgstr "Una parte de <application>Kate</application> incrustada, que provee un editor potente para programas PIC."
#: en_US/Embedded.xml:156(para)
-msgid ""
-"Integrated assembler and disassembler via <command>gpasm</command> and "
-"<command>gpdasm</command>."
-msgstr ""
-"Un ensamblador y desensablador integrado vía <command>gpasm</command> y "
-"<command>gpdasm</command>."
+msgid "Integrated assembler and disassembler via <command>gpasm</command> and <command>gpdasm</command>."
+msgstr "Un ensamblador y desensablador integrado vía <command>gpasm</command> y <command>gpdasm</command>."
#: en_US/Embedded.xml:164(term)
-msgid ""
-"<package>pikdev</package> IDE for development of PICmicro based application "
-"(under Linux/KDE)"
-msgstr ""
-"<package>pikdev</package> IDE para el desarrollo de aplicaciónes basada en "
-"los micro PIC (bajo Linux/KDE)"
+msgid "<package>pikdev</package> IDE for development of PICmicro based application (under Linux/KDE)"
+msgstr "<package>pikdev</package> IDE para el desarrollo de aplicaciónes basada en los micro PIC (bajo Linux/KDE)"
#: en_US/Embedded.xml:167(para)
-msgid ""
-"<application>PiKdev</application> is a simple IDE dedicated to the "
-"development of PIC based applications under KDE. Features:"
-msgstr ""
-"<application>PiKdev</application> un IDE simple dedicado al desarrollo de "
-"aplicaciones basadas en PIC bajo KDE. Características:"
+msgid "<application>PiKdev</application> is a simple IDE dedicated to the development of PIC based applications under KDE. Features:"
+msgstr "<application>PiKdev</application> un IDE simple dedicado al desarrollo de aplicaciones basadas en PIC bajo KDE. Características:"
#: en_US/Embedded.xml:173(para)
msgid "Integrated editor"
@@ -7361,12 +3807,8 @@ msgid "Project management"
msgstr "Administración de proyectos"
#: en_US/Embedded.xml:177(para)
-msgid ""
-"Integrated programming engine for 12, 14 and 16 bits PIC (flash or EPROM "
-"technology)"
-msgstr ""
-"Motor de programación integrada para PICs de 12, 14 y 16 bits (tecnología "
-"flash o EPROM)"
+msgid "Integrated programming engine for 12, 14 and 16 bits PIC (flash or EPROM technology)"
+msgstr "Motor de programación integrada para PICs de 12, 14 y 16 bits (tecnología flash o EPROM)"
#: en_US/Embedded.xml:180(para)
msgid "Support for parallel and serial port programmers"
@@ -7377,145 +3819,60 @@ msgid "KDE compliant look-and-feel"
msgstr "Apariencia igual a la de KDEU"
#: en_US/Embedded.xml:186(para)
-msgid ""
-"The system administrator must read <filename>README.Fedora</filename> file "
-"located in the <filename>/usr/share/doc/pikdev-0.9.2</filename> directory to "
-"complete the full feature installation."
-msgstr ""
-"El administrador de sistema debe leer el archivo <filename>README.Fedora</"
-"filename> que está en el directorio <filename>/usr/share/doc/pikdev-0.9.2</"
-"filename> para completar la instalación con todas las características."
+msgid "The system administrator must read <filename>README.Fedora</filename> file located in the <filename>/usr/share/doc/pikdev-0.9.2</filename> directory to complete the full feature installation."
+msgstr "El administrador de sistema debe leer el archivo <filename>README.Fedora</filename> que está en el directorio <filename>/usr/share/doc/pikdev-0.9.2</filename> para completar la instalación con todas las características."
#: en_US/Embedded.xml:193(term)
-msgid ""
-"<package>piklab</package> Development environment for applications based on "
-"PIC & dsPIC"
-msgstr ""
-"<package>piklab</package> Entorno de desarrollo para aplicaciones basadas en "
-"PIC & dsPIC"
+msgid "<package>piklab</package> Development environment for applications based on PIC & dsPIC"
+msgstr "<package>piklab</package> Entorno de desarrollo para aplicaciones basadas en PIC & dsPIC"
#: en_US/Embedded.xml:197(para)
-msgid ""
-"<application>Piklab</application> is a graphic development environment for "
-"PIC and dsPIC microcontrollers. It interfaces with various toochains for "
-"compiling and assembling and it supports several Microchip and direct "
-"programmers. The system administrator must refer to the <filename>README."
-"Fedora</filename> file located in the <filename>/usr/share/doc/piklab-"
-"0.15.0</filename> directory to complete full feature installation."
-msgstr ""
-"<application>Piklab</application> es un entorno de desarrollo gráfico para "
-"microcontroladores PIC y dsPIC. Interactúa con varias cadenas de "
-"herramientas para compilar y ensamblar y da soporte para varios "
-"programadores directos de Microchip. El administrador de sistema debe leer "
-"el archivo <filename>README.Fedora</filename> que está en el directorio "
-"<filename>/usr/share/doc/piklab-0.15.0</filename> para una instalación "
-"completa con todas las características."
+msgid "<application>Piklab</application> is a graphic development environment for PIC and dsPIC microcontrollers. It interfaces with various toochains for compiling and assembling and it supports several Microchip and direct programmers. The system administrator must refer to the <filename>README.Fedora</filename> file located in the <filename>/usr/share/doc/piklab-0.15.0</filename> directory to complete full feature installation."
+msgstr "<application>Piklab</application> es un entorno de desarrollo gráfico para microcontroladores PIC y dsPIC. Interactúa con varias cadenas de herramientas para compilar y ensamblar y da soporte para varios programadores directos de Microchip. El administrador de sistema debe leer el archivo <filename>README.Fedora</filename> que está en el directorio <filename>/usr/share/doc/piklab-0.15.0</filename> para una instalación completa con todas las características."
#: en_US/Embedded.xml:208(term)
msgid "<package>pikloops</package> Code generator for PIC delays"
msgstr "<package>pikloops</package> Generador de código para retardos de PIC"
#: en_US/Embedded.xml:212(para)
-msgid ""
-"<application>PiKLoop</application> generates code to create delays for "
-"Microchip PIC microcontrollers. It is a useful companion for "
-"<application>Pikdev</application> or <application>Piklab</application> IDE."
-msgstr ""
-"<application>PiKLoop</application> genera código para crear retardos para "
-"microcontroladores Microchip PIC. Es un compañero útil de "
-"<application>Pikdev</application> o del IDE <application>Piklab</"
-"application>."
+msgid "<application>PiKLoop</application> generates code to create delays for Microchip PIC microcontrollers. It is a useful companion for <application>Pikdev</application> or <application>Piklab</application> IDE."
+msgstr "<application>PiKLoop</application> genera código para crear retardos para microcontroladores Microchip PIC. Es un compañero útil de <application>Pikdev</application> o del IDE <application>Piklab</application>."
#: en_US/Embedded.xml:221(title)
msgid "Others and processor agnostic"
msgstr "Tipos de Procesadores y Arquitecturas"
#: en_US/Embedded.xml:224(term)
-msgid ""
-"<package>dfu-programmer</package> A device firmware update based USB "
-"programmer for Atmel chips"
-msgstr ""
-"<package>dfu-programmer</package> Un programador USB basado en actualización "
-"de firmware de dispositivo para chips de Atmel"
+msgid "<package>dfu-programmer</package> A device firmware update based USB programmer for Atmel chips"
+msgstr "<package>dfu-programmer</package> Un programador USB basado en actualización de firmware de dispositivo para chips de Atmel"
#: en_US/Embedded.xml:228(para)
-msgid ""
-"A linux based command-line programmer for Atmel chips with a USB bootloader "
-"supporting ISP. This is a mostly Device Firmware Update (DFU) 1.0 compliant "
-"user-space application. Currently supported chips: 8051, AVR, at89c51snd1c, "
-"at90usb1287, at89c5130, at90usb1286, at89c5131, at90usb647, at89c5132, "
-"at90usb646, at90usb162, and at90usb82."
-msgstr ""
-"Es un programador de línea de comando para chips de Atmel con un cargador de "
-"arranque USB que soporta ISP. Este es una aplicación del espacio de usuario "
-"compatible con la Actualización de Firmware de Dispositivo (DFU) 1.0. "
-"Actualmente soporta chips: 8051, AVR, at89c51snd1c, at90usb1287, at89c5130, "
-"at90usb1286, at89c5131, at90usb647, at89c5132, at90usb646, at90usb162 y "
-"at90usb82."
+msgid "A linux based command-line programmer for Atmel chips with a USB bootloader supporting ISP. This is a mostly Device Firmware Update (DFU) 1.0 compliant user-space application. Currently supported chips: 8051, AVR, at89c51snd1c, at90usb1287, at89c5130, at90usb1286, at89c5131, at90usb647, at89c5132, at90usb646, at90usb162, and at90usb82."
+msgstr "Es un programador de línea de comando para chips de Atmel con un cargador de arranque USB que soporta ISP. Este es una aplicación del espacio de usuario compatible con la Actualización de Firmware de Dispositivo (DFU) 1.0. Actualmente soporta chips: 8051, AVR, at89c51snd1c, at90usb1287, at89c5130, at90usb1286, at89c5131, at90usb647, at89c5132, at90usb646, at90usb162 y at90usb82."
#: en_US/Embedded.xml:238(term)
msgid "<package>sdcc</package> Small Device C Compiler"
msgstr "<package>sdcc</package> Compilador C de Dispositivo Pequeño"
#: en_US/Embedded.xml:241(para)
-msgid ""
-"The <package>sdcc-2.6.0-12</package> package for SDCC is a C compiler for "
-"8051 class and similar microcontrollers. The package includes the compiler, "
-"assemblers and linkers, a device simulator, and a core library. The "
-"processors supported (to a varying degree) include the 8051, ds390, z80, "
-"hc08, and PIC."
-msgstr ""
-"El paquete <package>sdcc-2.6.0-12</package> para SDCC es un compilador C "
-"para los microcontroladores de la clase 8051 y similares. el paquete incluye "
-"el compilador, ensamblador, encadenador, simulador de dispositivo y una "
-"biblioteca principal. Los procesadores soportados (en grado variable) "
-"incluyen al 8051, ds390, z80, hc08 y PIC."
+msgid "The <package>sdcc-2.6.0-12</package> package for SDCC is a C compiler for 8051 class and similar microcontrollers. The package includes the compiler, assemblers and linkers, a device simulator, and a core library. The processors supported (to a varying degree) include the 8051, ds390, z80, hc08, and PIC."
+msgstr "El paquete <package>sdcc-2.6.0-12</package> para SDCC es un compilador C para los microcontroladores de la clase 8051 y similares. el paquete incluye el compilador, ensamblador, encadenador, simulador de dispositivo y una biblioteca principal. Los procesadores soportados (en grado variable) incluyen al 8051, ds390, z80, hc08 y PIC."
#: en_US/Embedded.xml:250(term)
-msgid ""
-"<package>uisp</package> Universal In-System Programmer for Atmel AVR and 8051"
-msgstr ""
-"<package>uisp</package> Programador Universal dentro del Sistema para AVR de "
-"Atmel y 8051"
+msgid "<package>uisp</package> Universal In-System Programmer for Atmel AVR and 8051"
+msgstr "<package>uisp</package> Programador Universal dentro del Sistema para AVR de Atmel y 8051"
#: en_US/Embedded.xml:254(para)
-msgid ""
-"The <command>uisp</command> utility is for downloading/uploading programs to "
-"AVR devices. It can also be used for some Atmel 8051 type devices. In "
-"addition, <command>uisp</command> can erase the device, write lock bits, "
-"verify and set the active segment. For use with the following hardware to "
-"program the devices: pavr, stk500, Atmel STK500, dapa, Direct AVR Parallel "
-"Access, stk200, Parallel Starter Kit, STK200, STK300, abb, Altera, "
-"ByteBlasterMV Parallel Port Download Cable, avrisp, Atmel AVR, bsd, fbprg "
-"(parallel), dt006 (parallel), dasa serial (RESET=RTS SCK=DTR MOSI=TXD "
-"MISO=CTS), dasa2 serial (RESET=!TXD SCK=RTS MOSI=DTR MISO=CTS)"
-msgstr ""
-"El utilitario <command>uisp</command> sirve para descargar/cargar programas "
-"en dispositivos AVR. También se puede usar para algunos dispositivos tipo "
-"8051 de Atmel. Además, <command>uisp</command> puede borrar el dispositivo, "
-"escribir bits de bloqueos, verificar y poner un segmento activo. Para usarlo "
-"con el hardware siguiente para programar los dispositivos: pavr, stk500, "
-"Atmel STK500, dapa, Direct AVR Parallel Access, stk200, Parallel Starter "
-"Kit, STK200, STK300, abb, Altera, ByteBlasterMV Parallel Port Download "
-"Cable, avrisp, Atmel AVR, bsd, fbprg (parallel), dt006 (parallel), dasa "
-"serial (RESET=RTS SCK=DTR MOSI=TXD MISO=CTS), dasa2 serial (RESET=!TXD "
-"SCK=RTS MOSI=DTR MISO=CTS)"
+msgid "The <command>uisp</command> utility is for downloading/uploading programs to AVR devices. It can also be used for some Atmel 8051 type devices. In addition, <command>uisp</command> can erase the device, write lock bits, verify and set the active segment. For use with the following hardware to program the devices: pavr, stk500, Atmel STK500, dapa, Direct AVR Parallel Access, stk200, Parallel Starter Kit, STK200, STK300, abb, Altera, ByteBlasterMV Parallel Port Download Cable, avrisp, Atmel AVR, bsd, fbprg (parallel), dt006 (parallel), dasa serial (RESET=RTS SCK=DTR MOSI=TXD MISO=CTS), dasa2 serial (RESET=!TXD SCK=RTS MOSI=DTR MISO=CTS)"
+msgstr "El utilitario <command>uisp</command> sirve para descargar/cargar programas en dispositivos AVR. También se puede usar para algunos dispositivos tipo 8051 de Atmel. Además, <command>uisp</command> puede borrar el dispositivo, escribir bits de bloqueos, verificar y poner un segmento activo. Para usarlo con el hardware siguiente para programar los dispositivos: pavr, stk500, Atmel STK500, dapa, Direct AVR Parallel Access, stk200, Parallel Starter Kit, STK200, STK300, abb, Altera, ByteBlasterMV Parallel Port Download Cable, avrisp, Atmel AVR, bsd, fbprg (parallel), dt006 (parallel), dasa serial (RESET=RTS SCK=DTR MOSI=TXD MISO=CTS), dasa2 serial (RESET=!TXD SCK=RTS MOSI=DTR MISO=CTS)"
#: en_US/Embedded.xml:269(term)
msgid "<package>simcoupe</package> SAM Coupe emulator (spectrum compatible)"
-msgstr ""
-"<package>simcoupe</package> Emulador de Coupe SAM (compatible con el "
-"spectrum)"
+msgstr "<package>simcoupe</package> Emulador de Coupe SAM (compatible con el spectrum)"
#: en_US/Embedded.xml:273(para)
-msgid ""
-"<application>SimCoupe</application> emulates an 8bit Z80 based home "
-"computer, released in 1989 by Miles Gordon Technology. The SAM Coupe was "
-"largely spectrum compatible, with much improved hardware"
-msgstr ""
-"<application>SimCoupe</application> emula una computadora basada en Z80, "
-"lanzada en 1989 por Miles Gordon Technology. La Coupe SAM fue muy compatible "
-"con la spectrum, con hardware muy mejorado."
+msgid "<application>SimCoupe</application> emulates an 8bit Z80 based home computer, released in 1989 by Miles Gordon Technology. The SAM Coupe was largely spectrum compatible, with much improved hardware"
+msgstr "<application>SimCoupe</application> emula una computadora basada en Z80, lanzada en 1989 por Miles Gordon Technology. La Coupe SAM fue muy compatible con la spectrum, con hardware muy mejorado."
#: en_US/Embedded.xml:280(term)
msgid "<package>sjasm</package> A z80 cross assembler"
@@ -7530,14 +3887,8 @@ msgid "<package>z88dk</package> A Z80 cross compiler"
msgstr "<package>z88dk</package> Un compilador cruzado de Z80"
#: en_US/Embedded.xml:290(para)
-msgid ""
-"The <command>z88dk</command> program is a Z80 cross compiler capable of "
-"generating binary files for a variety of Z80 based machines (such as the "
-"ZX81, Spectrum, Jupiter Ace, and some TI calculators)."
-msgstr ""
-"El programa <command>z88dk</command> es un compilador cruzado de Z80 capaz "
-"de generar archivos binarios para una variedad de máquinas basadas en Z80 "
-"(como la ZX81, la Spectrum, la Jupiter Ace y algunas calculadores TI)."
+msgid "The <command>z88dk</command> program is a Z80 cross compiler capable of generating binary files for a variety of Z80 based machines (such as the ZX81, Spectrum, Jupiter Ace, and some TI calculators)."
+msgstr "El programa <command>z88dk</command> es un compilador cruzado de Z80 capaz de generar archivos binarios para una variedad de máquinas basadas en Z80 (como la ZX81, la Spectrum, la Jupiter Ace y algunas calculadores TI)."
#: en_US/Database_servers.xml:5(title)
msgid "Database servers"
@@ -7548,13 +3899,8 @@ msgid "You must do your own research on upgrading database packages."
msgstr "Debe investigar Ud. para actualizar los paquetes de bases de datos."
#: en_US/Database_servers.xml:8(para)
-msgid ""
-"Consult the release notes for the version of database you are upgrading to. "
-"There may be actions you need to do for the upgrade to be successful."
-msgstr ""
-"Consulte las notas del lanzamiento para la versión de base de datos a la que "
-"está actualizando. Allí pueden haber acciones que necesitará hacer para que "
-"la actualización sea exitosa."
+msgid "Consult the release notes for the version of database you are upgrading to. There may be actions you need to do for the upgrade to be successful."
+msgstr "Consulte las notas del lanzamiento para la versión de base de datos a la que está actualizando. Allí pueden haber acciones que necesitará hacer para que la actualización sea exitosa."
#: en_US/Database_servers.xml:14(title)
msgid "MySQL"
@@ -7565,27 +3911,16 @@ msgid "Fedora 10 includes MySQL 5.0.67-2."
msgstr "Fedora 10 incluye MySQL 5.0.67-2."
#: en_US/Database_servers.xml:18(title)
-msgid ""
-"MySQL version in Fedora 10 significantly different from Fedora 9 version"
-msgstr ""
-"La versión de MySQL de Fedora 10 difiere significativamente de la versión de "
-"Fedora 9"
+msgid "MySQL version in Fedora 10 significantly different from Fedora 9 version"
+msgstr "La versión de MySQL de Fedora 10 difiere significativamente de la versión de Fedora 9"
#: en_US/Database_servers.xml:20(para)
-msgid ""
-"There are a number of changes from the version included in Fedora 9, "
-"including some incompatible changes."
-msgstr ""
-"Hay un número de cambios desde la versión incluída en Fedora 9, que incluyen "
-"algunos cambios incompatibles."
+msgid "There are a number of changes from the version included in Fedora 9, including some incompatible changes."
+msgstr "Hay un número de cambios desde la versión incluída en Fedora 9, que incluyen algunos cambios incompatibles."
#: en_US/Database_servers.xml:23(para)
-msgid ""
-"The MySQL user is strongly encouraged to study the release notes for MySQL "
-"before upgrading his MySQL databases."
-msgstr ""
-"Se aconseja al usuario de MySQL que estudie las notas del lanzamiento de "
-"MySQL antes de actualizar las bases de datos MySQL."
+msgid "The MySQL user is strongly encouraged to study the release notes for MySQL before upgrading his MySQL databases."
+msgstr "Se aconseja al usuario de MySQL que estudie las notas del lanzamiento de MySQL antes de actualizar las bases de datos MySQL."
#: en_US/Database_servers.xml:30(title)
msgid "PostgreSQL"
@@ -7596,16 +3931,8 @@ msgid "Fedora 10 includes PostgreSQL 8.3.4-1."
msgstr "Fedora 10 incluye PostgreSQL 8.3.4-1."
#: en_US/Database_servers.xml:32(para)
-msgid ""
-"If you are migrating from Fedora 9, no special action should be required. "
-"However, migration from versions of PostgreSQL prior to 8.3.1 may require "
-"special steps. Be sure to check the PostgreSQL release notes before "
-"performing the migration."
-msgstr ""
-"Si está migrando desde Fedora 9, no se requiere ninguna acción especial. Sin "
-"embargo, la migración desde versiones de PostgreSQL anteriores a 8.3.1 "
-"pueden requerir pasos especiales. Asegúrese de chequear las notas del "
-"lanzamiento de PostgreSQL antes de realizar la migración."
+msgid "If you are migrating from Fedora 9, no special action should be required. However, migration from versions of PostgreSQL prior to 8.3.1 may require special steps. Be sure to check the PostgreSQL release notes before performing the migration."
+msgstr "Si está migrando desde Fedora 9, no se requiere ninguna acción especial. Sin embargo, la migración desde versiones de PostgreSQL anteriores a 8.3.1 pueden requerir pasos especiales. Asegúrese de chequear las notas del lanzamiento de PostgreSQL antes de realizar la migración."
#: en_US/Colophon.xml:5(title)
msgid "Colophon"
@@ -7628,818 +3955,504 @@ msgid "Contributors"
msgstr "Contribuyentes"
#: en_US/Colophon.xml:19(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/AlainPortal\"> Alain Portal</"
-"ulink> (translator - French)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/AlainPortal\"> Alain Portal</"
-"ulink> (traductor, Francés)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/AlainPortal\"> Alain Portal</ulink> (translator - French)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/AlainPortal\"> Alain Portal</ulink> (traductor, Francés)"
#: en_US/Colophon.xml:24(para)
-#, fuzzy
msgid "Albert Felip (translator - Catalan)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Albert Felip (traductor - Catalán)"
#: en_US/Colophon.xml:27(para)
-#, fuzzy
msgid "Agusti Grau (translator - Catalan)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Agusti Grau (traductor - Catalán)"
#: en_US/Colophon.xml:30(para)
-#, fuzzy
msgid "Alfred Fraile (translator - Catalan)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Alfred Fraile (traductor - Catalán)"
#: en_US/Colophon.xml:33(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/AmanAlam\"> Amanpreet Singh Alam</"
-"ulink> (translator - Punjabi)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/AmanAlam\">Amanpreet Singh Alam</"
-"ulink> (translator - Punjabi)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/AmanAlam\"> Amanpreet Singh Alam</ulink> (translator - Punjabi)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/AmanAlam\">Amanpreet Singh Alam</ulink> (translator - Punjabi)"
#: en_US/Colophon.xml:37(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/AndrewMartynov\"> Andrew "
-"Martynov</ulink> (translator - Russian)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/AndrewMartynov\">Andrew Martynov</"
-"ulink> (tranductor, Ruso)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/AndrewMartynov\"> Andrew Martynov</ulink> (translator - Russian)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/AndrewMartynov\">Andrew Martynov</ulink> (tranductor, Ruso)"
#: en_US/Colophon.xml:41(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/AndrewOverholt\"> Andrew "
-"Overholt</ulink> (beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/AndrewOverholt\">Andrew Overholt</"
-"ulink> (contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/AndrewOverholt\"> Andrew Overholt</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/AndrewOverholt\">Andrew Overholt</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:46(para)
-#, fuzzy
msgid "Ani Peter (translator - Malayalam)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Ani Peter (traductor - Malayo)"
#: en_US/Colophon.xml:49(para)
-#, fuzzy
msgid "Ankitkumar Patel (translator - Gujarati)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Ankitkumar Patel (traductor - Gujarati)"
#: en_US/Colophon.xml:52(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/AnthonyGreen\"> Anthony Green</"
-"ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/AnthonyGreen\">Anthony Green</"
-"ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/AnthonyGreen\"> Anthony Green</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/AnthonyGreen\">Anthony Green</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:56(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/BrandonHolbrook\"> Brandon "
-"Holbrook</ulink> (beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/BrandonHolbrook\">Brandon "
-"Holbrook</ulink> (contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/BrandonHolbrook\"> Brandon Holbrook</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/BrandonHolbrook\">Brandon Holbrook</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:60(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/BobJensen\"> Bob Jensen</ulink> "
-"(beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/BobJensen\">Bob Jensen</ulink> "
-"(escritor de compases)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/BobJensen\"> Bob Jensen</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/BobJensen\">Bob Jensen</ulink> (escritor de compases)"
#: en_US/Colophon.xml:64(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/ChrisLennert\"> Chris Lennert</"
-"ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/ChrisLennert\">Chris Lennert</"
-"ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/ChrisLennert\"> Chris Lennert</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/ChrisLennert\">Chris Lennert</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:69(para)
-#, fuzzy
msgid "Corina Roe (translator - French)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Corina Roe (traductor - Francés)"
#: en_US/Colophon.xml:72(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DaleBewley\"> Dale Bewley</ulink> "
-"(beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DaleBewley\"> Dale Bewley</ulink> "
-"(escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DaleBewley\"> Dale Bewley</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DaleBewley\"> Dale Bewley</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:77(para)
-#, fuzzy
msgid "Damien Durand (translator - French)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Damien Durand (traductor - Francés)"
#: en_US/Colophon.xml:80(para)
-#, fuzzy
msgid "Daniela Kugelmann (translator - German)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Daniela Kugelmann (traductor - Alemán)"
#: en_US/Colophon.xml:82(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DaveMalcolm\"> Dave Malcolm</"
-"ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DaveMalcolm\">Dave Malcolm</"
-"ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DaveMalcolm\"> Dave Malcolm</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DaveMalcolm\">Dave Malcolm</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:86(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DavidEisenstein\"> David "
-"Eisenstein</ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DavidEisenstein\">David "
-"Eisenstein</ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DavidEisenstein\"> David Eisenstein</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DavidEisenstein\">David Eisenstein</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:90(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DavidWoodhouse\"> David "
-"Woodhouse</ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DavidWoodhouse\">David Woodhouse</"
-"ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DavidWoodhouse\"> David Woodhouse</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DavidWoodhouse\">David Woodhouse</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:95(para)
-#, fuzzy
msgid "Davidson Paulo (translator - Brazilian Portuguese)"
-msgstr "<placeholder-1/> (traductor - Portugués)"
+msgstr "Davidson Paulo (traductor - Portugués Brasilero)"
#: en_US/Colophon.xml:97(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DeepakBhole\"> Deepak Bhole</"
-"ulink> (beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DeepakBhole\">Deepak Bhole</"
-"ulink> (contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DeepakBhole\"> Deepak Bhole</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DeepakBhole\">Deepak Bhole</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:101(para)
-#, fuzzy
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DiegoBúrigoZacarão"
-"\">Diego Búrigo Zacarão</ulink> (translator)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DiegoZacarao\">Diego Burigo "
-"Zacarao</ulink> (traductor - Brasilero)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DiegoBúrigoZacarão\">Diego Búrigo Zacarão</ulink> (translator)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DiegoBúrigoZacarão\">Diego Búrigo Zacarão</ulink> (traductor)"
#: en_US/Colophon.xml:106(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DimitrisGlezos\"> Dimitris "
-"Glezos</ulink> (beat writer, translator - Greek)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DimitrisGlezos\">Dimitris Glezos</"
-"ulink> (traductor - Griego, herramientas)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DimitrisGlezos\"> Dimitris Glezos</ulink> (beat writer, translator - Greek)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DimitrisGlezos\">Dimitris Glezos</ulink> (traductor - Griego, herramientas)"
#: en_US/Colophon.xml:111(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/DomingoBecker\"> Domingo Becker</"
-"ulink> (translator - Spanish)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/DomingoBecker\">Domingo Becker</"
-"ulink> (traductor - Español)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/DomingoBecker\"> Domingo Becker</ulink> (translator - Spanish)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/DomingoBecker\">Domingo Becker</ulink> (traductor - Español)"
#: en_US/Colophon.xml:116(para)
-#, fuzzy
msgid "Dominik Sandjaja (translator - German)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Dominik Sandjaja (traductor - Alemán)"
#: en_US/Colophon.xml:119(para)
-#, fuzzy
msgid "Eun-Ju Kim (translator - Korean)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Eun-Ju Kim (traductor - Coreano)"
#: en_US/Colophon.xml:122(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/FabianAffolter\"> Fabian "
-"Affolter</ulink> (translator - German)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/FabianAffolter\">Fabian Affolter</"
-"ulink> (traductor - Alemán)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/FabianAffolter\"> Fabian Affolter</ulink> (translator - German)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/FabianAffolter\">Fabian Affolter</ulink> (traductor - Alemán)"
#: en_US/Colophon.xml:127(para)
msgid "Fernando Villa (translator - Catalan)"
-msgstr ""
+msgstr "Fernando Villa (traductor - Catalan)"
#: en_US/Colophon.xml:130(para)
-#, fuzzy
msgid "Florent Le Coz (translator - French)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Florent Le Coz (traductor - Francés)"
#: en_US/Colophon.xml:133(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/FrancescoTombolini\"> Francesco "
-"Tombolini</ulink> (translator - Italian)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/FrancescoTombolini\">Francesco "
-"Tombolini</ulink> (traductor, Italiano)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/FrancescoTombolini\"> Francesco Tombolini</ulink> (translator - Italian)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/FrancescoTombolini\">Francesco Tombolini</ulink> (traductor, Italiano)"
#: en_US/Colophon.xml:138(para)
-#, fuzzy
msgid "Francesco Valente (translator - Italian)"
-msgstr "<placeholder-1/> (traductor - Eslovaco)"
+msgstr "Francesco Valente (traductor - Italiano)"
#: en_US/Colophon.xml:141(para)
-#, fuzzy
msgid "Gatis Kalnins (translator - Latvian)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Gatis Kalnins (traductor - Latvio)"
#: en_US/Colophon.xml:144(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/GavinHenry\"> Gavin Henry</ulink> "
-"(beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/GavinHenry\">Gavin Henry</ulink> "
-"(escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/GavinHenry\"> Gavin Henry</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/GavinHenry\">Gavin Henry</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:148(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/GeertWarrink\"> Geert Warrink</"
-"ulink> (translator - Dutch)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/GeertWarrink\">Geert Warrink</"
-"ulink> (traductor - Danés)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/GeertWarrink\"> Geert Warrink</ulink> (translator - Dutch)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/GeertWarrink\">Geert Warrink</ulink> (traductor - Danés)"
#: en_US/Colophon.xml:153(para)
-#, fuzzy
msgid "Glaucia Cintra (translator - Brazilian Portuguese)"
-msgstr "<placeholder-1/> (traductor - Portugués)"
+msgstr "Glaucia Cintra (traductor - Portugués Brasilero)"
#: en_US/Colophon.xml:156(para)
msgid "Gregory Sapunkov (translator - Russian)"
-msgstr ""
+msgstr "Gregory Sapunkov (traductor - Ruso)"
#: en_US/Colophon.xml:159(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/GuidoGrazioli\"> Guido Grazioli</"
-"ulink> (translator - Italian)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/GuidoGrazioli\">Guido Grazioli</"
-"ulink> (traductor - Italiano)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/GuidoGrazioli\"> Guido Grazioli</ulink> (translator - Italian)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/GuidoGrazioli\">Guido Grazioli</ulink> (traductor - Italiano)"
#: en_US/Colophon.xml:164(para)
msgid "Han Guokai (translator - Simplified Chinese)"
-msgstr ""
+msgstr "Han Guokai (traductor - Chino Simplificado)"
#: en_US/Colophon.xml:167(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/HugoCisneiros\"> Hugo Cisneiros</"
-"ulink> (translator - Brazilian Portuguese)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/HugoCisneiros\">Hugo Cisneiros</"
-"ulink> (traductor, Portugués Brasilero)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/HugoCisneiros\"> Hugo Cisneiros</ulink> (translator - Brazilian Portuguese)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/HugoCisneiros\">Hugo Cisneiros</ulink> (traductor, Portugués Brasilero)"
#: en_US/Colophon.xml:173(para)
msgid "I. Felix (translator - Tamil)"
-msgstr ""
+msgstr "I. Felix (traductor - Tamil)"
#: en_US/Colophon.xml:176(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/IgorMiletic\"> Igor Miletic</"
-"ulink> (translator - Serbian)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/IgorMiletic\">Igor Miletic</"
-"ulink> (traductor - Serbio)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/IgorMiletic\"> Igor Miletic</ulink> (translator - Serbian)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/IgorMiletic\">Igor Miletic</ulink> (traductor - Serbio)"
#: en_US/Colophon.xml:181(para)
-#, fuzzy
msgid "Janis Ozolins (translator - Latvian)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Janis Ozolins (traductor - Latvio)"
#: en_US/Colophon.xml:184(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/JasonMatthewTaylor\"> Jason "
-"Taylor</ulink> (beat writer, editor-in-training)"
-msgstr ""
-"ulink url=\"http://fedoraproject.org/wiki/JasonMatthewTaylor\"> Jason "
-"Taylor</ulink> (escritor de compaces, editor-en-entrenamiento)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/JasonMatthewTaylor\"> Jason Taylor</ulink> (beat writer, editor-in-training)"
+msgstr "ulink url=\"http://fedoraproject.org/wiki/JasonMatthewTaylor\"> Jason Taylor</ulink> (escritor de compaces, editor-en-entrenamiento)"
#: en_US/Colophon.xml:190(para)
msgid "Jaswinder Singh (translator - Punjabi)"
-msgstr ""
+msgstr "Jaswinder Singh (traductor - Punjabi)"
#: en_US/Colophon.xml:193(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/JeffJohnston\"> Jeff Johnston</"
-"ulink> (beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/JeffJohnston\">Jeff Johnston</"
-"ulink> (contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/JeffJohnston\"> Jeff Johnston</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/JeffJohnston\">Jeff Johnston</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:197(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/JesseKeating\"> Jesse Keating</"
-"ulink> (beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/JesseKeating\">Jesse Keating</"
-"ulink> (contribuidor de artículos)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/JesseKeating\"> Jesse Keating</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/JesseKeating\">Jesse Keating</ulink> (contribuidor de artículos)"
#: en_US/Colophon.xml:201(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/JensPetersen\"> Jens Petersen</"
-"ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/JensPetersen\">Jens Petersen</"
-"ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/JensPetersen\"> Jens Petersen</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/JensPetersen\">Jens Petersen</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:205(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/JoeOrton\"> Joe Orton</ulink> "
-"(beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/JoeOrton\">Joe Orton</ulink> "
-"(escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/JoeOrton\"> Joe Orton</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/JoeOrton\">Joe Orton</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:210(para)
-#, fuzzy
msgid "Jordi Mas (translator - Catalan)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Jordi Mas (traductor - Catalán)"
#: en_US/Colophon.xml:213(para)
-#, fuzzy
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/JoséNunoCoelhoPires\"> José "
-"Nuno Coelho Pires</ulink> (translator - Portuguese)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/JosePires\">Jose Nuno Coelho "
-"Pires</ulink> (traductor - Portugués)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/JoséNunoCoelhoPires\"> José Nuno Coelho Pires</ulink> (translator - Portuguese)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/JoséNunoCoelhoPires\"> José Nuno Coelho Pires</ulink> (traductor - Portugués)"
#: en_US/Colophon.xml:220(para)
msgid "Josep Mª Brunetti (translator - Catalan)"
-msgstr ""
+msgstr "Josep Mª Brunetti (traductor - Catalan)"
#: en_US/Colophon.xml:221(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/JoshBressers\"> Josh Bressers</"
-"ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/JoshBressers\">Josh Bressers</"
-"ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/JoshBressers\"> Josh Bressers</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/JoshBressers\">Josh Bressers</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:226(para)
-#, fuzzy
msgid "Juan M. Rodriguez (translator - Spanish)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Juan M. Rodriguez (traductor - Español)"
#: en_US/Colophon.xml:229(para)
-#, fuzzy
msgid "Kai Werthwein (translator - German)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Kai Werthwein (traductor - Alemán)"
#: en_US/Colophon.xml:231(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/KarstenWade\"> Karsten Wade</"
-"ulink> (beat writer, editor, co-publisher)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/KarstenWade\">Karsten Wade</"
-"ulink> (escritor de compaces, editor, co-publicador)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/KarstenWade\"> Karsten Wade</ulink> (beat writer, editor, co-publisher)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/KarstenWade\">Karsten Wade</ulink> (escritor de compaces, editor, co-publicador)"
#: en_US/Colophon.xml:236(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/KevinKofler\"> Kevin Kofler</"
-"ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/KevinKofler\">Kevin Kofler</"
-"ulink> (escritor de artículos)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/KevinKofler\"> Kevin Kofler</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/KevinKofler\">Kevin Kofler</ulink> (escritor de artículos)"
#: en_US/Colophon.xml:241(para)
msgid "Kiyoto Hashida (translator - Japanese)"
-msgstr ""
+msgstr "Kiyoto Hashida (traductor - Japonés)"
#: en_US/Colophon.xml:244(para)
-#, fuzzy
msgid "Krishnababu Krothapalli (translator - Telugu)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Krishnababu Krothapalli (traductor - Telugu)"
#: en_US/Colophon.xml:247(para)
msgid "Kushal Das (translator - Bengali India)"
-msgstr ""
+msgstr "Kushal Das (traductor - Bengalí de la India)"
#: en_US/Colophon.xml:250(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/KyuLee\"> Kyu Lee</ulink> (beat "
-"contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/KyuLee\">Kyu Lee</ulink> "
-"(contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/KyuLee\"> Kyu Lee</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/KyuLee\">Kyu Lee</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:254(para)
msgid "Leah Liu (translator - Simplified Chinese)"
-msgstr ""
+msgstr "Leah Liu (traductor - Chino Simplificado)"
#: en_US/Colophon.xml:256(para)
-#, fuzzy
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/LenkaČelková\"> Lenka "
-"Čelková</ulink> (translator - Slovak)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/Lenka%C4%8Celkov%C3%A1\">Lenka "
-"Celkova</ulink> (traductor - Eslovaco)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/LenkaČelková\"> Lenka Čelková</ulink> (translator - Slovak)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/LenkaČelková\"> Lenka Čelková</ulink> (traductor - Eslovaco)"
#: en_US/Colophon.xml:262(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/LicioFonseca\"> Licio Fonseca</"
-"ulink> (translator - Brazilian Portuguese)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/LicioFonseca\">Licio Fonseca</"
-"ulink> (traductor - Brasilero)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/LicioFonseca\"> Licio Fonseca</ulink> (translator - Brazilian Portuguese)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/LicioFonseca\">Licio Fonseca</ulink> (traductor - Brasilero)"
#: en_US/Colophon.xml:266(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/LubomirKundrak\"> Lubomir "
-"Kundrak</ulink> (beat contributor, translator - Slovak)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/LubomirKundrak\">Lubomir Kundrak</"
-"ulink> (contribuidor de artículos, traductor - Eslovaco)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/LubomirKundrak\"> Lubomir Kundrak</ulink> (beat contributor, translator - Slovak)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/LubomirKundrak\">Lubomir Kundrak</ulink> (contribuidor de artículos, traductor - Eslovaco)"
#: en_US/Colophon.xml:272(para)
-#, fuzzy
msgid "Lukas Brausch (translator - German)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Lukas Brausch (traductor - Alemán)"
#: en_US/Colophon.xml:274(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/LuyaTshimbalanga\"> Luya "
-"Tshimbalanga</ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/LuyaTshimbalanga\">Luya "
-"Tshimbalanga</ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/LuyaTshimbalanga\"> Luya Tshimbalanga</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/LuyaTshimbalanga\">Luya Tshimbalanga</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:278(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/MagnusLarsson\"> Magnus Larsson</"
-"ulink> (translator - Swedish)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/MagnusLarsson\">Magnus Larsson</"
-"ulink>(traductor - Sueco)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/MagnusLarsson\"> Magnus Larsson</ulink> (translator - Swedish)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/MagnusLarsson\">Magnus Larsson</ulink>(traductor - Sueco)"
#: en_US/Colophon.xml:283(para)
-#, fuzzy
msgid "Manojkumar Giri (translator - Oriya)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Manojkumar Giri (traductor - Oriya)"
#: en_US/Colophon.xml:286(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/MarekMahut\"> Marek Mahut</ulink> "
-"(translator - Slovak)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/MarekMahut\">Marek Mahut</ulink> "
-"(traductor - Eslovaco)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/MarekMahut\"> Marek Mahut</ulink> (translator - Slovak)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/MarekMahut\">Marek Mahut</ulink> (traductor - Eslovaco)"
#: en_US/Colophon.xml:290(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/MathieuSchopfer\"> Mathieu "
-"Schopfer</ulink> (translator - French)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/MathieuSchopfer\">Mathieu "
-"Schopfer</ulink> (traductor - Francés)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/MathieuSchopfer\"> Mathieu Schopfer</ulink> (translator - French)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/MathieuSchopfer\">Mathieu Schopfer</ulink> (traductor - Francés)"
#: en_US/Colophon.xml:294(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/MatthieuRondeau\"> Matthieu "
-"Rondeau</ulink> (translator - French)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/MatthieuRondeau\">Matthieu "
-"Rondeau</ulink> (traductor - Francés)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/MatthieuRondeau\"> Matthieu Rondeau</ulink> (translator - French)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/MatthieuRondeau\">Matthieu Rondeau</ulink> (traductor - Francés)"
#: en_US/Colophon.xml:298(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/MaximDziumanenko\"> Maxim "
-"Dziumanenko</ulink> (translator - Ukrainian)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/MaximDziumanenko\">Maxim "
-"Dziumanenko</ulink> (traductor - Ucraniano)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/MaximDziumanenko\"> Maxim Dziumanenko</ulink> (translator - Ukrainian)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/MaximDziumanenko\">Maxim Dziumanenko</ulink> (traductor - Ucraniano)"
#: en_US/Colophon.xml:302(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/MartinBall\"> Martin Ball</ulink> "
-"(beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/MartinBall\">Martin Ball</ulink> "
-"(escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/MartinBall\"> Martin Ball</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/MartinBall\">Martin Ball</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:307(para)
-#, fuzzy
msgid "Michaël Ughetto (translator - French)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Michaël Ughetto (traductor - Francés)"
#: en_US/Colophon.xml:310(para)
-#, fuzzy
msgid "Natàlia Girabet (translator - Catalan)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Natàlia Girabet (traductor - Catalán)"
#: en_US/Colophon.xml:313(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/NikosCharonitakis\"> Nikos "
-"Charonitakis</ulink> (translator - Greek)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/NikosCharonitakis\">Nikos "
-"Charonitakis</ulink>(traductor - Griego)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/NikosCharonitakis\"> Nikos Charonitakis</ulink> (translator - Greek)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/NikosCharonitakis\">Nikos Charonitakis</ulink>(traductor - Griego)"
#: en_US/Colophon.xml:318(para)
msgid "Noriko Mizumoto (translation coordinator, translator - Japanese)"
-msgstr ""
+msgstr "Noriko Mizumoto (coordinadora de traducción, traductor - Japonés)"
#: en_US/Colophon.xml:322(para)
msgid "Oriol Miró (translator - Catalan)"
-msgstr ""
+msgstr "Oriol Miró (traductor - Catalán)"
#: en_US/Colophon.xml:325(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/OrionPoplawski\"> Orion "
-"Poplawski</ulink> (beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/OrionPoplawski\">Orion Poplawski</"
-"ulink> (contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/OrionPoplawski\"> Orion Poplawski</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/OrionPoplawski\">Orion Poplawski</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:330(para)
-#, fuzzy
msgid "Pablo Martin-Gomez (translator - French)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Pablo Martin-Gomez (traductor - Francés)"
#: en_US/Colophon.xml:332(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/PanagiotaBilianou\"> Panagiota "
-"Bilianou</ulink> (translator - Greek)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/TetaBilianou\">Teta Bilianou</"
-"ulink> (traductor - Griego)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/PanagiotaBilianou\"> Panagiota Bilianou</ulink> (translator - Greek)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/TetaBilianou\">Teta Bilianou</ulink> (traductor - Griego)"
#: en_US/Colophon.xml:336(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/PatrickBarnes\"> Patrick Barnes</"
-"ulink> (beat writer, editor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/PatrickBarnes\">Patrick Barnes</"
-"ulink>(escritor de compaces, editor)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/PatrickBarnes\"> Patrick Barnes</ulink> (beat writer, editor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/PatrickBarnes\">Patrick Barnes</ulink>(escritor de compaces, editor)"
#: en_US/Colophon.xml:340(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/PaulWFrields\"> Paul W. Frields</"
-"ulink> (tools, editor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/PaulWFrields\">Paul W. Frields</"
-"ulink> (herramientas, editor)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/PaulWFrields\"> Paul W. Frields</ulink> (tools, editor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/PaulWFrields\">Paul W. Frields</ulink> (herramientas, editor)"
#: en_US/Colophon.xml:344(para)
-#, fuzzy
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/PavolŠimo\"> Pavol Šimo</"
-"ulink> (translator - Slovak)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/Pavol%C5%A0imo\">Pavol Simo</"
-"ulink> (traductor - Eslovaco)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/PavolŠimo\"> Pavol Šimo</ulink> (translator - Slovak)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/PavolŠimo\"> Pavol Šimo</ulink> (traductor - Eslovaco)"
#: en_US/Colophon.xml:348(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/PawelSadowski\"> Pawel Sadowski</"
-"ulink> (translator - Polish)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/PawelSadowski\">Pawel Sadowski</"
-"ulink> (traductor - Polaco)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/PawelSadowski\"> Pawel Sadowski</ulink> (translator - Polish)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/PawelSadowski\">Pawel Sadowski</ulink> (traductor - Polaco)"
#: en_US/Colophon.xml:352(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/PatrickErnzer\"> Patrick Ernzer</"
-"ulink> (beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/PatrickErnzer\">Patrick Ernzer</"
-"ulink> (contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/PatrickErnzer\"> Patrick Ernzer</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/PatrickErnzer\">Patrick Ernzer</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:357(para)
-#, fuzzy
msgid "Pedro Angelo Medeiros Fonini (translator - Brazilian Portuguese)"
-msgstr "<placeholder-1/> (traductor - Portugués)"
+msgstr "Pedro Angelo Medeiros Fonini (traductor - Portugués Brasilero)"
#: en_US/Colophon.xml:360(para)
msgid "Pere Argelich (translator - Catalan)"
-msgstr ""
+msgstr "Pere Argelich (traductor - Catalán)"
#: en_US/Colophon.xml:363(para)
msgid "Peter Reuschlein (translator - German)"
-msgstr ""
+msgstr "Peter Reuschlein (traductor - Alemán)"
#: en_US/Colophon.xml:365(para)
-#, fuzzy
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/User:Raven\">Piotr Drąg</ulink> "
-"(translator - Polish)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/PiotrDrag\">Piotr Drag</ulink> "
-"(traductor - Polaco)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/User:Raven\">Piotr Drąg</ulink> (translator - Polish)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/User:Raven\">Piotr Drąg</ulink> (traductor - Polaco)"
#: en_US/Colophon.xml:370(para)
msgid "Prosenjit Biswas (translator - Bengali India)"
-msgstr ""
+msgstr "Prosenjit Biswas (traductor - Bengalí de la India)"
#: en_US/Colophon.xml:373(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/RahulSundaram\"> Rahul Sundaram</"
-"ulink> (beat writer, editor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/RahulSundaram\">Rahul Sundaram</"
-"ulink> (escritor de compaces, editor)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/RahulSundaram\"> Rahul Sundaram</ulink> (beat writer, editor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/RahulSundaram\">Rahul Sundaram</ulink> (escritor de compaces, editor)"
#: en_US/Colophon.xml:378(para)
msgid "Rajesh Ranjan (translator - Hindi)"
-msgstr ""
+msgstr "Rajesh Ranjan (traductor - Hindi)"
#: en_US/Colophon.xml:381(para)
-#, fuzzy
msgid "Robert-André Mauchin (translator - French)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Robert-André Mauchin (traductor - Francés)"
#: en_US/Colophon.xml:384(para)
msgid "Roberto Bechtlufft"
-msgstr ""
+msgstr "Roberto Bechtlufft"
#: en_US/Colophon.xml:387(para)
msgid "Run Du (translator - Simplified Chinese)"
-msgstr ""
+msgstr "Run Du (traductor - Chino Simplificado)"
#: en_US/Colophon.xml:390(para)
msgid "Runa Bhattacharjee (translator - Bengali India)"
-msgstr ""
+msgstr "Runa Bhattacharjee (traductor - Bengalí de la India)"
#: en_US/Colophon.xml:393(para)
msgid "Ryuichi Hyugabaru (translator - Japanese)"
-msgstr ""
+msgstr "Ryuichi Hyugabaru (traductor - Japonés)"
#: en_US/Colophon.xml:395(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/SamFolkWilliams\"> Sam Folk-"
-"Williams</ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/SamFolkWilliams\">Sam Folk-"
-"Williams</ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/SamFolkWilliams\"> Sam Folk-Williams</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/SamFolkWilliams\">Sam Folk-Williams</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:400(para)
-#, fuzzy
msgid "Sandeep Shedmake (translator - Marathi)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Sandeep Shedmake (traductor - Maratí)"
#: en_US/Colophon.xml:403(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/SekineTatsuo\"> Sekine Tatsuo</"
-"ulink> (translator - Japanese)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/SekineTatsuo\">Sekine Tatsuo</"
-"ulink> (traductor, Japonés)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/SekineTatsuo\"> Sekine Tatsuo</ulink> (translator - Japanese)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/SekineTatsuo\">Sekine Tatsuo</ulink> (traductor, Japonés)"
#: en_US/Colophon.xml:408(para)
-#, fuzzy
msgid "Shankar Prasad (translator - Kannada)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Shankar Prasad (traductor - Kanada)"
#: en_US/Colophon.xml:411(para)
-#, fuzzy
msgid "Severin Heiniger (translator - German)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Severin Heiniger (traductor - Alemán)"
#: en_US/Colophon.xml:413(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/SimosXenitellis\"> Simos "
-"Xenitellis</ulink> (translator - Greek)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/SimosXenitellis\">Simos "
-"Xenitellis</ulink> (traductor - Griego)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/SimosXenitellis\"> Simos Xenitellis</ulink> (translator - Greek)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/SimosXenitellis\">Simos Xenitellis</ulink> (traductor - Griego)"
#: en_US/Colophon.xml:417(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/SteveDickson\"> Steve Dickson</"
-"ulink> (beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/SteveDickson\">Steve Dickson</"
-"ulink> (escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/SteveDickson\"> Steve Dickson</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/SteveDickson\">Steve Dickson</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:422(para)
-#, fuzzy
msgid "Sweta Kothari (translator - Gujarati)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Sweta Kothari (traductor - Gujarati)"
#: en_US/Colophon.xml:425(para)
msgid "Terry Chuang (translator - Traditional Chinese)"
-msgstr ""
+msgstr "Terry Chuang (traductor - Chino Tradicional)"
#: en_US/Colophon.xml:428(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/TetaBilianou\"> Teta Bilianou</"
-"ulink> (translator - Greek)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/TetaBilianou\">Teta Bilianou</"
-"ulink> (traductor - Griego)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/TetaBilianou\"> Teta Bilianou</ulink> (translator - Greek)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/TetaBilianou\">Teta Bilianou</ulink> (traductor - Griego)"
#: en_US/Colophon.xml:432(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/ThomasCanniot\"> Thomas Canniot</"
-"ulink> (translator - French)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/ThomasCanniot\">ThomasCanniot</"
-"ulink> (traductor, Francés)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/ThomasCanniot\"> Thomas Canniot</ulink> (translator - French)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/ThomasCanniot\">ThomasCanniot</ulink> (traductor, Francés)"
#: en_US/Colophon.xml:436(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/ThomasGraf\"> Thomas Graf</ulink> "
-"(beat writer)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/ThomasGraf\">Thomas Graf</ulink> "
-"(escritor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/ThomasGraf\"> Thomas Graf</ulink> (beat writer)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/ThomasGraf\">Thomas Graf</ulink> (escritor de compaces)"
#: en_US/Colophon.xml:440(para)
-#, fuzzy
msgid "Timo Trinks (translator - German)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Timo Trinks (traductor - Alemán)"
#: en_US/Colophon.xml:442(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/TommyReynolds\"> Tommy Reynolds</"
-"ulink> (tools)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/TommyReynolds\">Tommy Reynolds</"
-"ulink> (herramientas)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/TommyReynolds\"> Tommy Reynolds</ulink> (tools)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/TommyReynolds\">Tommy Reynolds</ulink> (herramientas)"
#: en_US/Colophon.xml:446(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/ValnirFerreiraJr\"> Valnir "
-"Ferreira Jr.</ulink> (translator - Brazilian Portuguese)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/ValnirFerreira\">Valnir Ferreira "
-"Jr.</ulink> (traductor - Brasilero)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/ValnirFerreiraJr\"> Valnir Ferreira Jr.</ulink> (translator - Brazilian Portuguese)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/ValnirFerreira\">Valnir Ferreira Jr.</ulink> (traductor - Brasilero)"
#: en_US/Colophon.xml:452(para)
-#, fuzzy
msgid "Vasiliy Korchagin (translator - Russian)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Vasiliy Korchagin (traductor - Ruso)"
#: en_US/Colophon.xml:455(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/VillePekkaVainio\"> Ville-Pekka "
-"Vainio</ulink> (translator - Finnish)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/VillePekkaVainio\">Ville-Pekka "
-"Vainio</ulink> (traductor - Finlandés)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/VillePekkaVainio\"> Ville-Pekka Vainio</ulink> (translator - Finnish)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/VillePekkaVainio\">Ville-Pekka Vainio</ulink> (traductor - Finlandés)"
#: en_US/Colophon.xml:459(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/WillWoods\"> Will Woods</ulink> "
-"(beat contributor)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/WillWoods\">Will Woods</ulink> "
-"(contribuidor de compaces)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/WillWoods\"> Will Woods</ulink> (beat contributor)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/WillWoods\">Will Woods</ulink> (contribuidor de compaces)"
#: en_US/Colophon.xml:464(para)
-#, fuzzy
msgid "Xavier Conde (translator - Catalan)"
-msgstr "<placeholder-1/> (traductor - Eslovaco)"
+msgstr "Xavier Conde (traductor - Catalán)"
#: en_US/Colophon.xml:467(para)
-#, fuzzy
msgid "Xavier Queralt (translator - Catalan)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Xavier Queralt (traductor - Catalán)"
#: en_US/Colophon.xml:470(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/YoshinariTakaoka\"> Yoshinari "
-"Takaoka</ulink> (translator, tools)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/YoshinariTakaoka\">Yoshinari "
-"Takaoka</ulink> (traductor, herramientas)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/YoshinariTakaoka\"> Yoshinari Takaoka</ulink> (translator, tools)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/YoshinariTakaoka\">Yoshinari Takaoka</ulink> (traductor, herramientas)"
#: en_US/Colophon.xml:475(para)
msgid "Yu Feng (translator - Simplified Chinese"
-msgstr ""
+msgstr "Yu Feng (traductor - Chino Simplificado)"
#: en_US/Colophon.xml:477(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/YuanYijun\"> Yuan Yijun</ulink> "
-"(translator - Simplified Chinese)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/YuanYijun\">Yuan Yijun</ulink> "
-"(traductor, Chino Simplificado)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/YuanYijun\"> Yuan Yijun</ulink> (translator - Simplified Chinese)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/YuanYijun\">Yuan Yijun</ulink> (traductor, Chino Simplificado)"
#: en_US/Colophon.xml:482(para)
-#, fuzzy
msgid "Yulia Poyarkova (translator - Russian)"
-msgstr "Alain Portal (traductor - Francés)"
+msgstr "Yulia Poyarkova (traductor - Ruso)"
#: en_US/Colophon.xml:485(para)
-msgid ""
-"<ulink url=\"http://fedoraproject.org/wiki/ZhangYang\"> Zhang Yang</ulink> "
-"(translator - simplified Chinese)"
-msgstr ""
-"<ulink url=\"http://fedoraproject.org/wiki/ZhangYang\">Zhang Yang</ulink> "
-"(traductor - Chino simplificado)"
+msgid "<ulink url=\"http://fedoraproject.org/wiki/ZhangYang\"> Zhang Yang</ulink> (translator - simplified Chinese)"
+msgstr "<ulink url=\"http://fedoraproject.org/wiki/ZhangYang\">Zhang Yang</ulink> (traductor - Chino simplificado)"
#: en_US/Colophon.xml:489(para)
-msgid ""
-"... and many more translators. Refer to the Web-updated version of these "
-"release notes as we add translators after release:"
-msgstr ""
-"... y muchos más traductores. Vaya a la versión actualizada en la Web de "
-"estas notas de la versión, ya que se van agregando traductores después de "
-"esta versión:"
+msgid "... and many more translators. Refer to the Web-updated version of these release notes as we add translators after release:"
+msgstr "... y muchos más traductores. Vaya a la versión actualizada en la Web de estas notas de la versión, ya que se van agregando traductores después de esta versión:"
#: en_US/Colophon.xml:494(ulink)
msgid "http://docs.fedoraproject.org/release-notes/"
@@ -8450,50 +4463,16 @@ msgid "Production methods"
msgstr "Métodos de Producción"
#: en_US/Colophon.xml:498(para)
-msgid ""
-"Beat writers produce the release notes directly on the Fedora Project wiki. "
-"They collaborate with other subject matter experts from Fedora to explain "
-"important changes and enhancements. The editorial team ensures consistency "
-"and quality of the finished beats, and ports the Wiki material to DocBook "
-"XML in a revision control repository. Next, the team of translators produces "
-"other language versions of the release notes, which are made available to "
-"the general public as part of Fedora. The publication team also makes them, "
-"and subsequent errata, available via the Web."
-msgstr ""
-"Los escritores de artículos producen notas del lanzamiento directamente en "
-"el Wiki del Proyecto Fedora. Colaboran con otros expertos en la materia "
-"durante la fase de las versiones de prueba de Fedora para explicar los "
-"cambios y mejoras importantes. El equipo editorial asegura la consistencia y "
-"la calidad de los artículos terminados, y porta el material Wiki a XML de "
-"DocBook en un repositorio de control de revisión. En este punto, el equipo "
-"de traductores producen las versiones en otros idiomas y luego se ponen "
-"disponibles al público en general como parte de Fedora. El equipo de "
-"publicación edita la errata posterior y la pone a disposición en la web."
+msgid "Beat writers produce the release notes directly on the Fedora Project wiki. They collaborate with other subject matter experts from Fedora to explain important changes and enhancements. The editorial team ensures consistency and quality of the finished beats, and ports the Wiki material to DocBook XML in a revision control repository. Next, the team of translators produces other language versions of the release notes, which are made available to the general public as part of Fedora. The publication team also makes them, and subsequent errata, available via the Web."
+msgstr "Los escritores de artículos producen notas del lanzamiento directamente en el Wiki del Proyecto Fedora. Colaboran con otros expertos en la materia durante la fase de las versiones de prueba de Fedora para explicar los cambios y mejoras importantes. El equipo editorial asegura la consistencia y la calidad de los artículos terminados, y porta el material Wiki a XML de DocBook en un repositorio de control de revisión. En este punto, el equipo de traductores producen las versiones en otros idiomas y luego se ponen disponibles al público en general como parte de Fedora. El equipo de publicación edita la errata posterior y la pone a disposición en la web."
#: en_US/Backwards_compatibility.xml:5(title)
msgid "Backwards compatibility"
msgstr "Compatibilidad hacia atrás"
#: en_US/Backwards_compatibility.xml:6(para)
-msgid ""
-"Fedora provides legacy system libraries for compatibility with older "
-"software. This software is part of the <menuchoice><guimenuitem>Legacy "
-"Software Development</guimenuitem></menuchoice> group, which is not "
-"installed by default. Users who require this functionality may select this "
-"group either during installation or after the installation process is "
-"complete. To install the package group on a Fedora system, use "
-"<guimenu>Applications</guimenu><guimenuitem>Add/Remove Software</"
-"guimenuitem> or enter the following command in a terminal window:"
-msgstr ""
-"Fedora provee bibliotecas de sistema legados para compatibilidad con "
-"software viejo. Este software es parte del grupo de "
-"<menuchoice><guimenuitem>Desarrollo de Software Legado</menuchoice></"
-"guimenuitem>, que no se instala por defecto. Los usuarios que necesiten esta "
-"funcionalidad pueden seleccionar este grupo durante la instalación, o "
-"después de que se complete el proceso de instalación. Para instalar el grupo "
-"de paquetes en un sistema Fedora, use <guimenu>Aplicaciones</"
-"guimenu><guimenuitem>Añadir/Quitar Software</guimenuitem> o ingrese el "
-"siguiente comando en una ventana terminal:"
+msgid "Fedora provides legacy system libraries for compatibility with older software. This software is part of the <menuchoice><guimenuitem>Legacy Software Development</guimenuitem></menuchoice> group, which is not installed by default. Users who require this functionality may select this group either during installation or after the installation process is complete. To install the package group on a Fedora system, use <guimenu>Applications</guimenu><guimenuitem>Add/Remove Software</guimenuitem> or enter the following command in a terminal window:"
+msgstr "Fedora provee bibliotecas de sistema legados para compatibilidad con software viejo. Este software es parte del grupo de <menuchoice><guimenuitem>Desarrollo de Software Legado</menuchoice></guimenuitem>, que no se instala por defecto. Los usuarios que necesiten esta funcionalidad pueden seleccionar este grupo durante la instalación, o después de que se complete el proceso de instalación. Para instalar el grupo de paquetes en un sistema Fedora, use <guimenu>Aplicaciones</guimenu><guimenuitem>Añadir/Quitar Software</guimenuitem> o ingrese el siguiente comando en una ventana terminal:"
#: en_US/Backwards_compatibility.xml:20(userinput)
#, no-wrap
@@ -8513,12 +4492,8 @@ msgid "Compiler compatibility"
msgstr "Compatibilidad de Compilador"
#: en_US/Backwards_compatibility.xml:26(para)
-msgid ""
-"The <package>compat-gcc-34</package> package has been included for "
-"compatibility reasons:"
-msgstr ""
-"El paquete <package>compat-gcc-34</package> ha sido incluído por razones de "
-"compatibilidad:"
+msgid "The <package>compat-gcc-34</package> package has been included for compatibility reasons:"
+msgstr "El paquete <package>compat-gcc-34</package> ha sido incluído por razones de compatibilidad:"
#: en_US/Backwards_compatibility.xml:33(title)
msgid "KDE 3 development"
@@ -8537,9 +4512,8 @@ msgid "Release Notes"
msgstr "Notas del Lanzamiento"
#: en_US/Article_Info.xml:11(subtitle)
-#, fuzzy
msgid "Fedora 10"
-msgstr "FAQ de Fedora"
+msgstr "Fedora 10"
#. pubsnumber is used for RPM release
#: en_US/Article_Info.xml:16(pubsnumber)
@@ -8563,33 +4537,16 @@ msgid "Architecture specific notes"
msgstr "Notas Específicas a las Arquitecturas"
#: en_US/Architecture_specific_notes.xml:7(para)
-msgid ""
-"This section provides notes that are specific to the supported hardware "
-"architectures of Fedora."
-msgstr ""
-"Esta sección provee notas que son específicas a las arquitecturas de "
-"hardware soportados por Fedora."
+msgid "This section provides notes that are specific to the supported hardware architectures of Fedora."
+msgstr "Esta sección provee notas que son específicas a las arquitecturas de hardware soportados por Fedora."
#: en_US/Architecture_specific_notes.xml:10(title)
msgid "RPM multiarch support on 64-bit platforms - x86_64 and ppc64"
msgstr "Soporte Multiarch de RPM en plataformas de 64 bit - x86_64 y ppc64"
#: en_US/Architecture_specific_notes.xml:12(para)
-msgid ""
-"RPM supports parallel installation of multiple architectures of the same "
-"package. A default package listing such as <command>rpm -qa</command> might "
-"appear to include duplicate packages, since the architecture is not "
-"displayed. Instead, use the <command>repoquery</command> command, part of "
-"the <package>yum-utils</package> package, which displays architecture by "
-"default. To install <package>yum-utils</package>, run the following command:"
-msgstr ""
-"RPM soporta instalación paralela de múltiples arquitecturas en el mismo "
-"paquete. Un listado de paquetes por defecto como <command>rpm -qa</command> "
-"puede aparecer como que incluye paquetes duplicados, dado que la "
-"arquitectura no es mostrada. En vez de eso, use el comando "
-"<command>repoquery</command>, que es parte del paquete <package>yum-utils</"
-"package>, que muestra la arquitectura por defecto. Para instalar "
-"<package>yum-utils</package>, ejecute el siguiente comando:"
+msgid "RPM supports parallel installation of multiple architectures of the same package. A default package listing such as <command>rpm -qa</command> might appear to include duplicate packages, since the architecture is not displayed. Instead, use the <command>repoquery</command> command, part of the <package>yum-utils</package> package, which displays architecture by default. To install <package>yum-utils</package>, run the following command:"
+msgstr "RPM soporta instalación paralela de múltiples arquitecturas en el mismo paquete. Un listado de paquetes por defecto como <command>rpm -qa</command> puede aparecer como que incluye paquetes duplicados, dado que la arquitectura no es mostrada. En vez de eso, use el comando <command>repoquery</command>, que es parte del paquete <package>yum-utils</package>, que muestra la arquitectura por defecto. Para instalar <package>yum-utils</package>, ejecute el siguiente comando:"
#: en_US/Architecture_specific_notes.xml:23(userinput)
#, no-wrap
@@ -8597,28 +4554,21 @@ msgid "su -c 'yum install yum-utils'"
msgstr "su -c 'yum install yum-utils'"
#: en_US/Architecture_specific_notes.xml:25(para)
-msgid ""
-"To list all packages with their architecture using <command>rpm</command>, "
-"run the following command:"
-msgstr ""
-"Para lostar todos los paquetes con sus arquitecturas usando <command>rpm</"
-"command>, use el siguiente comando:"
+msgid "To list all packages with their architecture using <command>rpm</command>, run the following command:"
+msgstr "Para lostar todos los paquetes con sus arquitecturas usando <command>rpm</command>, use el siguiente comando:"
#: en_US/Architecture_specific_notes.xml:28(userinput)
#, no-wrap
-msgid "rpm -qa --queryformat \"%{name}-%{version}-%{release}.%{arch}\\n\""
-msgstr "rpm -qa --queryformat \"%{name}-%{version}-%{release}.%{arch}\\n\""
-
-#: en_US/Architecture_specific_notes.xml:30(para)
msgid ""
-"This setting changes the default query to list the architecture. Add it to "
-"<filename>/etc/rpm/macros</filename> (for a system wide setting) or "
-"<filename>~/.rpmmacros</filename> (for a per-user setting)."
+"rpm -qa --queryformat \"%{name}-%{version}-%{release}.%{arch}\\n"
+"\""
msgstr ""
-"Puede agregar esto a <filename>/etc/rpm/macros</filename> (para una "
-"configuración a nivel de sistema) o en <filename>~/.rpmmacros</filename> "
-"(para una configuración específica a un usuario). Esto cambia la consulta "
-"por defecto para que liste la arquitectura."
+"rpm -qa --queryformat \"%{name}-%{version}-%{release}.%{arch}\\n"
+"\""
+
+#: en_US/Architecture_specific_notes.xml:30(para)
+msgid "This setting changes the default query to list the architecture. Add it to <filename>/etc/rpm/macros</filename> (for a system wide setting) or <filename>~/.rpmmacros</filename> (for a per-user setting)."
+msgstr "Puede agregar esto a <filename>/etc/rpm/macros</filename> (para una configuración a nivel de sistema) o en <filename>~/.rpmmacros</filename> (para una configuración específica a un usuario). Esto cambia la consulta por defecto para que liste la arquitectura."
#: en_US/Architecture_specific_notes.xml:35(userinput)
#, no-wrap
@@ -8630,114 +4580,60 @@ msgid "Amateur Radio"
msgstr "Radio Amateur"
#: en_US/Amateur_radio.xml:7(para)
-msgid ""
-"Fedora 10 includes a number of applications and libraries that are of "
-"interest to amateur radio operators and electronic hobbyists. Many of these "
-"applications are included in the Fedora Electronic Lab spin. Fedora also "
-"includes a number of VLSI and IC design tools."
-msgstr ""
-"Fedora 10 incluye un número de aplicaciones y bibliotecas que son de interés "
-"para operadores de radio amateur y hobistas de electrónica. Muchas de estas "
-"aplicaciones están incluídas en el spin de Laboratorio Electrónico de "
-"Fedora. Fedora también incluye un número de herramientas de diseño de IC y "
-"VLSI."
+msgid "Fedora 10 includes a number of applications and libraries that are of interest to amateur radio operators and electronic hobbyists. Many of these applications are included in the Fedora Electronic Lab spin. Fedora also includes a number of VLSI and IC design tools."
+msgstr "Fedora 10 incluye un número de aplicaciones y bibliotecas que son de interés para operadores de radio amateur y hobistas de electrónica. Muchas de estas aplicaciones están incluídas en el spin de Laboratorio Electrónico de Fedora. Fedora también incluye un número de herramientas de diseño de IC y VLSI."
#: en_US/Amateur_radio.xml:16(para)
-msgid ""
-"Sound card mode applications include <package>fldigi</package>, "
-"<package>gpsk31</package>, <package>gmfsk</package>, <package>lpsk31</"
-"package>, <package>xfhell</package>, and <package>xpsk31</package>."
-msgstr ""
-"Las aplicaciones para placa de sonido incluyen a <package>fldigi</package>, "
-"<package>gpsk31</package>, <package>gmfsk</package>, <package>lpsk31</"
-"package>, <package>xfhell</package> y <package>xpsk31</package>."
+msgid "Sound card mode applications include <package>fldigi</package>, <package>gpsk31</package>, <package>gmfsk</package>, <package>lpsk31</package>, <package>xfhell</package>, and <package>xpsk31</package>."
+msgstr "Las aplicaciones para placa de sonido incluyen a <package>fldigi</package>, <package>gpsk31</package>, <package>gmfsk</package>, <package>lpsk31</package>, <package>xfhell</package> y <package>xpsk31</package>."
#: en_US/Amateur_radio.xml:24(para)
-msgid ""
-"The <package>gnuradio</package> package is a software defined radio "
-"framework."
-msgstr ""
-"El paquete <package>gnuradio</package> es un marco de trabajo para radio "
-"definido por software."
+msgid "The <package>gnuradio</package> package is a software defined radio framework."
+msgstr "El paquete <package>gnuradio</package> es un marco de trabajo para radio definido por software."
#: en_US/Amateur_radio.xml:30(para)
-msgid ""
-"The <package>aprsd</package> and <package>xastir</package> packages provide "
-"APRS capabilities."
-msgstr ""
-"Los paquetes <package>aprsd</package> y <package>xastir</package> proveen "
-"capacidades APRS."
+msgid "The <package>aprsd</package> and <package>xastir</package> packages provide APRS capabilities."
+msgstr "Los paquetes <package>aprsd</package> y <package>xastir</package> proveen capacidades APRS."
#: en_US/Amateur_radio.xml:36(para)
-msgid ""
-"The <application>gEDA</application> suite consists of an integrated set of "
-"schematics applications for capture, net listing, circuit simulation, and "
-"PCB layout."
-msgstr ""
-"El suite <application>gEDA</application> consta de un conjunto integrado de "
-"aplicaciones esquemáticas para la captura, listado de red, simulación de "
-"circuito y diseño PCB."
+msgid "The <application>gEDA</application> suite consists of an integrated set of schematics applications for capture, net listing, circuit simulation, and PCB layout."
+msgstr "El suite <application>gEDA</application> consta de un conjunto integrado de aplicaciones esquemáticas para la captura, listado de red, simulación de circuito y diseño PCB."
#: en_US/Amateur_radio.xml:43(para)
-msgid ""
-"The <package>gspiceui</package>, <package>ngspice</package>, and "
-"<package>gnucap</package> packages provide circuit simulation capabilities."
-msgstr ""
-"Los paquetes <package>gspiceui</package>, <package>ngspice</package> y "
-"<package>gnucap</package> proveen capacidades de simulación de circuitos."
+msgid "The <package>gspiceui</package>, <package>ngspice</package>, and <package>gnucap</package> packages provide circuit simulation capabilities."
+msgstr "Los paquetes <package>gspiceui</package>, <package>ngspice</package> y <package>gnucap</package> proveen capacidades de simulación de circuitos."
#: en_US/Amateur_radio.xml:50(para)
-msgid ""
-"There are a variety of other tools for learning Morse code, orbit prediction "
-"and tracking satellites, producing schematic diagrams and PCB artwork, "
-"amateur radio logbook keeping, and other applications of interest to amateur "
-"radio and electronics enthusiasts."
-msgstr ""
-"Hay una variedad de otras herramientas para el aprendizaje de código Morse, "
-"predicción de órbita y rastreo de satélites, producción de diagramas "
-"esquemáticos y diseño PCB, mantención de un libro de registro de radio "
-"amateur, y otras aplicaciones de interés para los radio amateur y los "
-"entusiastas de electrónica."
+msgid "There are a variety of other tools for learning Morse code, orbit prediction and tracking satellites, producing schematic diagrams and PCB artwork, amateur radio logbook keeping, and other applications of interest to amateur radio and electronics enthusiasts."
+msgstr "Hay una variedad de otras herramientas para el aprendizaje de código Morse, predicción de órbita y rastreo de satélites, producción de diagramas esquemáticos y diseño PCB, mantención de un libro de registro de radio amateur, y otras aplicaciones de interés para los radio amateur y los entusiastas de electrónica."
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2.
#: en_US/Amateur_radio.xml:0(None)
msgid "translator-credits"
-msgstr ""
-"Domingo E. Becker <domingobecker(a)gmail.com>, 2006, 2007, 2008.Juan M. "
-"Rodriguez <nushio(a)gmail.com>, 2008."
+msgstr "Domingo E. Becker <domingobecker(a)gmail.com>, 2006, 2007, 2008.Juan M. Rodriguez <nushio(a)gmail.com>, 2008."
#~ msgid "Fedora 10 Preview Release"
#~ msgstr "Las notas del lanzamiento para Fedora 10"
-
#~ msgid "mediacheck"
#~ msgstr "mediacheck"
-
#~ msgid "<placeholder-1/> (translator)"
#~ msgstr "<placeholder-1/> (traductor)"
-
#~ msgid "<placeholder-1/> (translator - Polish)"
#~ msgstr "<placeholder-1/> (traductor - Polaco)"
-
#~ msgid "Preview of the Release notes for F10"
#~ msgstr "Notas del Lanzamiento para el Lanzamiento Preliminar de F10"
-
#~ msgid "Power Users Get What Features and Fixes"
#~ msgstr "Los Usuarios de Power tienen Algunas Características y Correcciones"
-
#~ msgid "Legal Stuff and Administrivia"
#~ msgstr "Cuestiones Legales y Administrivia"
-
#~ msgid "<command>virt-mem</command> is experimental."
#~ msgstr "<command>virt-mem</command> es experimental."
-
#~ msgid "<ulink url=\"http://amqp.org/\"/> AMQP Project Site"
#~ msgstr "<ulink url=\"http://amqp.org/\"/> Sitio del Proyecto AMQP"
-
#~ msgid "<ulink url=\"http://thincrust.net/\"/> Appliance Tool Project Site"
#~ msgstr ""
#~ "<ulink url=\"http://thincrust.net/\"/> Sitio del Proyecto de Herramienta "
#~ "para Aparatos"
-
#~ msgid ""
#~ "32-bit CHRP (IBM RS/6000 and others) -- After using OpenFirmware to boot "
#~ "the CD, select the <filename>linux32</filename> boot image at the "
@@ -8748,12 +4644,10 @@ msgstr ""
#~ "<filename>linux32</filename> en el indicador <prompt>boot:</prompt> para "
#~ "iniciar el instalador de 32 bit. Sino se iniciará el instalador de 64 "
#~ "bits y fallará."
-
#~ msgid "RS/6000 kernel support is currently broken (as of August 28, 2008)."
#~ msgstr ""
#~ "El soporte de kernel para RS/6000 está discontinuado (al 28 de Agosto de "
#~ "2008)."
-
#~ msgid ""
#~ "Virtualization kernel for use with the Xen emulator package. Configured "
#~ "sources are available in the <package>kernel-xen-devel</package> package."
@@ -8761,7 +4655,6 @@ msgstr ""
#~ "Kernel para virtualización para usar con el paquete emulador Xen. Las "
#~ "fuentes configuradas se encuentran disponibles en el paquete "
#~ "<package>kernel-xen-devel</package>."
-
#~ msgid "jvisualvm"
#~ msgstr "jvisualvm"
@@ -8785,7 +4678,6 @@ msgstr ""
#~ "<option>oriya</option>, <option>punjabi</option>, <option>sinhala</"
#~ "option>, <option>tamil</option>, <option>thai</option>, <option>telegu</"
#~ "option>, <option>thai</option> y demás."
-
#~ msgid "Development"
#~ msgstr "Desarrollo"
@@ -8794,7 +4686,6 @@ msgstr ""
#~ msgstr ""
#~ "Éste contenido no ha sido actualizado sino hasta después del Preview "
#~ "Release."
-
#~ msgid ""
#~ "We need to finish writing and translating the notes to know who has "
#~ "worked on them."
@@ -8805,7 +4696,6 @@ msgstr ""
#, fuzzy
#~ msgid "Out of date content."
#~ msgstr "La vista previa está desactualizada"
-
#~ msgid ""
#~ "This content is out of date, it has not been updated since the Fedora 9 "
#~ "release notes."
@@ -8833,10 +4723,8 @@ msgstr ""
#, fuzzy
#~ msgid "Web servers"
#~ msgstr "Servidores Web"
-
#~ msgid "PostgreSQL DBD Driver"
#~ msgstr "Controlador DBD para PostgreSQL"
-
#~ msgid ""
#~ "Users of the <filename>mod_dbd</filename> module should note that the "
#~ "<filename>apr-util</filename> DBD driver for PostgreSQL is now "
@@ -8851,20 +4739,16 @@ msgstr ""
#~ "se incluye ahora en el paquete <package>apr-util-pgsql</package>. Un "
#~ "controlador MySQL está ahora disponible, en el paquete <package>apr-util-"
#~ "mysql</package>."
-
#~ msgid "/etc/drupal/default/settings.php.rpmsave"
#~ msgstr "/etc/drupal/default/settings.php.rpmsave"
-
#~ msgid "/etc/drupal/default/settings.php"
#~ msgstr "/etc/drupal/default/settings.php"
-
#~ msgid ""
#~ "Copy <placeholder-1/> to <placeholder-2/>, and repeat for any additional "
#~ "sites' <filename>settings.php</filename> files."
#~ msgstr ""
#~ "Copie <placeholder-1/> a <placeholder-2/>, y repita para cualquier "
#~ "archivo <filename>settings.php</filename> de sitio adicional."
-
#~ msgid "Python NSS bindings resources"
#~ msgstr "Recursos de enlaces a NSS para Python"
@@ -8925,27 +4809,22 @@ msgstr ""
#~ "está siendo restringido, luego garantice el permiso restringido en "
#~ "<filename>/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0/jre/lib/security/java."
#~ "policy</filename>. "
-
#~ msgid "<ulink url=\"http://jnlp.sourceforge.net/\"/> -- NetX"
#~ msgstr "<ulink url=\"http://jnlp.sourceforge.net/\"/> -- NetX"
#, fuzzy
#~ msgid "Echo icon theme"
#~ msgstr "Nombre del tema de iconos"
-
#~ msgid "Latest Release Notes on the Web"
#~ msgstr "Ultimas Notas de la Versión en la Web"
-
#~ msgid ""
#~ "These release notes may be updated. To view the latest release notes for "
#~ "Fedora, visit:"
#~ msgstr ""
#~ "Estas notas del lanzamiento pueden ser actualizadas. Para ver la última "
#~ "versión de las notas del lanzamiento de Fedora, visite:"
-
#~ msgid "Faster X Start-up and Shutdown"
#~ msgstr "Inicio y Cierre de X más Rápido"
-
#~ msgid ""
#~ "Fedora 9 features a number of changes designed to make X faster in "
#~ "starting and shutting down and to make other improvements. Full details "
@@ -8954,7 +4833,6 @@ msgstr ""
#~ "Fedora 9 tiene como característica un número de cambios diseñados para "
#~ "hacer que X inicie y cierre más rápido, entre otras mejoras. Mayores "
#~ "detalles del proyecto se puede encontrar en esta página:"
-
#~ msgid ""
#~ "The X.Org 1.4.99 X server has been modified to automatically detect and "
#~ "configure most hardware, eliminating the need to modify the <filename>/"
@@ -8968,20 +4846,16 @@ msgstr ""
#~ "configuración <filename>/etc/X11/xorg.conf</filename>. El único hardware "
#~ "configurado por defecto en el archivo <filename>xorg.conf</filename> "
#~ "escrito por <application>Anaconda</application> es:"
-
#~ msgid "the graphics driver, and"
#~ msgstr "lLos controladores gráficos y "
-
#~ msgid "the keyboard map"
#~ msgstr "el mapa del teclado"
-
#~ msgid ""
#~ "All other hardware, such as monitors (both LCD and CRT), USB mice, and "
#~ "touchpads, should be detected and configured automatically."
#~ msgstr ""
#~ "Todo otro hardware, tales como monitores (LCD y CRT), ratón USB, y "
#~ "touchpads deberían ser detectados y configurados automáticamente."
-
#~ msgid ""
#~ "The X server queries the attached monitor for supported resolution "
#~ "ranges, and attempts to pick the highest resolution available with the "
@@ -9001,7 +4875,6 @@ msgstr ""
#~ "sistema se puede cambiar con <menuchoice><guimenu>Sistema</"
#~ "guimenu><guisubmenu>Administración</guisubmenu><guimenuitem>Pantalla</"
#~ "guimenuitem></menuchoice>."
-
#~ msgid ""
#~ "If the <filename>/etc/X11/xorg.conf</filename> configuration file is not "
#~ "present, X automatically detects the appropriate driver, and assumes a "
@@ -9011,7 +4884,6 @@ msgstr ""
#~ "está presente, X también detecta automáticamente el controlador "
#~ "apropiado, y asume que hay un teclado con el formato de 105 teclas de "
#~ "EEUU."
-
#~ msgid ""
#~ "In certain situations, the <computeroutput>evdev</computeroutput> driver "
#~ "was used, even when the <computeroutput>kbd</computeroutput> driver was "
@@ -9024,7 +4896,6 @@ msgstr ""
#~ "<computeroutput>kbd</computeroutput> en <filename>/etc/X11/xorg.conf</"
#~ "filename>. La eliminación del controlador <computeroutput>evdev</"
#~ "computeroutput> provocaba errores y advertencias como las siguientes:"
-
#~ msgid ""
#~ "In Fedora 9, the XKB settings are read from <filename>/etc/sysconfig/"
#~ "keyboard</filename>, which gives users the correct layout. The "
@@ -9039,7 +4910,6 @@ msgstr ""
#~ "keyboard</filename>, también ponía el diseño para X. Las variables "
#~ "<option>XKB_VARIANT</option> y <option>XKB_OPTIONS</option> se pueden "
#~ "configurar para personalizar XKB."
-
#~ msgid ""
#~ "The Fedora Project is a Red Hat sponsored and community supported open "
#~ "source project. Its goal is the rapid progress of free and open source "
@@ -9054,19 +4924,14 @@ msgstr ""
#~ "hace uso de foros públicos, procesos abierto, innovación rápida, "
#~ "meritocracia y transparencia en la búsqueda del mejor sistema operativo y "
#~ "plataforma que pueda proveer el software libre y de código abierto."
-
#~ msgid "Older Release Notes on the Web"
#~ msgstr "Notas del Lanzamiento Anteriores en la Web"
-
#~ msgid "Help and Discussions"
#~ msgstr "Ayuda y Discusiones"
-
#~ msgid "Participate in the Fedora Project"
#~ msgstr "Participe en el Proyecto Fedora"
-
#~ msgid "Document Links"
#~ msgstr "Enlaces a Documentos"
-
#~ msgid ""
#~ "Many links may not work properly from within the installation "
#~ "environment, due to resource constraints. The release notes are also "
@@ -9081,10 +4946,8 @@ msgstr ""
#~ "página por defecto del navegador web del escritorio. Si está conectado a "
#~ "internet, use estos enlaces para buscar otra información útil acerca de "
#~ "Fedora y la comunidad que lo crea y lo apoya."
-
#~ msgid "TurboGears Applications"
#~ msgstr "Aplicaciones TurboGears"
-
#~ msgid ""
#~ "SQLAlchemy has been updated to 0.4.x. TurboGears Applications developed "
#~ "using SQLAlchemy for their database layer will need to update their "
@@ -9093,13 +4956,10 @@ msgstr ""
#~ "SQLAlchemy fue actualizado a 0.4.x. Las aplicaciones TurboGears "
#~ "desarrolladas usando SQLAlchemy como capa de base de datos necesitarán "
#~ "actualizar sus scripts de arranque. En vez de:"
-
#~ msgid "the start script needs to have:"
#~ msgstr "el script de inicio necesita tener:"
-
#~ msgid "Squid"
#~ msgstr "Squid"
-
#~ msgid ""
#~ "Squid has been updated from version 2.6 to 3.0.STABLE2. The configuration "
#~ "files are not entirely backwards compatible. For further details, refer "
@@ -9108,17 +4968,14 @@ msgstr ""
#~ "Squid fue actualizado de la versión 2.6 a la 3.0.STABLE2. Los archivos de "
#~ "configuración no son completamente compatibles hacia atrás. Para más "
#~ "detalles, vaya a las notas del lanzamiento de Squid:"
-
#~ msgid ""
#~ "As well, due to a bug, the transparent proxy does not work. This should "
#~ "be resolved after the first update."
#~ msgstr ""
#~ "También, debido a un error, el proxy transparente no funciona. Esto debe "
#~ "ser resuelto luego de la primera actualización."
-
#~ msgid "Kernel Integration Improvements"
#~ msgstr "Mejoras en la Integración del Kernel"
-
#~ msgid ""
#~ "The Xen kernel is now based on the paravirt ops implementation from the "
#~ "upstream kernel. Previously, the Xen kernel was created by forward-"
@@ -9136,7 +4993,6 @@ msgstr ""
#~ "del kernel normal. La inclusión de operaciones paravirtuales ahora hace "
#~ "este proceso innecesario. Una vez que las operaciones paravirtuales se "
#~ "mezclen en las fuentes, Xen no necesitará un kernel separado."
-
#~ msgid ""
#~ "However, the Xen kernel now lacks Dom0 support. An existing Xen host/Dom0 "
#~ "must continue to run Fedora 8. Xen Dom0 support will be added back in "
@@ -9145,24 +5001,19 @@ msgstr ""
#~ "Sin embargo, el kernel de Xen no tiene ahora soporte para Dom0. Se debe "
#~ "tener un anfitrión Xen Dom0 para poder correr Fedora 8. El soporte para "
#~ "Dom0 en Xen se agregará de nuevo en Fedora 10."
-
#~ msgid ""
#~ "Fully virtualized Linux guests now have 3 possible installation methods:"
#~ msgstr ""
#~ "Los invitados Linux completamente virtualizados tienen ahora 3 métodos de "
#~ "instalación posibles:"
-
#~ msgid "PXE boot from the network."
#~ msgstr "Arranque PXE desde la red."
-
#~ msgid "Local CDROM drive / ISO image."
#~ msgstr "Disco CDROM local / imágen ISO."
-
#~ msgid "Network install from a FTP/HTTP/NFS hosted distribution tree."
#~ msgstr ""
#~ "Instalación por red desde un árbol de distribución alojado en un FTP/HTTP/"
#~ "NFS."
-
#~ msgid ""
#~ "The latter allows for fully automated installation through the use of "
#~ "kickstart files. This provides parity between Xen HVM and KVM guests in "
@@ -9171,7 +5022,6 @@ msgstr ""
#~ "El último le permite una instalación automatizada completa a través de "
#~ "los archivos kickstart. Provee paridad entre los invitados Xen HVM y KVM "
#~ "en términos de métodos de instalación."
-
#~ msgid ""
#~ "Previously, Fedora introduced the ability to manage existing guest "
#~ "domains remotely using <package>libvirt</package> . It was not possible "
@@ -9185,10 +5035,8 @@ msgstr ""
#~ "administración de almacenamiento. En Fedora 9, la nueva administración de "
#~ "almacenamiento puede crear y borrar volúmenes de almacenamiento desde un "
#~ "equipo remoto usando <package>libvirt</package>."
-
#~ msgid "PolicyKit Integration"
#~ msgstr "Integración PolicyKit"
-
#~ msgid ""
#~ "Previously, the <command>virt-manager</command> application ran as root "
#~ "when managing a local hypervisor, and used <command>consolehelper</"
@@ -9202,10 +5050,8 @@ msgstr ""
#~ "escritorio. Correr aplicaciones GTK como root es una práctica indeseada. "
#~ "La integración de PolicyKit permite ahora correr <command>virt-manager</"
#~ "command> como un usuario común."
-
#~ msgid "Improved Remote Authentication"
#~ msgstr "Autenticación Remota Mejorada"
-
#~ msgid ""
#~ "Previously, Fedora introduced support for secure remote management using "
#~ "TLS/SSL, and x509 certificates. Fedora 9 improves remote management "
@@ -9219,25 +5065,21 @@ msgstr ""
#~ "autenticación por base de datos de contraseñas, controlador de dominio "
#~ "Kerberos, o sistema de autenticación usando PAM. Esta característica se "
#~ "aplica a todas las herramientas usando <package>libvirt</package>."
-
#~ msgid ""
#~ "a new P2V tool, shipping as a Live CD, for converting a bare-metal "
#~ "install to a virtual guest"
#~ msgstr ""
#~ "una herramienta P2V nueva, que sale como un CD Vivo, para convertir las "
#~ "instalaciones hechas en un invitado virtual."
-
#~ msgid ""
#~ "a new tool, <command>xenner</command>, for running Xen-paravirtual "
#~ "kernels on top of KVM"
#~ msgstr ""
#~ "una nueva herramienta, <command>xenner</command>, para correr kernels Xen "
#~ "paravirtualizados encima de KVM"
-
#~ msgid "storage and network paravirtual-drivers for KVM guests"
#~ msgstr ""
#~ "controladores paravirtualizados de almacenamiento y red para invitados KVM"
-
#~ msgid ""
#~ "full support for monitoring network and block statistics of QEMU and KVM "
#~ "in <package>libvirt</package> and <package>virt-top</package> , bringing "
@@ -9247,10 +5089,8 @@ msgstr ""
#~ "QEMU y KVM en <package>libvirt</package> y <package>virt-top</package>, "
#~ "trayendo paridad en el monitoreo de las estadísticas, lo que antes estaba "
#~ "sólo disponibles en invitados Xen"
-
#~ msgid "Support for SHA-256 and SHA-512 passwords"
#~ msgstr "Soporte para contraseñas SHA-256 y SHA-512"
-
#~ msgid ""
#~ "The <package>glibc</package> package in Fedora 8 had <ulink url=\"http://"
#~ "people.redhat.com/drepper/sha-crypt.html\">support</ulink> for passwords "
@@ -9264,7 +5104,6 @@ msgstr ""
#~ "MD5 estaban disponibles. Estas herramientas han sido extendidas en Fedora "
#~ "9. Ahora hay soporte para el hashing de contraseñas usando las funciones "
#~ "de hash SHA-256 y SHA-512."
-
#~ msgid ""
#~ "To switch to SHA-256 or SHA-512 on an installed system, use "
#~ "<command>authconfig --passalgo=sha256 --update</command> or "
@@ -9279,7 +5118,6 @@ msgstr ""
#~ "alternativa, use la herramienta gráfica <command>authconfig-gtk</command> "
#~ "para configurar el método de hashing. Las cuentas de los usuarios "
#~ "actuales no serán afectadas hasta que sus contraseñas sean cambiadas."
-
#~ msgid ""
#~ "SHA-512 is used by default on newly installed systems. Other algorithms "
#~ "can be configured only for kickstart installations, by using the "
@@ -9296,7 +5134,6 @@ msgstr ""
#~ "kickstart, use <command>authconfig</command> como se describe más arriba "
#~ "y luego cambie la contraseña de root, y las contraseñas de los demás "
#~ "usuarios creados luego de la instalación."
-
#~ msgid ""
#~ "New options now appear in <package>libuser</package> , <package>pam</"
#~ "package> , and <package>shadow-utils</package> to support these password "
@@ -9309,7 +5146,6 @@ msgstr ""
#~ "a estos algoritmos de hashing de contraseñas. Al ejecutar "
#~ "<command>authconfig</command> se configuran todas estas opciones "
#~ "automáticamente, por lo que no es necesario modificarlas manualmente."
-
#~ msgid ""
#~ "New values for the <option>crypt_style</option> option, and the new "
#~ "options <option>hash_rounds_min</option>, and <option>hash_rounds_max</"
@@ -9322,7 +5158,6 @@ msgstr ""
#~ "option> en la sección <option>[defaults]</option> de <filename>/etc/"
#~ "libuser.conf</filename>. Vaya a la página man de <command>libuser.conf(5)"
#~ "</command> para más detalles."
-
#~ msgid ""
#~ "New options, <option>sha256</option>, <option>sha512</option>, and "
#~ "<option>rounds</option>, are now supported by the <filename>pam_unix</"
@@ -9333,7 +5168,6 @@ msgstr ""
#~ "<option>rounds</option> son ahora soportados por el módulo PAM "
#~ "<filename>pam_unix</filename>. Vaya a la página man de <command>pam_unix"
#~ "(8)</command> para más detalles."
-
#~ msgid ""
#~ "New options, <option>ENCRYPT_METHOD</option>, "
#~ "<option>SHA_CRYPT_MIN_ROUNDS</option>, and <option>SHA_CRYPT_MAX_ROUNDS</"
@@ -9348,10 +5182,8 @@ msgstr ""
#~ "Vaya a la página man de <command>login.defs(5)</command> para más "
#~ "detalles. Las opciones correspondientes se agregaron a <command>chpasswd"
#~ "(8)</command> y <command>newusers(8)</command>."
-
#~ msgid "FORTIFY_SOURCE extended to cover more functions"
#~ msgstr "FORTIFY_SOURCE fue extendida para cubrir más funciones"
-
#~ msgid ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/Security/"
#~ "Features#FORTIFY_SOURCE\">FORTIFY_SOURCE</ulink> protection now covers "
@@ -9370,10 +5202,8 @@ msgstr ""
#~ "systemitem>. Esta mejora es particularmente útil para aplicaciones que "
#~ "usan la biblioteca <package>glib2</package>, dado que varias de sus "
#~ "funciones usan <systemitem>vasprintf</systemitem>."
-
#~ msgid "Default Firewall Behavior"
#~ msgstr "Comportamiento Predeterminado del Cortafuego"
-
#~ msgid ""
#~ "In Fedora 9, the default firewall behavior has changed. There are no "
#~ "default ports open, except for SSH (22), which is opened by "
@@ -9382,35 +5212,27 @@ msgstr ""
#~ "En Fedora 9, el comportamiento predeterminado del cortafuego cambió. No "
#~ "hay puertos abiertos por defecto, excepto el SSH (22), que está abierto "
#~ "por <application>Anaconda</application>."
-
#~ msgid "Free IPA"
#~ msgstr "IPA Libre"
-
#~ msgid ""
#~ "Free IPA is a centrally managed identity, policy, and audit installation."
#~ msgstr ""
#~ "El IPA Libre es una instalación centralizada de administración de "
#~ "identidad, política y auditoría."
-
#~ msgid ""
#~ "The IPA server installer assumes a relatively clean system, installing "
#~ "and configuring several services:"
#~ msgstr ""
#~ "El instalador del servidor IPA asume un sistema relativamente limpio, e "
#~ "instala y configura varios servicios:"
-
#~ msgid "a Fedora Directory Server instance"
#~ msgstr "una instancia del Servidor de Directorio de Fedora"
-
#~ msgid "KDC"
#~ msgstr "KDC"
-
#~ msgid "Apache"
#~ msgstr "Apache"
-
#~ msgid "ntpd"
#~ msgstr "ntpd"
-
#~ msgid ""
#~ "Some effort is made to be able to roll back the changes made but they are "
#~ "not guaranteed. Similarly the <command>ipa-client-install</command> tool "
@@ -9421,7 +5243,6 @@ msgstr ""
#~ "pero no son garantizados. De manera similar, la herramienta <command>ipa-"
#~ "client-install</command> sobreescribe las configuraciones PAM (<filename>/"
#~ "etc/pam.conf</filename>) y Kerberos (<filename>/etc/krb5.conf</filename>)."
-
#~ msgid ""
#~ "IPA does not support other instances of Fedora Directory Server on the "
#~ "same machine at install time, even listening on different ports. In order "
@@ -9432,14 +5253,12 @@ msgstr ""
#~ "en la misma máquina al mismo momento, aún cuando escuchan en puertos "
#~ "diferentes. Para poder instalar IPA, las otras instancias deben ser "
#~ "eliminadas. IPA puede realizar esta eliminación."
-
#~ msgid ""
#~ "There is currently no mechanism for migrating existing users into an IPA "
#~ "server."
#~ msgstr ""
#~ "Actualmente no hay un mecanismo para migrar usuarios existentes en un "
#~ "servidor IPA."
-
#~ msgid ""
#~ "The server self-configures to be a client of itself. If the Directory "
#~ "Server or KDC fail to start on bootup, boot into single-user mode in "
@@ -9448,7 +5267,6 @@ msgstr ""
#~ "El servidor se autoconfigura para ser un cliente de si mismo. Si el "
#~ "Servidor de Directorio o KDC fallan al iniciar durante el arranque, "
#~ "arranque en modo monousuario para poder resolver este problema."
-
#~ msgid ""
#~ "The Fedora Project is driven by the individuals that contribute to it. As "
#~ "a tester, developer, documenter, or translator, you can make a "
@@ -9465,10 +5283,8 @@ msgstr ""
#~ "información acerca de los canales de comunicación para los usuarios de "
#~ "Fedora y los contribuyentes, vaya a <ulink url=\"http://fedoraproject.org/"
#~ "wiki/Communicate\">http://fedoraproject.org/wiki/Communicate</ulink>."
-
#~ msgid "Sound Card Utility"
#~ msgstr "Utilitario de la Placa de Sonido"
-
#~ msgid ""
#~ "The <command>system-config-soundcard</command> utility has been removed, "
#~ "due to <ulink url=\"https://www.redhat.com/archives/fedora-devel-"
@@ -9489,10 +5305,8 @@ msgstr ""
#~ "\"https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora\">informada</"
#~ "ulink>. Las preferencias todavía pueden ser personalizadas con el entorno "
#~ "de escritorio, usando, entre otras, las herramientas de PulseAudio."
-
#~ msgid "Perl"
#~ msgstr "Perl"
-
#~ msgid ""
#~ "Fedora 9 now includes Perl 5.10.0, the first \"major\" release update in "
#~ "perl5 in some time. The Perl interpreter itself is faster with a smaller "
@@ -9509,7 +5323,6 @@ msgstr ""
#~ "y empaquetadores de sistemas operativos. Perl 5.10.0 también agrega el "
#~ "operador de coincidencia inteligente nuevo, una sentencia switch, "
#~ "capturas named, variables de estado y mejores mensajes de error."
-
#~ msgid ""
#~ "The <systemitem>installonlyn</systemitem> plugin functionality has been "
#~ "folded into the core <package>yum</package> package. The "
@@ -9526,7 +5339,6 @@ msgstr ""
#~ "kernel. Puede ajustar el conjunto de paquetes o el número de paquetes, o "
#~ "deshabilitarla completamente de acuerdo a su preferencia. Más detalles "
#~ "disponibles en la página man de <filename>yum.conf</filename>."
-
#~ msgid ""
#~ "The <command>yum</command> command now retries when it detects a lock. "
#~ "This function is useful if a daemon is checking for updates, or if you "
@@ -9537,7 +5349,6 @@ msgstr ""
#~ "bloqueo. Esta función es útil si el demonio está chequeando si hay "
#~ "actualizaciones, o si está corriendo <command>yum</command> y una de sus "
#~ "interfases gráficas simultáneamente."
-
#~ msgid ""
#~ "The <command>yum</command> command now understands a cost parameter in "
#~ "its configuration file, which is the relative cost of accessing a "
@@ -9549,7 +5360,6 @@ msgstr ""
#~ "archivo de configuración, que es relativo al costo de acceder a un "
#~ "repositorio de software. Es útil para dar prioridades a los repositorios "
#~ "de paquetes. El parámetro costo por defecto es 1000."
-
#~ msgid ""
#~ "In Fedora 9 Rawhide, the <filename>/etc/yum.repos.d/fedora-development."
#~ "repo</filename> file has been changed to <filename>/etc/yum.repos.d/"
@@ -9574,10 +5384,8 @@ msgstr ""
#~ "previamente. Los usuarios del repositorio de desarrollo pueden necesitar "
#~ "actualizar los scripts de archivos de configuración personalizados para "
#~ "usar el nuevo."
-
#~ msgid "pam_mount"
#~ msgstr "pam_mount"
-
#~ msgid ""
#~ "The <systemitem>pam_mount</systemitem> facility now uses a configuration "
#~ "file written in XML. The <filename>/etc/security/pam_mount.conf</"
@@ -9599,10 +5407,8 @@ msgstr ""
#~ "archivo muestra <filename>pam_mount.conf.xml</filename> con comentarios "
#~ "detallados acerca de las opciones disponibles aparece en <filename>/etc/"
#~ "share/doc/pam_mount-*/pam_mount.conf.xml</filename>."
-
#~ msgid "TeXLive"
#~ msgstr "TeXLive"
-
#~ msgid ""
#~ "<ulink url=\"http://www.tug.org/texlive/\">TeXLive</ulink> is a "
#~ "replacement for the old, unmaintained TeX package. It offers new style "
@@ -9612,10 +5418,8 @@ msgstr ""
#~ "reemplazo del viejo paquete TeX que ya no es mantenido. Ofrece un paquete "
#~ "de nuevo estilo y corrige muchos problemas de seguridad con la "
#~ "distribución vieja."
-
#~ msgid "LTSP"
#~ msgstr "LTSP"
-
#~ msgid ""
#~ "The Linux Terminal Server Project (LTSP) has been included directly into "
#~ "Fedora 9. Work is ongoing. For the latest news and documentation, refer "
@@ -9624,10 +5428,8 @@ msgstr ""
#~ "El Proyecto de Servidor Terminal Linux (LTSP en inglés) se incluyó "
#~ "directamente en Fedora 9. Todavía se está trabajando. Para las últimas "
#~ "noticias y documentación, vaya a:"
-
#~ msgid "Utility Packages"
#~ msgstr "Paquetes de Utilitarios"
-
#~ msgid ""
#~ "The <package>nautilus-open-terminal</package> package now uses a GConf "
#~ "key to control its behavior when launched by right-clicking the Desktop. "
@@ -9639,7 +5441,6 @@ msgstr ""
#~ "derecho desde el escritorio. Para habilitar su comportamiento anterior, "
#~ "que abría la terminal resultanete en el directorio de inicio del usuario, "
#~ "use este comando:"
-
#~ msgid ""
#~ "\n"
#~ "gconftool-2 -s /apps/nautilus-open-terminal/desktop_opens_home_dir --"
@@ -9648,7 +5449,6 @@ msgstr ""
#~ "\n"
#~ "gconftool-2 -s /apps/nautilus-open-terminal/desktop_opens_home_dir --"
#~ "type=bool true\n"
-
#~ msgid ""
#~ "The <package>i810switch</package> package has been removed. This "
#~ "functionality is now available through the <command>xrandr</command> "
@@ -9657,7 +5457,6 @@ msgstr ""
#~ "El paquete <package>i810switch</package> has ido eliminado. Esta "
#~ "funcionalidad está ahora disponible a través del comando <command>xrandr</"
#~ "command> en el paquete <package>xorg-x11-server-utils</package>."
-
#~ msgid ""
#~ "The <package>system-config-firewall</package> and <package>system-config-"
#~ "selinux</package> packages replace <package>system-config-security-level</"
@@ -9668,10 +5467,8 @@ msgstr ""
#~ "config-selinux</package> reemplazan a <package>system-config-security-"
#~ "level</package>. <package>system-config-selinux</package> es parte del "
#~ "paquete <package>policycoreutils-gui</package>."
-
#~ msgid "pilot-link and HAL/PolicyKit Interaction"
#~ msgstr "Interacción entre pilot-link y HAL/PolicyKit"
-
#~ msgid ""
#~ "The <package>pilot-link</package> package now blacklists the "
#~ "<computeroutput>visor</computeroutput> module by default. Users are "
@@ -9691,14 +5488,12 @@ msgstr ""
#~ "series que se usaban en el pasado (normalmente <filename>/dev/pilot</"
#~ "filename> o <filename>/dev/ttyUSB0</filename>, <filename>/dev/ttyUSB1</"
#~ "filename>, y así sucesivamente). Por ejemplo:"
-
#~ msgid ""
#~ "\n"
#~ "pilot-xfer --port usb: --list\n"
#~ msgstr ""
#~ "\n"
#~ "pilot-xfer --port usb: --list\n"
-
#~ msgid ""
#~ "The <package>hal-info</package> and <package>hal</package> packages have "
#~ "been updated to correctly set permissions for the necessary USB devices "
@@ -9709,40 +5504,32 @@ msgstr ""
#~ "actualizaron para poner correctamente los permisos para los dispositivos "
#~ "USB necesarios usando PolicyKit. Si tiene alguna configuración manual, "
#~ "revierta los campos para evitar posibles conflictos."
-
#~ msgid ""
#~ "For further information, refer to the <filename>README.fedora</filename> "
#~ "included in the <package>pilot-link</package> package."
#~ msgstr ""
#~ "Para más información, vaya a <filename>README.fedora</filename> incluído "
#~ "en el paquete <package>pilot-link</package>."
-
#~ msgid "Release Highlights"
#~ msgstr "Puntos Sobresalientes de la Versión"
-
#~ msgid "Fedora Tour"
#~ msgstr "Paseo por Fedora"
-
#~ msgid ""
#~ "You can find a tour filled with pictures and videos of this exciting new "
#~ "release at <ulink url=\"http://fedoraproject.org/wiki/Tours/Fedora9\"/>."
#~ msgstr ""
#~ "Puede encontrar un paseo lleno de fotos y videos de esta nueva y exitante "
#~ "versión en <ulink url=\"http://fedoraproject.org/wiki/Tours/Fedora9\"/>."
-
#~ msgid "Release Summary"
#~ msgstr "Resumen del Lanzamiento"
-
#~ msgid ""
#~ "For a less technical user friendly summary of the important changes in "
#~ "this release, refer to:"
#~ msgstr ""
#~ "Para un resúmen menos técnico y amigable al usuario sobre los cambios "
#~ "importantes de este lanzamiento, vaya a:"
-
#~ msgid "New in Fedora"
#~ msgstr "Nuevo en Fedora"
-
#~ msgid ""
#~ "This release includes significant new versions of many key components and "
#~ "technologies. The following sections provide a brief overview of major "
@@ -9752,10 +5539,8 @@ msgstr ""
#~ "y tecnologías importantes. Las siguientes secciones proveen una "
#~ "descripción resumida de los cambios principales desde el último "
#~ "lanzamiento de Fedora."
-
#~ msgid "Spins"
#~ msgstr "Empaquetados"
-
#~ msgid ""
#~ "Fedora includes several different <ulink url=\"http://fedoraproject.org/"
#~ "wiki/CustomSpins\"><firstterm>spins</firstterm></ulink>, which are "
@@ -9773,7 +5558,6 @@ msgstr ""
#~ "finales. Además de la imágen <filename>boot.iso</filename> para la "
#~ "instalación en red, los usuarios tienen las siguientes opciones de "
#~ "empaquetado:"
-
#~ msgid ""
#~ "A regular Fedora image for desktops, workstations, and server users. This "
#~ "spin provides a good upgrade path and similar environment for users of "
@@ -9782,7 +5566,6 @@ msgstr ""
#~ "La imagen regular para usuarios de escritorios, estaciones de trabajos y "
#~ "servidores. Este empaquetamiento provee una buena forma de actualizar un "
#~ "entorno similar para usuarios de versiones previas de Fedora."
-
#~ msgid ""
#~ "One of several Live images that can be run from a disc or USB flash "
#~ "device, and can be installed to hard disk as desired. Refer to the <ulink "
@@ -9793,7 +5576,6 @@ msgstr ""
#~ "dispositivo USB, y se puede instalar al disco duro si se desea. Vea la "
#~ "sección <ulink url=\"http://fedoraproject.org/wiki/Docs/Beats/Live\">"
#~ "\"Viva\"</ulink> para más información sobre las imágenes Viva."
-
#~ msgid ""
#~ "More custom spins are available at <ulink url=\"http://spins."
#~ "fedoraproject.org\"/>. These Live images can be used on USB media via the "
@@ -9804,10 +5586,8 @@ msgstr ""
#~ "spins.fedoraproject.org\"/>. Recuerde que estas imágenes Vivas se pueden "
#~ "usar en medios USB vía el utilitario <package>livecd-iso-to-disk</"
#~ "package> disponible en el paquete <package>livecd-tools</package>."
-
#~ msgid "Jigdo"
#~ msgstr "Jigdo"
-
#~ msgid ""
#~ "Fedora releases are also available via Jigdo. This distribution method "
#~ "can improve the speed of obtaining the installation ISO images. Instead "
@@ -9827,7 +5607,6 @@ msgstr ""
#~ "la búsqueda de estos bits, le puede decir a Jigdo que busque un DVD o CD "
#~ "que ya tiene en su máquina, y ahorrar descargas redundantes. Esta "
#~ "característica se vuelve particularmente útil si Ud.:"
-
#~ msgid ""
#~ "Download all the test releases and then get the final release, in which "
#~ "case you have 90% of the data already with each subsequent download."
@@ -9835,20 +5614,16 @@ msgstr ""
#~ "Descargue todos los lanzamientos de prueba y luego obtenga la versión "
#~ "final, en cuyo caso tendrá cerca del 90% de los datos con cada descarga "
#~ "subsecuente."
-
#~ msgid ""
#~ "Download both the DVD and the CD set, in which case the DVD holds 95% of "
#~ "the data needed for the CD sets."
#~ msgstr ""
#~ "Descargue ambos conjuntos de DVD y CD, en cuyo caso el DVD tiene el 95% "
#~ "de los datos que se necesitan para los conjuntos de CD."
-
#~ msgid "Download any combination of the above."
#~ msgstr "Descargue cualquier combinación de las de arriba."
-
#~ msgid "Upgrading using PreUpgrade"
#~ msgstr "Actualizando usando PreUpgrade"
-
#~ msgid ""
#~ "PreUpgrade is an application users run on an existing Fedora 7 or 8 "
#~ "installation, that resolves and downloads packages required to upgrade "
@@ -9859,27 +5634,22 @@ msgstr ""
#~ "Fedora 7 o Fedora 8, que resuelve y descarga los paquetes necesarios para "
#~ "actualizar Fedora. Mientras que PreUpgrade descarga los paquetes "
#~ "necesarios, los usuarios pueden seguir usando la instalación actual."
-
#~ msgid "To use PreUpgrade to upgrade Fedora 8 to Fedora 9:"
#~ msgstr "Para usar PreUpgrade para actualizar Fedora 8 a Fedora 9:"
-
#~ msgid "Back up all important data before upgrading."
#~ msgstr "Respalde todos los datos importantes antes de actualizar."
-
#~ msgid ""
#~ "Run the <command>yum update</command> command as root to make sure all "
#~ "packages are updated to their latest versions."
#~ msgstr ""
#~ "Ejecute el comando <command>yum update</command> como root para "
#~ "asegurarse que todos los paquetes estén actualizados a la última versión."
-
#~ msgid ""
#~ "Run the <command>yum install preupgrade</command> command as root to "
#~ "install PreUpgrade."
#~ msgstr ""
#~ "Ejecutar el comando <command>yum install preupgrade</command> como root "
#~ "para instalar PreUpgrade."
-
#~ msgid ""
#~ "Select <guimenuitem>Fedora 9 (Sulphur)</guimenuitem> on the "
#~ "<computeroutput>Choose desired release</computeroutput> screen, and click "
@@ -9888,17 +5658,14 @@ msgstr ""
#~ "Seleccione <guimenuitem>Fedora 9 (Sulphur)</guimenuitem> en la pantalla "
#~ "<computeroutput>Elija la versión deseada</computeroutput> y haga clic en "
#~ "el botón <guibutton>Aplicar</guibutton>."
-
#~ msgid ""
#~ "When all of the packages have downloaded, reboot your system to start the "
#~ "Fedora 9 installer."
#~ msgstr ""
#~ "Cuando todos los paquetes se hayan descargado, reinicie su sistema para "
#~ "iniciar el instalador de Fedora 9."
-
#~ msgid "For further information, refer to the PreUpgrade Wiki:"
#~ msgstr "Para más información, vaya a esta página Wiki de PreUpgrade:"
-
#~ msgid ""
#~ "This release features <ulink url=\"http://www.gnome.org/start/2.22/notes/"
#~ "C/\">GNOME 2.22</ulink>. GNOME now includes a webcam photo and video "
@@ -9915,16 +5682,13 @@ msgstr ""
#~ "internacional, soporte para Google Calendar y etiquetas personalizadas en "
#~ "Evolution, además de Escritorio Remoto e integración con "
#~ "<application>PolicyKit</application>"
-
#~ msgid ""
#~ "KDE 4.0.3 is available in the KDE Live image as well as the regular DVD."
#~ msgstr ""
#~ "KDE 4.0.3 está ahora disponible en la imágen Viva KDE así como también en "
#~ "el DVD regular."
-
#~ msgid "Xfce 4.4.2 is available as part of this release."
#~ msgstr "Xfce 4.4.2 está disponible en este lanzamiento."
-
#~ msgid ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/NetworkManager\"> "
#~ "NetworkManager</ulink> 0.7 provides improved mobile broadband support, "
@@ -9937,7 +5701,6 @@ msgstr ""
#~ "móvil, incluyendo dispositivos GSM y CDMA, y ahora da soporte para "
#~ "múltiples dispositivos y redes ad-hoc para compartir conexiones. Ahora se "
#~ "habilita por defecto en instalaciones por DVD, CD, red e imágenes Vivas."
-
#~ msgid ""
#~ "The Fedora installer, <application>Anaconda</application>, now supports "
#~ "partition resizing for ext2/3, NTFS filesystems, creating and installing "
@@ -9953,14 +5716,12 @@ msgstr ""
#~ "de la segunda escena y los paquetes de software. Una imágen rediseñada "
#~ "más grande, <filename>boot.iso</filename> tiene ahora un instalador de "
#~ "segunda escena parcial por esta razón."
-
#~ msgid ""
#~ "Live USB images now support persistence, so your data and setting changes "
#~ "will be preserved even after rebooting."
#~ msgstr ""
#~ "Las imágnes USB Vivas ahora soportan la persistencia, para que los "
#~ "cambios a sus datos sean preservados aún después de reiniciar."
-
#~ msgid ""
#~ "<ulink url=\"http://www.packagekit.org/\">PackageKit</ulink>, a new set "
#~ "of graphical and console tools, with a framework for cross-distribution "
@@ -9978,7 +5739,6 @@ msgstr ""
#~ "vez de <application>Pup</application>. Más allá de "
#~ "<application>PackageKit</application>, la performance de <command>yum</"
#~ "command> ha sido mejorada considerablemente. "
-
#~ msgid ""
#~ "FreeIPA makes managing auditing, identity and policy processes easier by "
#~ "providing web-based and command line provisioning, and administration "
@@ -9991,7 +5751,6 @@ msgstr ""
#~ "y herramientas de administración. FreeIPA combina el poder del Servidor "
#~ "de Directorios de Fedora con FreeRADIUS, Kerberos de MIT, NTP y DNS para "
#~ "prover una solución fácil y completa."
-
#~ msgid ""
#~ "<ulink url=\"http://en.wikipedia.org/wiki/Ext4\">Ext4</ulink>, the next "
#~ "version of the mature and stable ext3 filesystem is available as a option "
@@ -10002,7 +5761,6 @@ msgstr ""
#~ "versión del sistema de archivo ext3 maduro y estable está disponible como "
#~ "una opción en este lanzamiento. Ext4 provee una performance mejorada, una "
#~ "mayor capacidad de almacenamiento y muchas otras características nuevas."
-
#~ msgid ""
#~ "This release of Fedora uses <ulink url=\"http://upstart.ubuntu.com/"
#~ "\"><application>Upstart</application></ulink>, an event-based replacement "
@@ -10011,7 +5769,6 @@ msgstr ""
#~ "Este lanzamiento de Fedora usa <ulink url=\"http://upstart.ubuntu.com/"
#~ "\"><application>Upstart</application></ulink>, un reemplazo basado en "
#~ "eventos del demonio <filename>/sbin/init</filename>."
-
#~ msgid ""
#~ "Firefox 3 (beta 5) brings a number of major improvements including a "
#~ "native look and feel, desktop integration, the new Places replacement for "
@@ -10020,7 +5777,6 @@ msgstr ""
#~ "Firefox 3 (beta 5) trae un número de mejoras importantes que incluyen una "
#~ "vista y sentir nativa, integración con el escritorio, el reemplazo "
#~ "Lugares para los marcadores y una nueva barra de direcciones mejoradas."
-
#~ msgid ""
#~ "The completely free and open source Java environment OpenJDK 6 is "
#~ "installed by default. <ulink url=\"http://fedoraproject.org/wiki/IcedTea"
@@ -10036,14 +5792,12 @@ msgstr ""
#~ "ulink> incluye un plugin de navegador basado en GCJ y esta disponible "
#~ "para las arquitecturas x86 y x86_64. GCJ esta disponible por defecto en "
#~ "la arquitectura PPC. "
-
#~ msgid ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/OpenOffice\">OpenOffice.org</"
#~ "ulink> 2.4, with many new features, is available as part of Fedora 9."
#~ msgstr ""
#~ "También está disponible <application>OpenOffice.org</application> 2.4, "
#~ "con muchas características nuevas, en Fedora 9."
-
#~ msgid ""
#~ "Fedora now includes <ulink url=\"http://perldoc.perl.org/perldelta.html"
#~ "\"><application>Perl 5.10.0</application></ulink>, which features a "
@@ -10052,17 +5806,14 @@ msgstr ""
#~ "Fedora ahora incluye <ulink url=\"http://perldoc.perl.org/perldelta.html"
#~ "\"><application>Perl 5.10.0</application></ulink>, que usa menos memoria "
#~ "e incluye otras mejoras."
-
#~ msgid ""
#~ "Fedora now includes <ulink url=\"http://www.tug.org/texlive/\">TeXLive</"
#~ "ulink> to replace the older, unmaintained TeX distribution."
#~ msgstr ""
#~ "Fedora ahora incluye <ulink url=\"http://www.tug.org/texlive/\">TeXLive</"
#~ "ulink> un reemplazo del viejo TeX que ya no es mantenido."
-
#~ msgid "Fedora 9 features a 2.6.25 based kernel."
#~ msgstr "Fedora 9 se basa en el kernel 2.6.25."
-
#~ msgid ""
#~ "Kernel crashes can be more automatically reported to <ulink url=\"http://"
#~ "www.kerneloops.org/\"/> and diagnosed in a friendly way via the "
@@ -10074,27 +5825,20 @@ msgstr ""
#~ "amigable vía el paquete <package>kerneloops</package> que se instala por "
#~ "defecto. Las firmas de las colgadas son comúnmente conocidas como oops en "
#~ "Linux."
-
#~ msgid ""
#~ "Work on the start-up and shutdown in X has yielded noticeable "
#~ "improvements."
#~ msgstr "El trabajo sobre el inicio y apagado de X mostró notables mejoras."
-
#~ msgid "Road Map"
#~ msgstr "Hoja de Ruta"
-
#~ msgid "Xiph.Org Formats"
#~ msgstr "Formatos de Ogg y de la Fundación Xiph.Org"
-
#~ msgid "MP3 Support"
#~ msgstr "Soporte MP3"
-
#~ msgid "DVD Support"
#~ msgstr "Soporte DVD"
-
#~ msgid "Flash Support"
#~ msgstr "Soporte de Flash"
-
#~ msgid ""
#~ "Fedora include a variety of tools for easily mastering and burning CDs "
#~ "and DVDs. GNOME users can burn directly from the Nautilus file manager. "
@@ -10113,24 +5857,20 @@ msgstr ""
#~ "para estas tareas. Las herramientas de consola incluyen "
#~ "<package>cdrecord</package>, <package>readcd</package>, <package>mkisofs</"
#~ "package>, y otras aplicaciones populares."
-
#~ msgid ""
#~ "\n"
#~ "yum install sendmail-cf\n"
#~ msgstr ""
#~ "\n"
#~ "yum install sendmail-cf\n"
-
#~ msgid ""
#~ "\n"
#~ "make -C /etc/mail\n"
#~ msgstr ""
#~ "\n"
#~ "make -C /etc/mail\n"
-
#~ msgid "Direct Installation"
#~ msgstr "Instalación Directa"
-
#~ msgid ""
#~ "You can add <option>liveinst</option> or <option>textinst</option> as a "
#~ "boot loader option to perform a direct installation without booting up "
@@ -10139,10 +5879,8 @@ msgstr ""
#~ "Puede agregar <option>liveinst</option> o <option>textinst</option> como "
#~ "una opción de arranque para realizar una instalación directa sin arrancar "
#~ "el CD/DVD vivo."
-
#~ msgid "Tool Changes"
#~ msgstr "Cambios en las Herramientas"
-
#~ msgid ""
#~ "Work has continued to better integrate the Live images with the rest of "
#~ "the system, and improve the tools used for building them. The "
@@ -10155,7 +5893,6 @@ msgstr ""
#~ "utilitario <command>livecd-creator</command> ahora provee un API para "
#~ "construir interfases alternativas así como herramientas para otros tipos "
#~ "de imágenes."
-
#~ msgid ""
#~ "The Fedora Legacy Project was a community-supported open source project "
#~ "to extend the lifecycle of select \"maintenance mode\" Red Hat Linux and "
@@ -10174,10 +5911,8 @@ msgstr ""
#~ "soporte de versiones viejas de Fedora Core como fue planeado. Por ahora, "
#~ "Fedora Core 4 y las versiones previas ya no son mantenidas. Fedora Core 5 "
#~ "no será más mantenida 30 días después del lanzamiento de Fedora 7."
-
#~ msgid "Legacy Repo was included in Fedora Core 6"
#~ msgstr "El Repo del Legado fue Incluído en Fedora Core 6"
-
#~ msgid ""
#~ "Fedora Core 6 shipped with a software repository configuration for Fedora "
#~ "Legacy. This repository was not enabled by default in the Fedora Core 6 "
@@ -10186,31 +5921,26 @@ msgstr ""
#~ "Fedora Core 6 viene con una configuración de repositorio de software para "
#~ "el Legado de Fedora. Este repositorio no está habilitado por defecto en "
#~ "esta versión."
-
#~ msgid ""
#~ "Tickless support for x86 64-bit systems (32-bit was added previously), "
#~ "which greatly improves power management."
#~ msgstr ""
#~ "Soporte para tickless en x86 64 bit (el soporte para 32 bit fue agregado "
#~ "previamente), lo que mejora notablemente la administración de energía."
-
#~ msgid "Some elements of the realtime kernel project."
#~ msgstr "Algunos elementos del proyecto del kernel de tiempo real."
-
#~ msgid ""
#~ "The kernel has a new version naming scheme to more closely match the "
#~ "upstream version naming scheme."
#~ msgstr ""
#~ "El kernel tiene un nuevo esquema de versión para acercarse más al esquema "
#~ "de versiones de más arriba."
-
#~ msgid ""
#~ "The kernel spec file is now named <filename>kernel.spec</filename> rather "
#~ "than <filename>kernel-2.6.spec</filename>."
#~ msgstr ""
#~ "El archivo spec del kernel se llama ahora <filename>kernel.spec</"
#~ "filename> en vez de <filename>kernel-2.6.spec</filename>."
-
#~ msgid ""
#~ "The kernel spec file has new macros that ease the kernel building "
#~ "process. Refer to <ulink url=\"http://fedoraproject.org/wiki/Docs/"
@@ -10219,7 +5949,6 @@ msgstr ""
#~ "El archivo spec del kernel tiene ahora nuevas macros que facilitan el "
#~ "proceso de construcción de kernels. Vaya a <ulink url=\"http://"
#~ "fedoraproject.org/wiki/Docs/CustomKernel\"/> para más información."
-
#~ msgid ""
#~ "The kernel in Fedora 9 no longer loads modules by default for ISA sound "
#~ "cards. Load the module by hand using the command <command>modprobe module-"
@@ -10232,10 +5961,8 @@ msgstr ""
#~ "module-name</command>, o agregue una entrada en <filename>/etc/modprobe."
#~ "conf</filename>. Por ejemplo, para Creative SoundBlaster AWE64, agregue "
#~ "la siguiente entrada:"
-
#~ msgid "OpenJDK"
#~ msgstr "OpenJDK"
-
#~ msgid ""
#~ "Fedora 9 includes OpenJDK 6, a Free Software implementation of the Java "
#~ "Platform, Standard Edition. OpenJDK 6 is not yet Java compatible; work is "
@@ -10244,13 +5971,10 @@ msgstr ""
#~ "Fedora 9 incluye OpenJDK 6, una implementación de código abierto de la "
#~ "Plataforma Java, Edición Estándar. OpenJDK 6 todavía no es Java "
#~ "compatible; todavía se están realizando trabajos para certificarlo."
-
#~ msgid "Fedora will track Sun's stable OpenJDK 6 branch."
#~ msgstr "Fedora prestará atención a la rama OpenJDK 6 estable de Sun."
-
#~ msgid "OpenJDK Replaces IcedTea"
#~ msgstr "OpenJDK reemplaza IcedTea"
-
#~ msgid ""
#~ "Sun has replaced most of the encumbrances for which IcedTea was providing "
#~ "replacements. For the rest of the encumbrances, replacements have been "
@@ -10260,31 +5984,26 @@ msgstr ""
#~ "cuales IcedTea estaba proveyendo reemplazos. Para el resto de esas cosas "
#~ "de alto nivel, los reemplazos han sido mezclados con las del proyecto "
#~ "IcedTea."
-
#~ msgid ""
#~ "IcedTea's mandate is to merge as much as possible with OpenJDK, so the "
#~ "differences between IcedTea and OpenJDK should diminish over time."
#~ msgstr ""
#~ "El mandato de IcedTea era mezclarse lo más posible con OpenJDK, para que "
#~ "las diferencias entre IcedTea y OpenJDK disminuyeran con el tiempo. "
-
#~ msgid ""
#~ "OpenJDK 6 is a stable branch, whereas OpenJDK 7 is unstable, and is not "
#~ "expected to ship a stable release until 2009."
#~ msgstr ""
#~ "OpenJDK 6 es una rama estable, mientras que OpenJDK 7 es inestable, y no "
#~ "se espera que sea estable hasta 2009."
-
#~ msgid "Sun has licensed the OpenJDK trademark for use in Fedora."
#~ msgstr "Sun ha dado licencia de OpenJDK para usarlo en Fedora."
-
#~ msgid ""
#~ "Shipping both OpenJDK 6 and IcedTea would have been confusing, and would "
#~ "have added size to the distribution."
#~ msgstr ""
#~ "Disponer de OpenJDK 6 y IcedTea hubiera sido confuso, y hubiera agregado "
#~ "tamaño a la distribución."
-
#~ msgid ""
#~ "IcedTea continues to provide autotools support ( <package>autoconf</"
#~ "package> , <package>automake</package> , <package>libtool</package> , and "
@@ -10299,10 +6018,8 @@ msgstr ""
#~ "bits, soporte de plugin, soporte Web Start y parches para integrar "
#~ "OpenJDK en Fedora. Las fuentes de IcedTea se incluyen en el SRPM "
#~ "<filename>java-1.6.0-openjdk</filename>."
-
#~ msgid "Handling Java Applets"
#~ msgstr "Manejo de los Applets de Java"
-
#~ msgid ""
#~ "Upstream OpenJDK does not provide a plugin. The Fedora OpenJDK packages "
#~ "include an adaptation of <filename>gcjwebplugin</filename>, that runs "
@@ -10314,7 +6031,6 @@ msgstr ""
#~ "aplicaciones sin firmar en un navegador, con seguridad. Este plugin esta "
#~ "empaquetado bajo el nombre de <filename>java-1.6.0-openjdk-plugin</"
#~ "filename>."
-
#~ msgid ""
#~ "The <filename>gcjwebplugin</filename> adaptation has no support for the "
#~ "<ulink url=\"https://bugzilla.redhat.com/show_bug.cgi?id=304021"
@@ -10327,7 +6043,6 @@ msgstr ""
#~ "puente bytecode-to-Javascript</ulink>, por lo que los applets que confían "
#~ "en este puente no funcionarán. Existe soporte experimental en los "
#~ "repositorios de IcedTea, pero no estan listos para Fedora. "
-
#~ msgid ""
#~ "The <filename>gcjwebplugin</filename> adaptation does not support <ulink "
#~ "url=\"https://bugzilla.redhat.com/show_bug.cgi?id=304031\">signed "
@@ -10340,7 +6055,6 @@ msgstr ""
#~ "applets firmados</ulink>. Los applets firmados funcionarán en modo no "
#~ "confiable. Existe soporte experimental en los repositorios de IcedTea, "
#~ "pero no estan listos para Fedora. "
-
#~ msgid ""
#~ "Upstream OpenJDK does not provide Web Start support. Experimental Web "
#~ "Start support via <ulink url=\"http://jnlp.sourceforge.net/netx/\">NetX</"
@@ -10351,7 +6065,6 @@ msgstr ""
#~ "experimental para Web Start vía <ulink url=\"http://jnlp.sourceforge.net/"
#~ "netx/\">NetX</ulink> está presente en el repositorio de IcedTea, pero no "
#~ "está listo para salir con Fedora."
-
#~ msgid ""
#~ "An incompatibility between Fedora and the JPackage <package>jpackage-"
#~ "utils</package> , that prevented installing JPackage's <package>jpackage-"
@@ -10362,13 +6075,10 @@ msgstr ""
#~ "package>, que evitaba instalar <package>jpackage-utils</package> de "
#~ "JPackage en Fedora, fue <ulink url=\"https://bugzilla.redhat.com/show_bug."
#~ "cgi?id=260161\">resuelta</ulink> en este lanzamiento."
-
#~ msgid "Fedora Installation Guide"
#~ msgstr "Guía de Instalación de Fedora"
-
#~ msgid "Downloading Large Files"
#~ msgstr "Descarga de Archivos Grandes"
-
#~ msgid ""
#~ "<application>Anaconda</application> tests the integrity of installation "
#~ "media by default. This function works with the CD, DVD, hard drive ISO, "
@@ -10384,7 +6094,6 @@ msgstr ""
#~ "de instalación, y antes de reportar cualquier error relativo a la "
#~ "instalación. Muchos de los errores reportados son actualmente debidos a "
#~ "CDs o DVDs mal grabados."
-
#~ msgid ""
#~ "The <command>mediacheck</command> function is highly sensitive, and may "
#~ "report some usable discs as faulty. This result is often caused by disc "
@@ -10401,7 +6110,6 @@ msgstr ""
#~ "arrancar presione cualquir tecla para entrar en el menú. Luego presione "
#~ "la tecla <keycap>Tab</keycap>, agregue la opción <option>mediacheck</"
#~ "option> a la lista de parámetros y presione <keycap>Intro</keycap>."
-
#~ msgid ""
#~ "After you complete the <command>mediacheck</command> function "
#~ "successfully, reboot to return the system to its normal state. On many "
@@ -10413,35 +6121,29 @@ msgstr ""
#~ "normal. En muchos sistemas, esto resulta en un proceso de instalación más "
#~ "rápido desde el disco. Puede saltear la opción <option>mediacheck</"
#~ "option> cuando reinicie."
-
#~ msgid "Memtest86 Availability"
#~ msgstr "Disponibilidad de Memtest86"
-
#~ msgid ""
#~ "You must boot from Installation Disc 1, the DVD, or a rescue CD in order "
#~ "to use this feature."
#~ msgstr ""
#~ "Debe arrancar desde el Disco 1 de Instalación, desde el DVD o desde un CD "
#~ "de rescate para poder usar esta característica."
-
#~ msgid "Built-in support for resizing ext2, ext3, and ntfs partitions."
#~ msgstr ""
#~ "Se incluye soporte para redimensionar particiones ext2, ext3 y ntfs."
-
#~ msgid ""
#~ "Support for installation to encrypted block devices, including the root "
#~ "filesystem."
#~ msgstr ""
#~ "Soporte para instalación en dispositivos de bloque encriptados, "
#~ "incluyendo el sistema de archivos raíz."
-
#~ msgid ""
#~ "Second stage installer location now independent of software package "
#~ "location."
#~ msgstr ""
#~ "La ubicación del instalador de la segunda escena es ahora independiente "
#~ "de la ubicación de los paquetes de software."
-
#~ msgid ""
#~ "Native installation to <systemitem>x86</systemitem> and "
#~ "<systemitem>x86_64</systemitem> machines using EFI and booting via "
@@ -10450,17 +6152,14 @@ msgstr ""
#~ "Instalación nativa en máquinas <systemitem>x86</systemitem> y "
#~ "<systemitem>x86_64</systemitem> usando EFI y arrancando vía "
#~ "<systemitem>grub</systemitem>."
-
#~ msgid ""
#~ "Hardware probing and detection now based on HAL and <systemitem>udev</"
#~ "systemitem>."
#~ msgstr ""
#~ "La prueba y detección de hardware se basa ahora en HAL y "
#~ "<systemitem>udev</systemitem>."
-
#~ msgid "Support for persistence in Live images on USB flash media."
#~ msgstr "Soporte para la persistencia el imágenes Vivas y medios flash USB."
-
#~ msgid ""
#~ "If you are upgrading to Fedora 9 and use <package>emacs</package>, you "
#~ "must upgrade to the latest version of emacs for your prior release to "
@@ -10473,40 +6172,30 @@ msgstr ""
#~ "para asegurar una actualización limpia. Los usarios de Fedora 8 deben "
#~ "tener <package>emacs-22.1-10.fc8</package> o posterior, mientras que los "
#~ "usuarios de Fedora 7 deben tener <package>emacs-22.1-7.fc7</package>."
-
#~ msgid ""
#~ "To see what version of <package>emacs</package> is installed, run the "
#~ "<command>rpm -q emacs</command> command."
#~ msgstr ""
#~ "Para ver qué versión de <package>emacs</package> está instalada, ejecute "
#~ "el comando <command>rpm -q emacs</command>"
-
#~ msgid "Internationalization (i18n)"
#~ msgstr "Internacionalización (i18n)"
-
#~ msgid "language"
#~ msgstr "lenguaje"
-
#~ msgid "Chinese fonts"
#~ msgstr "Fuentes en Chino"
-
#~ msgid "The <package>wqy-zenkai-fonts</package> package has been added."
#~ msgstr "El paquete <package>wqy-zenkai-fonts</package> fue agregado."
-
#~ msgid "Indic fonts"
#~ msgstr "Fuentes en Indi"
-
#~ msgid "The <package>samyak-fonts</package> package has been added."
#~ msgstr "El paquete <package>samyak-fonts</package> fue agregado."
-
#~ msgid ""
#~ "The <package>smc-fonts</package> package has been added for Malayalam."
#~ msgstr ""
#~ "El paquete <package>smc-fonts</package> fue agregado para Malayalam."
-
#~ msgid "Japanese fonts"
#~ msgstr "Fuentes en Japonés"
-
#~ msgid ""
#~ "<package>VLGothic-fonts</package> is the new default font for Japanese in "
#~ "Fedora 9. It now has a subpackage <package>VLGothic-fonts-proportional</"
@@ -10515,20 +6204,16 @@ msgstr ""
#~ "<package>VLGothic-fonts</package> es la nueva fuente por defecto para "
#~ "Japonés en Fedora 9. Ahora tiene un subpaquete <package>VLGothic-fonts-"
#~ "proportional</package> para su versión proporcional."
-
#~ msgid "Thai fonts"
#~ msgstr "Fuentes en Tailandés"
-
#~ msgid ""
#~ "The <package>thaifonts-scalable</package> package has been added, making "
#~ "Thai TrueType fonts available in Fedora."
#~ msgstr ""
#~ "El paquete <package>thaifonts-scalable</package> ha sido agregado, "
#~ "permitiendo que TrueType Fonts de Tailandés estén disponibles en Fedora. "
-
#~ msgid "im-chooser"
#~ msgstr "im-chooser"
-
#~ msgid ""
#~ "With the new <emphasis>imsettings</emphasis> framework, <command>im-"
#~ "chooser</command> can now start and stop Input Method usage dynamically "
@@ -10537,7 +6222,6 @@ msgstr ""
#~ "Con el nuevo marco de trabajo <emphasis>imsettings</emphasis>, "
#~ "<command>im-chooser</command> puede ahora iniciar y detener el uso de "
#~ "Métodos de Entrada dinámicamente en el Escritorio de GNOME."
-
#~ msgid ""
#~ "Input methods only start by default on desktops running in an Asian "
#~ "locale. The current list is: <systemitem>as</systemitem>, <systemitem>bn</"
@@ -10569,58 +6253,45 @@ msgstr ""
#~ "guisubmenu><guimenuitem>Método de Entrada</guimenuitem></menuchoice> para "
#~ "habilitar o deshabilitar SCIM en su escritorio. Para que los cambios "
#~ "tengan efecto, debe reiniciar la sesión de escritorio."
-
#~ msgid "SCIM hotkeys"
#~ msgstr "Teclas rápidas SCIM"
-
#~ msgid ""
#~ "SCIM now only defines trigger hotkeys for Asian languages as in the "
#~ "following table:"
#~ msgstr ""
#~ "SCIM ahora sólo define las teclas rápidas activadores para los idiomas "
#~ "asiáticos como en la siguiente tabla:"
-
#~ msgid "Hotkeys"
#~ msgstr "Teclas rápidas"
-
#~ msgid "Language"
#~ msgstr "Lenguaje"
-
#~ msgid "Trigger hotkeys"
#~ msgstr "Teclas de activación"
-
#~ msgid "Chinese"
#~ msgstr "Fuentes en Chino"
-
#~ msgid "Ctrl-Space"
#~ msgstr "Ctrl-Espacio"
-
#~ msgid ""
#~ "<code>Zenkaku_Hankaku</code>, <code>Alt-`</code>, or <code>Ctrl-Space</"
#~ "code>"
#~ msgstr ""
#~ "<code>Zenkaku_Hankaku</code>, <code>Alt-`</code>, o <code>Ctrl-Espacio</"
#~ "code>"
-
#~ msgid ""
#~ "<code>Shift-Space</code>, <code>Hangul</code>, or <code>Ctrl-Space</code>"
#~ msgstr ""
#~ "<code>Mayús-Espacio</code>, <code>Hangul</code>, o <code>Ctrl-Espacio</"
#~ "code>"
-
#~ msgid "scim-python"
#~ msgstr "scim-python"
-
#~ msgid ""
#~ "This release adds the <package>scim-python</package> package, which "
#~ "allows writing Input Method Engines for SCIM in python."
#~ msgstr ""
#~ "Este lanzamiento agrega el paquete <package>scim-python</package>, que "
#~ "permite la escritura en Máquinas de Métods de Entrada para SCIM en python."
-
#~ msgid "scim-python-chinese"
#~ msgstr "scim-python-chinese"
-
#~ msgid ""
#~ "The <package>scim-python</package> package also includes a subpackage "
#~ "<package>scim-python-pinyin</package> that provides PinYin and ShuangPin "
@@ -10636,7 +6307,6 @@ msgstr ""
#~ "el método de entrada predeterminado para Chino Simplificado. El paquete "
#~ "<package>scim-python-xingma</package> provee un número de tablas para "
#~ "otros métodos de entrada en Chino."
-
#~ msgid ""
#~ "Fedora 9 provides basic support for encrypted swap partitions and non-"
#~ "root file systems. To use it, add entries to <filename>/etc/crypttab</"
@@ -10647,7 +6317,6 @@ msgstr ""
#~ "sistemas de archivo no-root. Para usarlos, agregue entradas a <filename>/"
#~ "etc/crypttab</filename> y haga referencia a los dispositivos creados en "
#~ "<filename>/etc/fstab</filename>."
-
#~ msgid ""
#~ "New in Fedora 9, the installer <application>Anaconda</application> has "
#~ "support for creating encrypted file systems during installation. For more "
@@ -10659,7 +6328,6 @@ msgstr ""
#~ "durante la instalación. Para más información, vaya a la <ulink url="
#~ "\"http://docs.fedoraproject.org/install-guide\">Guía de Instalación de "
#~ "Fedora</ulink>."
-
#~ msgid ""
#~ "Installing to encrypted volumes, including the root file system, is now "
#~ "supported. There is no configuration tool for adding or removing keys "
@@ -10671,7 +6339,6 @@ msgstr ""
#~ "o eliminar claves a volúmenes en un momento posterior, o hacer "
#~ "modificaciones del encriptado. Vaya a la página de características para "
#~ "más información:"
-
#~ msgid ""
#~ "For full instructions on using encrypted file systems, refer to the "
#~ "<ulink url=\"http://docs.fedoraproject.org/encryption-privacy-guide"
@@ -10680,10 +6347,8 @@ msgstr ""
#~ "Para información sobre cómo utilizar sistemas de archivos encriptados, "
#~ "visita <ulink url=\"http://docs.fedoraproject.org/encryption-privacy-"
#~ "guide\">Fedora Encryption and Privacy Guide</ulink>."
-
#~ msgid "Ext4 Preview"
#~ msgstr "Vista Preliminar de Ext4"
-
#~ msgid ""
#~ "The new ext4 file system is available in Fedora 9 as a nearly feature "
#~ "complete preview. While an ext3 file system can be mounted as ext4, an "
@@ -10695,7 +6360,6 @@ msgstr ""
#~ "sistema de archivo ext3 puede ser montado como ext4, está planeada una "
#~ "herramienta de conversión de ext3 a ext4 que convierta el formato en "
#~ "disco de ext3 a ext4. Para más información acerca de esto, vea:"
-
#~ msgid ""
#~ "Fedora 9 may be installed onto an ext4 file system by adding the "
#~ "<option>ext4</option> option to the installer boot parameters and "
@@ -10704,7 +6368,6 @@ msgstr ""
#~ "Fedora 9 se puede instalar en un sistema de archivo ext4 agregando la "
#~ "opción <option>ext4</option> a los parámetros de arranque del instalador "
#~ "y seleccionando el particionado personalizado."
-
#~ msgid ""
#~ "The <command>e2fsprogs</command> userspace tools shipping with Fedora 9 "
#~ "are not yet fully ext4-capable. In particular, <command>fsck</command> "
@@ -10713,21 +6376,16 @@ msgstr ""
#~ "Las herramientas del espacio del usuario <command>e2fsprogs</command> que "
#~ "vienen en Fedora 9 no dan soporte completo de ext4. En particular la "
#~ "habilidad de <command>fsck</command> es limitada."
-
#~ msgid "For more information about this feature:"
#~ msgstr "Para más información acerca de esta característica:"
-
#~ msgid "Feedback for Release Notes Only"
#~ msgstr "Retroalimentación para las Notas de la Versión Solamente"
-
#~ msgid "This section concerns feedback on the release notes themselves."
#~ msgstr ""
#~ "Esta sección trata de la retroalimentación en las notas de la versión en "
#~ "sí mismas."
-
#~ msgid "Code Generation"
#~ msgstr "Generación de Código"
-
#~ msgid ""
#~ "Starting with <package>gcc-4.1.2-25</package> and <package>glibc-2.6.90-"
#~ "14</package> , the <option>-D_FORTIFY_SOURCE=2</option> option protects "
@@ -10742,14 +6400,12 @@ msgstr ""
#~ "hecho antes. Vaya al <ulink url=\"https://www.redhat.com/archives/fedora-"
#~ "devel-announce/2007-September/msg00015.html\">anuncio</ulink> para más "
#~ "detalle."
-
#~ msgid ""
#~ "<ulink url=\"https://www.redhat.com/archives/fedora-devel-announce/2007-"
#~ "September/msg00015.html\"/> for more details."
#~ msgstr ""
#~ "<ulink url=\"https://www.redhat.com/archives/fedora-devel-announce/2007-"
#~ "September/msg00015.html\"/> para más detalles."
-
#~ msgid ""
#~ "This release of Fedora includes Fedora Eclipse, based on the Eclipse SDK "
#~ "version 3.3.2. The 3.3.x series of releases has a <ulink url=\"http://"
@@ -10765,7 +6421,6 @@ msgstr ""
#~ "url=\"http://www.eclipse.org/eclipse/development/readme_eclipse_3.3.2.html"
#~ "\">notas del lanzamiento</ulink> específicas a la versión 3.3.2 están "
#~ "también disponibles."
-
#~ msgid ""
#~ "The Eclipse SDK is known variously as \"the Eclipse Platform,\" \"the "
#~ "Eclipse IDE,\" and \"Eclipse.\" The Eclipse SDK is the foundation for the "
@@ -10778,13 +6433,10 @@ msgstr ""
#~ "lanzamiento combinado Callisto (<ulink url=\"http://www.eclipse.org/europa"
#~ "\">http://www.eclipse.org/europa</ulink>). Algunos de estos proyectos "
#~ "Callisto se incluyen en Fedora:"
-
#~ msgid "CDT for C/C++ development:"
#~ msgstr "CDT para desarrollo C/C++:"
-
#~ msgid "GEF, the Graphical Editing Framework:"
#~ msgstr "GEF, el Marco de Trabajo de Edición Gráfica:"
-
#~ msgid ""
#~ "Mylyn, a task-focused UI for Eclipse, along with task connectors for "
#~ "Bugzilla and Trac:"
@@ -10792,25 +6444,18 @@ msgstr ""
#~ "Mylyn (<ulink url=\"http://www.eclipse.org/mylyn\">http://www.eclipse.org/"
#~ "mylyn</ulink>), una IU para Eclipse enfocada en la tarea, junto con los "
#~ "conectores de tarea para Bugzilla y Trac."
-
#~ msgid "Other Eclipse projects available in Fedora include:"
#~ msgstr "Otros proyectos Eclipse disponible en Fedora incluyen:"
-
#~ msgid "Subclipse, for integrating Subversion version control:"
#~ msgstr "Subclipse, para integrar el control de versión con Subversion:"
-
#~ msgid "PyDev, for developing in Python:"
#~ msgstr "PyDev, para el desarrollo en Python:"
-
#~ msgid "PHPeclipse, for developing in PHP:"
#~ msgstr "PHPeclipse, para el desarrollo en PHP:"
-
#~ msgid "E.P.I.C, for developing perl:"
#~ msgstr "E.P.I.C, para el desarrollo en perl:"
-
#~ msgid "Photran, for developing in Fortran:"
#~ msgstr "Photran, para el desarrollo en Fortran:"
-
#~ msgid ""
#~ "Assistance in getting more projects packaged and tested with GCJ is "
#~ "always welcome. Contact the interested parties through fedora-devel-java-"
@@ -10821,7 +6466,6 @@ msgstr ""
#~ "fedora-devel-java-list (<ulink url=\"http://www.redhat.com/mailman/"
#~ "listinfo/fedora-devel-java-list/\">http://www.redhat.com/mailman/listinfo/"
#~ "fedora-devel-java-list/</ulink>) y/o #fedora-java en freenode."
-
#~ msgid ""
#~ "Fedora also includes plugins and features that are particularly useful to "
#~ "FLOSS hackers, ChangeLog editing with <package>eclipse-changelog</"
@@ -10837,7 +6481,6 @@ msgstr ""
#~ "incluye una versión de prueba del trabajo para integrar con GNU "
#~ "Autotools. También está <package>eclipse-rpm-editor</package> para editar "
#~ "archivos spec de RPM."
-
#~ msgid ""
#~ "The latest information regarding these projects can be found at the "
#~ "Fedora Eclipse Project page:"
@@ -10845,10 +6488,8 @@ msgstr ""
#~ "La última información referida a estos proyectos la puede encontrar en la "
#~ "página de Proyecto Eclipse de Fedora: <ulink url=\"http://sourceware.org/"
#~ "eclipse/\">http://sourceware.org/eclipse/</ulink>."
-
#~ msgid "Non-packaged Plugins and Features"
#~ msgstr "Característica y Plugins no empaquetados"
-
#~ msgid ""
#~ "Fedora Eclipse allows non-root users to make use of the Update Manager "
#~ "functionality for installing non-packaged plugins and features. Such "
@@ -10860,7 +6501,6 @@ msgstr ""
#~ "para la instalación de plugins y características no empaquetadas. Tales "
#~ "plugins se instalan en el directorio de inicio del usuario, en el "
#~ "directorio <filename class=\"directory\">.eclipse</filename>."
-
#~ msgid ""
#~ "Users upgrading from Fedora 8 should be aware that cached content in "
#~ "their home directory may not be flushed properly (see Eclipse bug <ulink "
@@ -10874,10 +6514,8 @@ msgstr ""
#~ "org/bugs/show_bug.cgi?id=215034\">#215034</ulink>). Para solucionar esto, "
#~ "ejecute eclipse desde una terminal con la opción <option>-clean</option>. "
#~ "Nota: esto sólo es necesario hacerlo una vez."
-
#~ msgid "64-bit Java Runtime Environments and JNI"
#~ msgstr "Entornos de Tiempo de Ejecución de Java de 64-bit y JNI"
-
#~ msgid ""
#~ "Do not try to run Fedora's x86_64 Eclipse packages on Sun's 32-bit JRE. "
#~ "They will fail. Either switch to a 64-bit proprietary JRE, or, if "
@@ -10889,14 +6527,12 @@ msgstr ""
#~ "propietaria, o instale la versión de 32-bit de los paquetes, si están "
#~ "disponibles. Para instalar la versión de 32-bit, use el comando siguiente "
#~ "(SWT se da como ejemplo):"
-
#~ msgid ""
#~ "\n"
#~ "yum install libswt3-gtk2.i386\n"
#~ msgstr ""
#~ "\n"
#~ "yum install libswt3-gtk2.i386\n"
-
#~ msgid ""
#~ "Likewise, the 32-bit JNI libraries shipped by default on ppc64 systems do "
#~ "not run with a 64-bit JRE. To install the 64-bit version, use the "
@@ -10905,31 +6541,26 @@ msgstr ""
#~ "De la misma manera, las bibliotecas JNI de 32 bits que se dan por defecto "
#~ "en sistemas ppc64 no funcionan con un JRE de 64 bits. Para instalar la "
#~ "versión de 64 bits use el siguiente comando:"
-
#~ msgid "package_name"
#~ msgstr "package_name"
-
#~ msgid ""
#~ "\n"
#~ "yum install <placeholder-1/>.ppc64\n"
#~ msgstr ""
#~ "\n"
#~ "yum install <placeholder-1/>.ppc64\n"
-
#~ msgid ""
#~ "This release features <ulink url=\"http://www.gnome.org/start/2.22/"
#~ "\">GNOME</ulink> 2.22."
#~ msgstr ""
#~ "Esta versión tiene como característica <ulink url=\"http://www.gnome.org/"
#~ "start/2.20/\">GNOME</ulink> 2.22."
-
#~ msgid ""
#~ "The GNOME splash screen has been disabled upstream intentionally. To "
#~ "enable it, use <command>gconf-editor</command> or the following command:"
#~ msgstr ""
#~ "La pantalla splash de GNOME ha sido deshabilitada intencionalmente. Para "
#~ "habilitarla, use <command>gconf-editor</command> o el siguiente comando:"
-
#~ msgid ""
#~ "The lock screen dialog theme is not connected to the selected screensaver "
#~ "in this release. To enable it, use <command>gconf-editor</command> or the "
@@ -10938,7 +6569,6 @@ msgstr ""
#~ "El tema del diálogo para bloquear pantalla no eestá conectado al "
#~ "protector de pantalla en esta versión. Para habilitarlo, use "
#~ "<command>gconf-editor</command> o el siguiente comando:"
-
#~ msgid ""
#~ "Blinking cursors are enabled by default in this release, and are "
#~ "centrally managed via a gconf setting. To turn it off, run the following "
@@ -10947,10 +6577,8 @@ msgstr ""
#~ "Los cursores parpadeantes se habilitan por defecto en este lanzamiento, y "
#~ "son administrados centralmente vía configuración gconf. La puede "
#~ "deshabilitar ejecutando el siguiente comando:"
-
#~ msgid "Gvfs"
#~ msgstr "Gvfs"
-
#~ msgid ""
#~ "GNOME 2.22 features the new Gvfs, a userspace virtual file-system with "
#~ "back-ends for sftp, ftp, dav, smb, obexftp, and others. The Gvfs system "
@@ -10961,24 +6589,20 @@ msgstr ""
#~ "archivo virtual en el espacio del usuario, con soporte para sftp, ftp, "
#~ "dav, smb, obexftp y otros. El sistema Gvfs es el reemplazo/sucesor de "
#~ "<systemitem class=\"service\">gnome-vfs</systemitem>."
-
#~ msgid "Gvfs consists of two parts:"
#~ msgstr "Gvfs consiste de dos partes:"
-
#~ msgid ""
#~ "GIO, which is a new shared library that is part of GLib and provides the "
#~ "API for <systemitem class=\"service\">gvfs</systemitem>"
#~ msgstr ""
#~ "GIO, con una nueva biblioteca compartida que es parte de GLib y provee el "
#~ "API para <systemitem class=\"service\">gvfs</systemitem>"
-
#~ msgid ""
#~ "Gvfs itself, a package that contains back-ends for the various file "
#~ "system types and protocols"
#~ msgstr ""
#~ "Gvfs es en sí mismo un paquete que contiene soporte para varios tipos de "
#~ "sistemas de archivo y protocolos"
-
#~ msgid ""
#~ "The Gvfs system runs a single master daemon, <systemitem class=\"daemon"
#~ "\">gvfsd</systemitem>, that keeps track of the current <systemitem class="
@@ -10994,7 +6618,6 @@ msgstr ""
#~ "hablan a los montajes con una combinación de llamadas DBus (en el bus de "
#~ "sesión y usando DBus peer-to-peer) y un protocolo personalizado para "
#~ "contenidos de archivos."
-
#~ msgid ""
#~ "A few file-system types previously supported by <systemitem class="
#~ "\"service\">gnome-vfs</systemitem> may not be yet supported by "
@@ -11006,7 +6629,6 @@ msgstr ""
#~ "soportados todavía por <systemitem class=\"service\">gvfs</systemitem>. "
#~ "Todavía se está trabajando para proveer soluciones completas para todos "
#~ "estos tipos."
-
#~ msgid ""
#~ "The GNOME Display Manager (<systemitem class=\"service\">gdm</"
#~ "systemitem>) has been updated to the latest upstream code, which is a "
@@ -11016,30 +6638,24 @@ msgstr ""
#~ "systemitem>) ha sido actualizado al código del proyecto original más "
#~ "reciente, que es una reescritura completa hecha por desarrolladores de "
#~ "Fedora."
-
#~ msgid ""
#~ "power management and monitoring on the login screen, so the laptop "
#~ "hibernates or shuts down when the battery gets low"
#~ msgstr ""
#~ "la administración de energía y monitoreo en la pantalla de ingreso, para "
#~ "que las laptop hibernen o se apaguen cuando la batería esté baja"
-
#~ msgid "smarter user list"
#~ msgstr "lista de usuario más inteligente"
-
#~ msgid ""
#~ "common default background between the login window and the desktop "
#~ "session, with no intermediate flicker"
#~ msgstr ""
#~ "fondos por defecto comúnes entre la pantalla de ingreso y la sesión de "
#~ "escritorio, sin parpadeos intermedios"
-
#~ msgid "For more information on this feature:"
#~ msgstr "Para más información acerca de esta característica:"
-
#~ msgid "Other notes:"
#~ msgstr "Otras notas:"
-
#~ msgid ""
#~ "<filename>~/.Xclients</filename> and <filename>~/.xsession</filename> are "
#~ "no longer read automatically at login time. If you use either of these "
@@ -11049,7 +6665,6 @@ msgstr ""
#~ "se leen automáticamente al momento de ingreso. Si usa alguno de esos "
#~ "archivos, instale el paquete <package>xorg-x11-xinit-session</package> "
#~ "package."
-
#~ msgid ""
#~ "Due to a bug introduced at the end of the development cycle (<ulink url="
#~ "\"https://bugzilla.redhat.com/show_bug.cgi?id=445631\">bug 445631</"
@@ -11063,7 +6678,6 @@ msgstr ""
#~ "aparezca la pantalla de inicio. Los usuarios deben ingresar una vez y "
#~ "luego salir para poder seleccionar el idioma. Desafortunadamente, este "
#~ "error también afecta al CD Vivo."
-
#~ msgid ""
#~ "The shipped version of GDM does not support old style theme formats, and "
#~ "is considerably plainer than the version shipped in Fedora 8. A priority "
@@ -11072,7 +6686,6 @@ msgstr ""
#~ "La versión de GDM incluída no soporta los formatos de estilos de tema "
#~ "viejo, y es considerablemente más sensillo a la que se incluía en Fedora "
#~ "8. Una mayor estética será la prioridad para Fedora 10."
-
#~ msgid ""
#~ "<ulink url=\"http://www.kde.org/announcements/4.0/\">KDE 4.0</ulink> "
#~ "features upgrades to core components such as the port to Qt 4. It also "
@@ -11096,10 +6709,8 @@ msgstr ""
#~ "application>; y un nuevo estilo visual llamado Oxígeno. <ulink url="
#~ "\"http://kde.org/announcements/announce-4.0.3.php\">KDE 4.0.3</ulink> es "
#~ "una versión corregida de la serie de lanzamientos KDE 4.0."
-
#~ msgid "Workspace Changes"
#~ msgstr "Cambios en el Ambiente de Trabajo"
-
#~ msgid ""
#~ "<application>Plasma</application> replaces the old <application>Kicker</"
#~ "application> and <application>KDesktop</application>. "
@@ -11115,7 +6726,6 @@ msgstr ""
#~ "poner los mismos applets de <application>Plasma</application> "
#~ "(<application>plasmoids</application>) en el panel y en el escritorio, si "
#~ "el applet soporta las restricciones de tamaño impuestas por el panel."
-
#~ msgid ""
#~ "The old KDE Control Center (<application>KControl</application>) has been "
#~ "replaced by <application>System Settings</application> "
@@ -11124,7 +6734,6 @@ msgstr ""
#~ "El viejo Centro de Control KDE (<application>KControl</application>) "
#~ "ahora fue reemplazado por <application>Parámetros del Sistema</"
#~ "application> (<command>systemsettings</command>)."
-
#~ msgid ""
#~ "The <application>KDM</application> login manager uses a new theme format. "
#~ "Therefore, <application>KDM</application> themes written for KDE 3 do not "
@@ -11138,14 +6747,12 @@ msgstr ""
#~ "KDE 4. <application>KDM</application> ahora incluye soporte para la "
#~ "configuración de temas, para que la herramienta externa "
#~ "<command>kdmtheme</command> ya no sea necesaria."
-
#~ msgid ""
#~ "All the above applications can be found in the <package>kdebase-"
#~ "workspace</package> package."
#~ msgstr ""
#~ "Todas las aplicaciones precedentes se pueden encontrar en el paquete "
#~ "<package>kdebase-workspace</package>."
-
#~ msgid ""
#~ "The Qt/KDE 3 versions have been renamed <package>qt3</package> , "
#~ "<package>kdelibs3</package> , and <package>kdebase3</package> . Fedora 9 "
@@ -11156,7 +6763,6 @@ msgstr ""
#~ "<package>kdelibs3</package> y <package>kdebase3</package>. Fedora 9 sólo "
#~ "incluye partes de <package>kdebase3</package>. Vaya a la sección "
#~ "<application>Compatibilidad hacia Atrás</application> para más detalles."
-
#~ msgid ""
#~ "Upstream KDE has split the <package>kdebase</package> module into three "
#~ "modules: <package>kdebase-runtime</package> , <package>kdebase</package> "
@@ -11169,21 +6775,18 @@ msgstr ""
#~ "veces llamado <package>kdebase-apps</package> para distinguirlo de "
#~ "<package>kdebase</package> ), y <package>kdebase-workspace</package> . "
#~ "Esta division se refleja en los paquetes de Fedora. "
-
#~ msgid ""
#~ "Fedora 9 adds a <package>kdegames3</package> package containing the games "
#~ "not yet ported to KDE 4."
#~ msgstr ""
#~ "Fedora 9 agrega <package>kdegames3</package> que contiene juegos que aun "
#~ "no se migran a KDE 4."
-
#~ msgid ""
#~ "<application>Dolphin</application>, which is part of <package>kdebase</"
#~ "package> , replaces <package>d3lphin</package> ."
#~ msgstr ""
#~ "<application>Dolphin</application>, que es parte de <package>kdebase</"
#~ "package> , reemplaza <package>d3lphin</package> ."
-
#~ msgid ""
#~ "The <package>kdebase-workspace</package> package now includes support for "
#~ "<application>KDM</application> theme configuration, and therefore "
@@ -11192,7 +6795,6 @@ msgstr ""
#~ "El paquete <package>kdebase-workspace</package> ahora incluye soporte "
#~ "para el configurador de temas <application>KDM</application>, y por tanto "
#~ "hace obsoleto el <package>kdmtheme</package> ."
-
#~ msgid ""
#~ "<application>Okular</application> replaces <application>KPDF</"
#~ "application>, <application>KGhostView</application>, and "
@@ -11201,21 +6803,18 @@ msgstr ""
#~ "<application>Okular</application> reemplaza <application>KPDF</"
#~ "application>, <application>KGhostView</application>, y <application>KFax</"
#~ "application> en <package>kdegraphics</package> ."
-
#~ msgid ""
#~ "The package <package>kaider</package> replaces <application>KBabel</"
#~ "application>, which used to be part of <package>kdesdk</package> ."
#~ msgstr ""
#~ "El paquete <package>kaider</package> reemplaza <application>KBabel</"
#~ "application>, que era parte de <package>kdesdk</package>."
-
#~ msgid ""
#~ "The <package>okteta</package> package replaces <application>KHexEdit</"
#~ "application>, which used to be part of <package>kdeutils</package> ."
#~ msgstr ""
#~ "El paquete <package>okteta</package> reemplaza <application>KHexEdit</"
#~ "application>, que era parte de <package>kdeutils</package> ."
-
#~ msgid ""
#~ "The <package>kiconedit</package> and <package>kcoloredit</package> "
#~ "packages, which used to be part of <package>kdegraphics</package> , are "
@@ -11224,14 +6823,12 @@ msgstr ""
#~ "Los paquetes <package>kiconedit</package> y <package>kcoloredit</"
#~ "package>, que solían ser parte de <package>kdegraphics</package> , ahora "
#~ "se encuentran disponibles individualmente. "
-
#~ msgid ""
#~ "The package <package>kmid</package> , which used to be part of "
#~ "<package>kdemultimedia</package> , is now a separate package."
#~ msgstr ""
#~ "El paquete <package>kmid</package> , que era parte de "
#~ "<package>kdemultimedia</package> , ahora es un paquete individual. "
-
#~ msgid ""
#~ "The Fedora KDE team has decided to drop the <package>-extras</package> "
#~ "sub-packages, which contained deprecated or unstable applications, "
@@ -11240,7 +6837,6 @@ msgstr ""
#~ "El equipo de KDE de Fedora decidió eliminar los subpaquetes <package>-"
#~ "extras</package>, que contenian aplicaciones antiguas o inestables, ya "
#~ "que estas aplicaciones fueron corregidas o eliminadas en KDE 4. "
-
#~ msgid ""
#~ "The package <package>kdeadmin-kpackage</package> has been split out of "
#~ "<package>kdeadmin</package> because <application>KPackage</application> "
@@ -11249,7 +6845,6 @@ msgstr ""
#~ "El paquete<package>kdeadmin-kpackage</package> ya no es parte de "
#~ "<package>kdeadmin</package> porque <application>KPackage</application> "
#~ "ahora depende de <package>smart</package> ."
-
#~ msgid ""
#~ "KDE 4 dropped the <package>kdeaddons</package> module. Therefore, there "
#~ "is no <package>kdeaddons</package> package in Fedora 9. The "
@@ -11267,10 +6862,8 @@ msgstr ""
#~ "package> . El paquete <package>ksig</package> y <package>konq-plugins</"
#~ "package> de complementos de Konqueror son ahora sus propios paquetes, y "
#~ "<package>extragear-plasma</package> reemplaza los complementos de Kicker."
-
#~ msgid "PackageKit"
#~ msgstr "PackageKit"
-
#~ msgid ""
#~ "PackageKit is the new, default distribution-neutral package management "
#~ "framework and frontend. Refer to <ulink url=\"http://fedoraproject.org/"
@@ -11280,7 +6873,6 @@ msgstr ""
#~ "la administración de paquetes de forma neutral a la distribución. Vaya a "
#~ "<ulink url=\"http://fedoraproject.org/wiki/PackageKit\"/> para más "
#~ "detalles."
-
#~ msgid ""
#~ "The Bluetooth feature in Fedora 9 (<ulink url=\"http://fedoraproject.org/"
#~ "wiki/Features/BluetoothFedora9\">http://fedoraproject.org/wiki/Features/"
@@ -11292,7 +6884,6 @@ msgstr ""
#~ "org/wiki/Features/BluetoothFedora9\">http://fedoraproject.org/wiki/"
#~ "Features/BluetoothFedora9</ulink>) tiene algunas mejoras en esta versión. "
#~ "Las funciones nuevas de Bluetooth las puedes ver a gran detalle en:"
-
#~ msgid ""
#~ "File sending to a Bluetooth device is now handled with the "
#~ "<command>bluetooth-sendto</command> program from the <package>bluez-"
@@ -11307,7 +6898,6 @@ msgstr ""
#~ "enviar archivos en <application>Nautilus</application> desde el la "
#~ "función de contexto <guimenuitem>Send to...</guimenuitem> accesiblde "
#~ "desde un click-derecho."
-
#~ msgid ""
#~ "Pulling files from a Bluetooth device is now included in <package>gnome-"
#~ "user-share</package> , which has ObexFTP and <ulink url=\"/wiki/ObexPush"
@@ -11330,7 +6920,6 @@ msgstr ""
#~ "url=\"/wiki/ObexPush\">ObexPush</ulink> con <guimenu>Personal</"
#~ "guimenu><guisubmenu>Compartir Archivos</guisubmenu><guimenuitem>Recibir "
#~ "archivos en Descargas vía Bluetooth</guimenuitem>."
-
#~ msgid ""
#~ "Files on the remote Bluetooth device can be viewed directly in "
#~ "<application>Nautilus</application> through GVFS, which supports "
@@ -11343,17 +6932,14 @@ msgstr ""
#~ "que soporta dispositivos Bluetooth. Sincronizar un dispositivo con un "
#~ "Manejador de Información Personal (PIM) se puede hacer utilizando "
#~ "<command>gnome-pilot</command>"
-
#~ msgid ""
#~ "Browsing of Bluetooth devices is done via the right-click context menu "
#~ "from the Bluetooth icon on the desktop panel."
#~ msgstr ""
#~ "Ver dispositivos de Bluetooth se puede hacer dando click-derecho en el "
#~ "icono de Bluetooth en el panel del escritorio. "
-
#~ msgid "XULRunner"
#~ msgstr "XULRunner"
-
#~ msgid ""
#~ "Applications that require the <application>Gecko</application> engine "
#~ "have had to depend on the entirety of <application>Firefox</application>. "
@@ -11374,7 +6960,6 @@ msgstr ""
#~ "aplicaciones de Fedora que previamente utilizaban <application>Gecko</"
#~ "application> fueron compiladas para utilizar <application>XULRunner</"
#~ "application>."
-
#~ msgid ""
#~ "For a current status, visit <ulink url=\"http://fedoraproject.org/wiki/"
#~ "Features/XULRunner\">http://fedoraproject.org/wiki/Features/XULRunner</"
@@ -11387,7 +6972,6 @@ msgstr ""
#~ "ulink>. Para ayudar al desarrollo, visite <ulink url=\"http://"
#~ "fedoraproject.org/wiki/Releases/FeatureXULRunnerAPIChanges\">http://"
#~ "fedoraproject.org/wiki/Releases/FeatureXULRunnerAPIChanges</ulink>."
-
#~ msgid ""
#~ "For full upstream documentation, refer to <ulink url=\"http://developer."
#~ "mozilla.org/en/docs/XULRunner\">http://developer.mozilla.org/en/docs/"
@@ -11396,7 +6980,6 @@ msgstr ""
#~ "Para ver la documentación completa, visita <ulink url=\"http://developer."
#~ "mozilla.org/en/docs/XULRunner\">http://developer.mozilla.org/en/docs/"
#~ "XULRunner</ulink>."
-
#~ msgid ""
#~ "This release of Fedora includes version 3.0 (beta 5) of the popular "
#~ "<application>Firefox</application> web browser. Refer to <ulink url="
@@ -11413,20 +6996,16 @@ msgstr ""
#~ "sistemas de 32-bits ya que separa los complementos que ejectura en su "
#~ "propio espacio, lo cual incrementa la seguridad y confiabilidad del "
#~ "navegador. "
-
#~ msgid ""
#~ "For information about <application>Firefox</application> in Fedora, refer "
#~ "to this feature page:"
#~ msgstr ""
#~ "Para información sobre <application>Firefox</application> en Fedora, "
#~ "visite esta página:"
-
#~ msgid "http://fedoraproject.org/wiki/Features/Firefox3"
#~ msgstr "http://fedoraproject.org/wiki/Features/Firefox3"
-
#~ msgid "NSpluginwrapper"
#~ msgstr "NSpluginwrapper"
-
#~ msgid ""
#~ "<package>nspluginwrapper</package> is now installed by default, which "
#~ "makes web browser plug-ins run in a separate memory address. This "
@@ -11442,24 +7021,19 @@ msgstr ""
#~ "la seguridad, dado que Fedora 9 tiene políticas de SELinux opcionales "
#~ "para complementos incluídos, para reducir el impacto de cuestiones de "
#~ "seguridad."
-
#~ msgid "Create the 32bit mozilla plugin directory:"
#~ msgstr ""
#~ "Crear el directorio de plugin para mozilla de 32bit usando este comando:"
-
#~ msgid "Install <package>flash-plugin</package> as shown above."
#~ msgstr "Instale <package>flash-plugin</package> como se mostró arriba."
-
#~ msgid ""
#~ "Type <userinput>about:plugins</userinput> in the URL bar to ensure the "
#~ "plugin is loaded."
#~ msgstr ""
#~ "Ingrese <userinput>about:plugins</userinput> en la barra de URL para "
#~ "asegurarse que el plugin está cargado."
-
#~ msgid "Mail Clients"
#~ msgstr "Clientes de Correo"
-
#~ msgid ""
#~ "The <package>mail-notification</package> package has been split. The "
#~ "<application>Evolution</application> plug-in is now in a separate "
@@ -11472,7 +7046,6 @@ msgstr ""
#~ "paquete separado, el <package>mail-notification-evolution-plugin</"
#~ "package>. Cuando se actualice <package>mail-notification</package>, este "
#~ "complemento se agrega automáticamente."
-
#~ msgid ""
#~ "Fedora 9 includes <application>Mozilla Thunderbird</application> version "
#~ "2.0, which has numerous performance improvements, folder viewing "
@@ -11483,7 +7056,6 @@ msgstr ""
#~ "2.0, que tiene un número importante de mejoras de performance, mejoras a "
#~ "la vista de carpetas y mejor soporte para la notificación de correo. Por "
#~ "más detalle vaya a las notas del lanzamiento de Mozilla Thunderbird 2.0:"
-
#~ msgid ""
#~ "The new clock applet in the GNOME panel has expanded to support "
#~ "additional international timezones in the display, as well as weather "
@@ -11503,16 +7075,12 @@ msgstr ""
#~ "adicionales incluyen: Los usuarios pueden utilizar lugares arbitrarios en "
#~ "lugar de zonas horarias principales; Mejoras en la interfaz gráfica para "
#~ "nuevas y viejas funciones; y una integración completa del clima. "
-
#~ msgid "Read more about this feature:"
#~ msgstr "Leer mas sobre esta función:"
-
#~ msgid "http://fedoraproject.org/wiki/Releases/FeatureClockApplet"
#~ msgstr "http://fedoraproject.org/wiki/Releases/FeatureClockApplet"
-
#~ msgid "Dictionaries Consolidated"
#~ msgstr "Diccionarios Consolidados"
-
#~ msgid ""
#~ "There is a new default spell checking back-end, <command>hunspell</"
#~ "command>, for both the GNOME and KDE desktops, as well as applications "
@@ -11534,16 +7102,12 @@ msgstr ""
#~ "aplicación, lo que da sugerencias consistentes de palabras mal "
#~ "deletreadas y utiliza menos espacio en disco al eliminar diccionarios "
#~ "duplicados. "
-
#~ msgid "Details on this effort are here:"
#~ msgstr "Detalles de este esfuerzo estan aqui:"
-
#~ msgid "http://fedoraproject.org/wiki/Releases/FeatureDictionary"
#~ msgstr "http://fedoraproject.org/wiki/Releases/FeatureDictionary"
-
#~ msgid "Compiz"
#~ msgstr "Compiz"
-
#~ msgid ""
#~ "Fedora 9 ships with Compiz 0.7.2, which improves multi-display support, "
#~ "adds KDE4 support, adds a configurable middle and right-click button, and "
@@ -11555,15 +7119,12 @@ msgstr ""
#~ "configurable y acciones de la rueda del ratón para el Decorador de "
#~ "Ventanas de GTK. Compiz 0.7.s agrega muchas mejoras y correcciones de "
#~ "errores."
-
#~ msgid "For further details, refer to the Compiz 0.7.2 release announcement:"
#~ msgstr ""
#~ "Para detalles adicionales, vaya al anuncio del lanzamiento de Compiz "
#~ "0.7.2:"
-
#~ msgid "vmmouse Driver"
#~ msgstr "Controlador vmmouse"
-
#~ msgid ""
#~ "Due to a bug in the shipping <package>xorg-x11-drv-vmmouse</package> "
#~ "driver, the mouse position may not be correctly positioned on a virtual "
@@ -11578,7 +7139,6 @@ msgstr ""
#~ "actualice, agregue <option>Option NoAutoAddDevices</option> a la sección "
#~ "<option>ServerFlags</option> de <filename>/etc/X11/xorg.conf</filename> "
#~ "en la máquina invitada. Agregue la sección si es necesario:"
-
#~ msgid ""
#~ "\n"
#~ "Section \"ServerFlags\"\n"
@@ -11589,7 +7149,6 @@ msgstr ""
#~ "Section \"ServerFlags\"\n"
#~ "\tOption \"NoAutoAddDevices\"\n"
#~ "EndSection\n"
-
#~ msgid ""
#~ "Fedora now provides MySQL 5.0.51.a. For a list of the enhancements "
#~ "provided by this version, refer to <ulink url=\"http://dev.mysql.com/doc/"
@@ -11598,7 +7157,6 @@ msgstr ""
#~ "Fedora ahora provee MySQL 5.0.51.a. Para una lista de las mejoras "
#~ "provistas por esta versión, vaya a <ulink url=\"http://dev.mysql.com/doc/"
#~ "refman/5.0/en/mysql-nutshell.html\"/>."
-
#~ msgid ""
#~ "For more information on upgrading databases from previous releases of "
#~ "MySQL, refer to the MySQL website at <ulink url=\"http://dev.mysql.com/"
@@ -11607,10 +7165,8 @@ msgstr ""
#~ "Para más información acerca de la actualización de las bases de datos de "
#~ "versiones previas de MySQL, vaya al sitio web de MySQL en <ulink url="
#~ "\"http://dev.mysql.com/doc/refman/5.0/en/upgrade.html\"/>."
-
#~ msgid "DBD Driver"
#~ msgstr "Controlador DBD"
-
#~ msgid ""
#~ "The MySQL DBD driver has been dual-licensed and the related licensing "
#~ "issues have been resolved (<ulink url=\"https://bugzilla.redhat.com/"
@@ -11623,7 +7179,6 @@ msgstr ""
#~ "\"https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=222237\"/>). El "
#~ "paquete <package>apr-util-mysql</package> resultante se incluye ahora en "
#~ "los repositorios de software de Fedora."
-
#~ msgid ""
#~ "This release of Fedora includes PostgreSQL 8.3.0. For more information on "
#~ "this new version, refer to <ulink url=\"http://www.postgresql.org/"
@@ -11632,10 +7187,8 @@ msgstr ""
#~ "Esta versión de Fedora incluye PostgreSQL 8.3.0. Para más información "
#~ "acerca de esta nueva versión, vaya a <ulink url=\"http://www.postgresql."
#~ "org/docs/8.3/static/release-8-3.html\"/>."
-
#~ msgid "Upgrading Databases"
#~ msgstr "Actualización de las Bases de Datos"
-
#~ msgid ""
#~ "Before upgrading an existing Fedora system with a PostgreSQL database, "
#~ "check and then follow, if necessary, the procedure described at <ulink "
@@ -11648,35 +7201,30 @@ msgstr ""
#~ "<ulink url=\"http://www.postgresql.org/docs/8.3/interactive/install-"
#~ "upgrading.html\"/>. Sino los datos pueden no ser accesibles para la nueva "
#~ "versión de PostgreSQL."
-
#~ msgid ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/ClintSavage\">Clint Savage</"
#~ "ulink> (editor)"
#~ msgstr ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/ClintSavage\">Clint Savage</"
#~ "ulink> (editor)"
-
#~ msgid ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/MarcWiriadisastra\">Marc "
#~ "Wiriadisastra</ulink> (writer, editor)"
#~ msgstr ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/MarcWiriadisastra\">Marc "
#~ "Wiriadisastra</ulink>(escritor, editor)"
-
#~ msgid ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/MurrayMcAllister\">Murray "
#~ "McAllister</ulink> (editor)"
#~ msgstr ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/MurrayMcAllister\">Murray "
#~ "McAllister</ulink> (editor)"
-
#~ msgid ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/ThomasGier\">Thomas Gier</"
#~ "ulink> (translator - German)"
#~ msgstr ""
#~ "<ulink url=\"http://fedoraproject.org/wiki/ThomasGier\">Thomas Gier</"
#~ "ulink> (traductor - Alemán)"
-
#~ msgid ""
#~ "In addition, Fedora offers a <package>kdegames3</package> package that "
#~ "includes games not ported to KDE 4 yet, and a KDE 3 version of "
@@ -11686,21 +7234,16 @@ msgstr ""
#~ "incluye juegos que aun no se migran a KDE 4 y una versión KDE 3 de "
#~ "<package>libkdegames</package> requerida por algunos juegos de KDE 3 "
#~ "hecha por terceros. "
-
#~ msgid "64-bit IBM pSeries (POWER4/POWER5), current iSeries models"
#~ msgstr "IBM pSeries de 64 bit (POWER4/POWER5), modelos actuales iSeries"
-
#~ msgid "IBM \"Legacy\" iSeries (POWER4)"
#~ msgstr "iSeries \"Legadas\" de IBM (POWER4)"
-
#~ msgid "32-bit CHRP (IBM RS/6000 and others)"
#~ msgstr "CHRP de 32-bit (IBM RS/6000 y otros)"
-
#~ msgid "Genesi Pegasos II / Efika 5200B"
#~ msgstr "Genesi Pegasos II / Efika 5200B"
-
#~ msgid "PA Semi Electra"
#~ msgstr "PA Semi Electra"
-
#~ msgid "Sony PlayStation 3"
#~ msgstr "Sony PlayStation 3"
+
15 years, 1 month
web/html/docs/selinux-user-guide/f10/pdf Security-Enhanced_Linux.pdf, 1.1, 1.2
by Murray McAllister
Author: mdious
Update of /cvs/fedora/web/html/docs/selinux-user-guide/f10/pdf
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27668/selinux-user-guide/f10/pdf
Modified Files:
Security-Enhanced_Linux.pdf
Log Message:
- updating trademark attribution for "Type Enforcement".
- replaced all files with new build, 'just in case'...
Index: Security-Enhanced_Linux.pdf
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/pdf/Security-Enhanced_Linux.pdf,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
Binary files /tmp/cvs3WECFM and /tmp/cvsdSsDKE differ
15 years, 1 month
web/html/docs/selinux-user-guide/f10/html-single index.html, 1.1, 1.2
by Murray McAllister
Author: mdious
Update of /cvs/fedora/web/html/docs/selinux-user-guide/f10/html-single
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27668/selinux-user-guide/f10/html-single
Modified Files:
index.html
Log Message:
- updating trademark attribution for "Type Enforcement".
- replaced all files with new build, 'just in case'...
Index: index.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/html-single/index.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- index.html 24 Jan 2009 03:48:04 -0000 1.1
+++ index.html 27 Jan 2009 04:12:17 -0000 1.2
@@ -129,7 +129,7 @@
</div><div class="para">
UNIX is a registered trademark of The Open Group.
</div><div class="para">
- Type Enforcement is a trademark of Secure Computing Corporation, registered in the U.S. and in other countries. Secure Computing Corporation has not consented to the use or reference to this trademark by the author outside of this guide.
+ Type Enforcement is a trademark of Secure Computing, LLC, a wholly owned subsidiary of McAfee, Inc., registered in the U.S. and in other countries. Neither McAfee nor Secure Computing, LLC, has consented to the use or reference to this trademark by the author outside of this guide.
</div><div class="para">
Apache is a trademark of The Apache Software Foundation.
</div><div class="para">
15 years, 1 month
web/html/docs/selinux-user-guide/f10/en-US chap-Security-Enhanced_Linux-Trademark_Information.html, 1.2, 1.3
by Murray McAllister
Author: mdious
Update of /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27668/selinux-user-guide/f10/en-US
Modified Files:
chap-Security-Enhanced_Linux-Trademark_Information.html
Log Message:
- updating trademark attribution for "Type Enforcement".
- replaced all files with new build, 'just in case'...
Index: chap-Security-Enhanced_Linux-Trademark_Information.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Trademark_Information.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- chap-Security-Enhanced_Linux-Trademark_Information.html 24 Jan 2009 03:48:02 -0000 1.2
+++ chap-Security-Enhanced_Linux-Trademark_Information.html 27 Jan 2009 04:12:16 -0000 1.3
@@ -6,7 +6,7 @@
</div><div class="para">
UNIX is a registered trademark of The Open Group.
</div><div class="para">
- Type Enforcement is a trademark of Secure Computing Corporation, registered in the U.S. and in other countries. Secure Computing Corporation has not consented to the use or reference to this trademark by the author outside of this guide.
+ Type Enforcement is a trademark of Secure Computing, LLC, a wholly owned subsidiary of McAfee, Inc., registered in the U.S. and in other countries. Neither McAfee nor Secure Computing, LLC, has consented to the use or reference to this trademark by the author outside of this guide.
</div><div class="para">
Apache is a trademark of The Apache Software Foundation.
</div><div class="para">
15 years, 1 month
web/html/docs/selinux-user-guide/f10/en-US sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html, NONE, 1.1 sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html, NONE, 1.1 sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html, NONE, 1.1 appe-Security-Enhanced_Linux-Revision_History.html, 1.2, 1.3 chap-Security-Enhanced_Linux-Confining_Users.html, 1.1, 1.2 chap-Security-Enhanced_Linux-Further_Information.html, 1.1, 1.2 chap-Se
by Murray McAllister
Author: mdious
Update of /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23851/selinux-user-guide/f10/en-US
Modified Files:
appe-Security-Enhanced_Linux-Revision_History.html
chap-Security-Enhanced_Linux-Confining_Users.html
chap-Security-Enhanced_Linux-Further_Information.html
chap-Security-Enhanced_Linux-Introduction.html
chap-Security-Enhanced_Linux-SELinux_Contexts.html
chap-Security-Enhanced_Linux-Targeted_Policy.html
chap-Security-Enhanced_Linux-Trademark_Information.html
chap-Security-Enhanced_Linux-Troubleshooting.html
chap-Security-Enhanced_Linux-Working_with_SELinux.html
index.html pr01s02.html
pref-Security-Enhanced_Linux-Preface.html
sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html
sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html
sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html
sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html
sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html
sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html
sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html
sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html
sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html
sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html
sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html
sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html
sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html
sect-Security-Enhanced_Linux-Introduction-Examples.html
sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html
sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html
sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html
sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html
sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html
sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html
sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html
sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html
sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html
sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html
sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html
sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html
sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html
sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html
sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html
sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html
sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html
sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html
sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html
sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html
sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html
sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html
sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html
sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html
sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html
sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html
sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html
Added Files:
sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html
sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html
sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html
Log Message:
- updating content for multi-page HTML.
- adding single-page HTML content.
- adding PDF.
- updating index.php to reflect above mentioned changes.
--- NEW FILE sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html ---
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.6.3. Booleans for NFS and CIFS</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans"/><link rel="prev" href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html" title="5.6.2. Configuring Booleans"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html" title="5.7. SELinux Contexts - Labeling Files"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Com
mon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS">5.6.3. Booleans for NFS and CIFS</h3></div></div></div><div class="para">
By default, NFS mounts on the client side are labeled with a default context defined by policy for NFS file systems. In common policies, this default context uses the <code class="computeroutput">nfs_t</code> type. Also, by default, Samba shares mounted on the client side are labeled with a default context defined by policy. In common policies, this default context uses the <code class="computeroutput">cifs_t</code> type.
</div><div class="para">
Depending on policy configuration, services may not be able to read files labeled with the <code class="computeroutput">nfs_t</code> or <code class="computeroutput">cifs_t</code> types. This may prevent file systems labeled with these types from being mounted and then read or exported by other services. Booleans can be turned on or off to control which services are allowed to access the <code class="computeroutput">nfs_t</code> and <code class="computeroutput">cifs_t</code> types.
</div><div class="para">
The <code class="command">setsebool</code> and <code class="command">semanage</code> commands must be run as the Linux root user. The <code class="command">setsebool -P</code> command makes persistent changes. Do not use the <code class="option">-P</code> option if you do not want changes to persist across reboots:
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_NFS_and_CIFS-Apache_HTTP_Server">Apache HTTP Server</h5>
To allow access to NFS file systems (files labeled with the <code class="computeroutput">nfs_t</code> type):
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P httpd_use_nfs on</code>
</div><div class="para">
To allow access to Samba file systems (files labeled with the <code class="computeroutput">cifs_t</code> type):
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P httpd_use_cifs on</code>
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_NFS_and_CIFS-Samba">Samba</h5>
To export NFS file systems:
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P samba_share_nfs on</code>
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_NFS_and_CIFS-FTP_vsftpd">FTP (<code class="systemitem">vsftpd</code>)</h5>
To allow access to NFS file systems:
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P allow_ftpd_use_nfs on</code>
</div><div class="para">
To allow access to Samba file systems:
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P allow_ftpd_use_cifs on</code>
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_NFS_and_CIFS-Other_Services">Other Services</h5>
For a list of NFS related Booleans for other services:
</div><div class="para">
<code class="command">/usr/sbin/semanage boolean -l | grep nfs</code>
</div><div class="para">
For a list of Samba related Booleans for other services:
</div><div class="para">
<code class="command">/usr/sbin/semanage boolean -l | grep cifs</code>
</div><div class="note"><h2>Note</h2><div class="para">
These Booleans exist in SELinux policy as shipped with Fedora 10. They may not exist in policy shipped with other versions of Fedora or other operating systems.
</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html"><strong>Prev</strong>5.6.2. Configuring Booleans</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html"><strong>Next</strong>5.7. SELinux Contexts - Labeling Files</a></li></ul></body></html>
--- NEW FILE sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html ---
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.6. Booleans for Users Executing Applications</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html" title="6.5. xguest: Kiosk Mode"/><link rel="next" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png
" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Troubleshooting.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications">6.6. Booleans for Users Executing Applications</h2></div></div></div><div class="para">
Not allowing Linux users to execute applications (which inherit users' permissions) in their home directories and <code class="filename">/tmp/</code>, which they have write access to, helps prevent flawed or malicious applications from modifying files users' own. In Fedora 10, by default, Linux users in the <code class="computeroutput">guest_t</code> and <code class="computeroutput">xguest_t</code> domains can not execute applications in their home directories or <code class="filename">/tmp/</code>; however, by default, Linux users in the <code class="computeroutput">user_t</code> and <code class="computeroutput">staff_t</code> domains can.
</div><div class="para">
Booleans are available to change this behavior, and are configured with the <code class="command">setsebool</code> command. The <code class="command">setsebool</code> command must be run as the Linux root user. The <code class="command">setsebool -P</code> command makes persistent changes. Do not use the <code class="option">-P</code> option if you do not want changes to persist across reboots:
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_Users_Executing_Applications-guest_t">guest_t</h5>
To <span class="emphasis"><em>allow</em></span> Linux users in the <code class="computeroutput">guest_t</code> domain to execute applications in their home directories and <code class="filename">/tmp/</code>:
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P allow_guest_exec_content on</code>
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_Users_Executing_Applications-xguest_t">xguest_t</h5>
To <span class="emphasis"><em>allow</em></span> Linux users in the <code class="computeroutput">xguest_t</code> domain to execute applications in their home directories and <code class="filename">/tmp/</code>:
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P allow_xguest_exec_content on</code>
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_Users_Executing_Applications-user_t">user_t</h5>
To <span class="emphasis"><em>prevent</em></span> Linux users in the <code class="computeroutput">user_t</code> domain from executing applications in their home directories and <code class="filename">/tmp/</code>:
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P allow_user_exec_content off</code>
</div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Booleans_for_Users_Executing_Applications-staff_t">staff_t</h5>
To <span class="emphasis"><em>prevent</em></span> Linux users in the <code class="computeroutput">staff_t</code> domain from executing applications in their home directories and <code class="filename">/tmp/</code>:
</div><div class="para">
<code class="command">/usr/sbin/setsebool -P allow_staff_exec_content off</code>
</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Prev</strong>6.5. xguest: Kiosk Mode</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Troubleshooting.html"><strong>Next</strong>Chapter 7. Troubleshooting</a></li></ul></body></html>
--- NEW FILE sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html ---
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.4. SELinux on Other Operating Systems</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/><link rel="prev" href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html" title="2.3. SELinux Architecture"/><link rel="next" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Do
cumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems">2.4. SELinux on Other Operating Systems</h2></div></div></div><div class="para">
Refer to the following for information about running SELinux on operating systems:
</div><div class="itemizedlist"><ul><li><div class="para">
Hardened Gentoo: <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml</a>.
</div></li><li><div class="para">
Debian: <a href="http://wiki.debian.org/SELinux">http://wiki.debian.org/SELinux</a>.
</div></li><li><div class="para">
Ubuntu: <a href="https://wiki.ubuntu.com/SELinux">https://wiki.ubuntu.com/SELinux</a> and <a href="https://help.ubuntu.com/community/SELinux">https://help.ubuntu.com/community/SELinux</a>.
</div></li><li><div class="para">
Red Hat Enterprise Linux: <a href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deploy...">Red Hat Enterprise Linux Deployment Guide</a> and <a href="http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/">Red Hat Enterprise Linux 4 SELinux Guide</a>.
</div></li><li><div class="para">
Fedora: <a href="http://fedoraproject.org/wiki/SELinux">http://fedoraproject.org/wiki/SELinux</a> and the <a href="http://docs.fedoraproject.org/selinux-faq-fc5/">Fedora Core 5 SELinux FAQ</a>.
</div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html"><strong>Prev</strong>2.3. SELinux Architecture</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html"><strong>Next</strong>Chapter 3. SELinux Contexts</a></li></ul></body></html>
Index: appe-Security-Enhanced_Linux-Revision_History.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/appe-Security-Enhanced_Linux-Revision_History.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- appe-Security-Enhanced_Linux-Revision_History.html 24 Nov 2008 23:53:52 -0000 1.2
+++ appe-Security-Enhanced_Linux-Revision_History.html 24 Jan 2009 03:48:02 -0000 1.3
@@ -1,8 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Appendix A. Revision History</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="chap-Security-Enhanced_Linux-Further_Information.html" title="Chapter 8. Further Information"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Appendix A. Revision History</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Further_Information.html"><strong>Prev</strong></a></li><li class="next"/></ul><div class="appendix" lang="en-US"><div class="titlepage"><div><div><h1 id="appe-Security-Enhanced_Linux-Revision_History" class="title">Revision
History</h1></div></div></div><p>
- <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 1.0</td><td align="left">Tuesday November 25 2008</td><td align="left"><span class="author"><span class="firstname">Murray</span> <span class="surname">McAllister</span></span></td></tr><tr><td align="left" colspan="3">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Appendix A. Revision History</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="chap-Security-Enhanced_Linux-Further_Information.html" title="Chapter 8. Further Information"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Further_Information.html"><strong>Prev</strong></a
></li><li class="next"/></ul><div class="appendix" lang="en-US"><div class="titlepage"><div><div><h1 id="appe-Security-Enhanced_Linux-Revision_History" class="title">Revision History</h1></div></div></div><div class="para">
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 1.2</td><td align="left">Mon Jan 19 2009</td><td align="left"><span class="author"><span class="firstname">Murray</span> <span class="surname">McAllister</span></span></td></tr><tr><td align="left" colspan="3">
+ <table class="simplelist" border="0" summary="Simple list"><tr><td>Updating hyperlinks to NSA websites</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.1</td><td align="left">Sat Dec 6 2008</td><td align="left"><span class="author"><span class="firstname">Murray</span> <span class="surname">McAllister</span></span></td></tr><tr><td align="left" colspan="3">
+ <table class="simplelist" border="0" summary="Simple list"><tr><td>Resolving <a href="https://bugzilla.redhat.com/show_bug.cgi?id=472986">Red Hat Bugzilla #472986, "httpd does not write to /etc/httpd/logs/"</a></td></tr><tr><td>Added new section, "6.6. Booleans for Users Executing Applications"</td></tr><tr><td>Minor text revisions</td></tr></table>
+ </td></tr><tr><td align="left">Revision 1.0</td><td align="left">Tue Nov 25 2008</td><td align="left"><span class="author"><span class="firstname">Murray</span> <span class="surname">McAllister</span></span></td></tr><tr><td align="left" colspan="3">
<table class="simplelist" border="0" summary="Simple list"><tr><td>Initial content release on <a href="http://docs.fedoraproject.org/">http://docs.fedoraproject.org/</a></td></tr></table>
</td></tr></table></div>
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Further_Information.html"><strong>Prev</strong>Chapter 8. Further Information</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Further_Information.html"><strong>Prev</strong>Chapter 8. Further Information</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-Confining_Users.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Confining_Users.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-Confining_Users.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-Confining_Users.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,19 +1,19 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 6. Confining Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html" title="5.10.5. Archiving Files with star"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html" title="6.2. Confining New Linux Users: useradd"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 6. Confining Users</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archivi
ng_Files_with_star.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Confining_Users">Chapter 6. Confining Users</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Confining_Users.html#sect-Security-Enhanced_Linux-Confining_Users-Linux_and_SELinux_User_Mappings">6.1. Linux and SELinux User Mappings</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html">6.2. Confining New Linux Users: useradd</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html">6.3. Confining Existing Linux Users: semanage
login</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html">6.4. Changing the Default Mapping</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html">6.5. xguest: Kiosk Mode</a></span></dt></dl></div><p>
- A number of confined SELinux users are available in Fedora 10. Each Linux user is mapped to an SELinux user via SELinux policy, allowing Linux users to inherit the restrictions on SELinux users, for example (depending on the user), not being able to: run the X Window System, use networking, run setuid applications (unless SELinux policy permits it), or run the <code class="command">su</code> and <code class="command">sudo</code> commands to become the Linux root user. This helps protect the system from the user. Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html" title="4.3. Confined and Unconfined Users">Section 4.3, “Confined and Unconfined Users”</a> for further information about confined users in Fedora 10.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Linux_and_SELinux_User_Mappings">6.1. Linux and SELinux User Mappings</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 6. Confining Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html" title="5.10.5. Archiving Files with star"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html" title="6.2. Confining New Linux Users: useradd"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Confining_Users">Chapter 6. Confining Users</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Confining_Users.html#sect-Security-Enhanced_Linux-Confining_Users-Linux_and_SELinux_User_Mappings">6.1. Linux and SELinux User Mappings</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html">6.2. Confining New Linux Users: useradd</a></span></dt>
<dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html">6.3. Confining Existing Linux Users: semanage login</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html">6.4. Changing the Default Mapping</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html">6.5. xguest: Kiosk Mode</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html">6.6. Booleans for Users Executing Applications</a></span></dt></dl></div><div class="para">
+ A number of confined SELinux users are available in Fedora 10. Each Linux user is mapped to an SELinux user via SELinux policy, allowing Linux users to inherit the restrictions on SELinux users, for example (depending on the user), not being able to: run the X Window System; use networking; run setuid applications (unless SELinux policy permits it); or run the <code class="command">su</code> and <code class="command">sudo</code> commands to become the Linux root user. This helps protect the system from the user. Refer to <a href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html" title="4.3. Confined and Unconfined Users">Section 4.3, “Confined and Unconfined Users”</a> for further information about confined users in Fedora 10.
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Linux_and_SELinux_User_Mappings">6.1. Linux and SELinux User Mappings</h2></div></div></div><div class="para">
As the Linux root user, run the <code class="command">semanage login -l</code> command to view the mapping between Linux users and SELinux users:
- </p><pre class="screen"># /usr/sbin/semanage login -l
+ </div><pre class="screen"># /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
-</pre><p>
+</pre><div class="para">
In Fedora 10, Linux users are mapped to the SELinux <code class="computeroutput">__default__</code> login by default (which is mapped to the SELinux <code class="computeroutput">unconfined_u</code> user). When a Linux user is created with the <code class="command">useradd</code> command, if no options are specified, they are mapped to the SELinux <code class="computeroutput">unconfined_u</code> user. The following defines the default-mapping:
- </p><pre class="screen">
+ </div><pre class="screen">
__default__ unconfined_u s0-s0:c0.c1023
</pre></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html"><strong>Prev</strong>5.10.5. Archiving Files with star</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html"><strong>Next</strong>6.2. Confining New Linux Users: useradd</a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-Further_Information.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Further_Information.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-Further_Information.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-Further_Information.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,54 +1,54 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 8. Further Information</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html" title="7.3.8. Allowing Access: audit2allow"/><link rel="next" href="appe-Security-Enhanced_Linux-Revision_History.html" title="Appendix A. Revision History"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 8. Further Information</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Prev</strong></a></l
i><li class="next"><a accesskey="n" href="appe-Security-Enhanced_Linux-Revision_History.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Further_Information">Chapter 8. Further Information</h2></div></div></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-The_National_Security_Agency_NSA">The National Security Agency (NSA)</h5>
- From the NSA <a href="http://www.nsa.gov/selinux/info/contrib.cfm">Contributors to SELinux</a> page:
- <p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 8. Further Information</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html" title="7.3.8. Allowing Access: audit2allow"/><link rel="next" href="appe-Security-Enhanced_Linux-Revision_History.html" title="Appendix A. Revision History"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a><
/p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="appe-Security-Enhanced_Linux-Revision_History.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Further_Information">Chapter 8. Further Information</h2></div></div></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-The_National_Security_Agency_NSA">The National Security Agency (NSA)</h5>
+ From the NSA <a href="http://www.nsa.gov/research/selinux/contrib.shtml">Contributors to SELinux</a> page:
+ </div><div class="para">
<span class="emphasis"><em>Researchers in NSA's National Information Assurance Research Laboratory (NIARL) designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in Linux 2.6. NSA has also led the development of similar controls for the X Window System (XACE/XSELinux) and for Xen (XSM/Flask).</em></span>
- </p><div class="itemizedlist"><ul><li><p>
- Main SELinux website: <a href="http://www.nsa.gov/selinux/">http://www.nsa.gov/selinux/</a>.
- </p></li><li><p>
- SELinux documentation: <a href="http://www.nsa.gov/selinux/info/docs.cfm">http://www.nsa.gov/selinux/info/docs.cfm</a>.
- </p></li><li><p>
- SELinux background: <a href="http://www.nsa.gov/selinux/info/">http://www.nsa.gov/selinux/info/</a>.
- </p></li></ul></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-Tresys_Technology">Tresys Technology</h5>
+ </div><div class="itemizedlist"><ul><li><div class="para">
+ Main SELinux website: <a href="http://www.nsa.gov/research/selinux/index.shtml">http://www.nsa.gov/research/selinux/index.shtml</a>.
+ </div></li><li><div class="para">
+ SELinux documentation: <a href="http://www.nsa.gov/research/selinux/docs.shtml">http://www.nsa.gov/research/selinux/docs.shtml</a>.
+ </div></li><li><div class="para">
+ SELinux background: <a href="http://www.nsa.gov/research/selinux/background.shtml">http://www.nsa.gov/research/selinux/background.shtml</a>.
+ </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-Tresys_Technology">Tresys Technology</h5>
<a href="http://www.tresys.com/">Tresys Technology</a> are the upstream for:
- <div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
<a href="http://userspace.selinuxproject.org/trac/">SELinux userland libraries and tools</a>.
- </p></li><li><p>
+ </div></li><li><div class="para">
<a href="http://oss.tresys.com/projects/refpolicy">SELinux Reference Policy</a>.
- </p></li></ul></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-SELinux_News">SELinux News</h5>
- <div class="itemizedlist"><ul><li><p>
+ </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-SELinux_News">SELinux News</h5>
+ <div class="itemizedlist"><ul><li><div class="para">
News: <a href="http://selinuxnews.org/wp/">http://selinuxnews.org/wp/</a>.
- </p></li><li><p>
+ </div></li><li><div class="para">
Planet SELinux (blogs): <a href="http://selinuxnews.org/planet/">http://selinuxnews.org/planet/</a>.
- </p></li></ul></div>
- <h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-SELinux_Project_Wiki">SELinux Project Wiki</h5>
- <div class="itemizedlist"><ul><li><p>
+ </div></li></ul></div>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-SELinux_Project_Wiki">SELinux Project Wiki</h5>
+ <div class="itemizedlist"><ul><li><div class="para">
Main page: <a href="http://selinuxproject.org/page/Main_Page">http://selinuxproject.org/page/Main_Page</a>.
- </p></li><li><p>
+ </div></li><li><div class="para">
User resources, including links to documentation, mailing lists, websites, and tools: <a href="http://selinuxproject.org/page/User_Resources">http://selinuxproject.org/page/User_Resources</a>.
- </p></li></ul></div>
- <h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-Red_Hat_Enterprise_Linux">Red Hat Enterprise Linux</h5>
- <div class="itemizedlist"><ul><li><p>
+ </div></li></ul></div>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-Red_Hat_Enterprise_Linux">Red Hat Enterprise Linux</h5>
+ <div class="itemizedlist"><ul><li><div class="para">
The <a href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deploy...">Red Hat Enterprise Linux Deployment Guide</a> contains an SELinux <a href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deploy...">References</a> section, that has links to SELinux tutorials, general information, and the technology behind SELinux.
- </p></li><li><p>
+ </div></li><li><div class="para">
The <a href="http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide...">Red Hat Enterprise Linux 4 SELinux Guide</a>.
- </p></li></ul></div>
- <h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-Fedora">Fedora</h5>
- <div class="itemizedlist"><ul><li><p>
+ </div></li></ul></div>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-Fedora">Fedora</h5>
+ <div class="itemizedlist"><ul><li><div class="para">
Main page: <a href="http://fedoraproject.org/wiki/SELinux">http://fedoraproject.org/wiki/SELinux</a>.
- </p></li><li><p>
+ </div></li><li><div class="para">
Troubleshooting: <a href="http://fedoraproject.org/wiki/SELinux/Troubleshooting">http://fedoraproject.org/wiki/SELinux/Troubleshooting</a>.
- </p></li><li><p>
+ </div></li><li><div class="para">
Fedora Core 5 SELinux FAQ: <a href="http://docs.fedoraproject.org/selinux-faq-fc5/">http://docs.fedoraproject.org/selinux-faq-fc5/</a>.
- </p></li></ul></div>
- <h5 class="formalpara" id="d0e6654">The UnOfficial SELinux FAQ</h5>
+ </div></li></ul></div>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-The_UnOfficial_SELinux_FAQ">The UnOfficial SELinux FAQ</h5>
<a href="http://www.crypt.gen.nz/selinux/faq.html">http://www.crypt.gen.nz/selinux/faq.html</a>
- <h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-IRC">IRC</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Further_Information-IRC">IRC</h5>
On <a href="http://freenode.net/">Freenode</a>:
- <div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
#selinux
- </p></li><li><p>
+ </div></li><li><div class="para">
#fedora-selinux
- </p></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Prev</strong>7.3.8. Allowing Access: audit2allow</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="appe-Security-Enhanced_Linux-Revision_History.html"><strong>Next</strong>Appendix A. Revision History</a></li></ul></body></html>
\ No newline at end of file
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Prev</strong>7.3.8. Allowing Access: audit2allow</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="appe-Security-Enhanced_Linux-Revision_History.html"><strong>Next</strong>Appendix A. Revision History</a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-Introduction.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Introduction.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-Introduction.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-Introduction.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,48 +1,48 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 2. Introduction</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="chap-Security-Enhanced_Linux-Trademark_Information.html" title="Chapter 1. Trademark Information"/><link rel="next" href="sect-Security-Enhanced_Linux-Introduction-Examples.html" title="2.2. Examples"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 2. Introduction</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Trademark_Information.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-
Introduction-Examples.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Introduction">Chapter 2. Introduction</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Introduction.html#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux">2.1. Benefits of running SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-Examples.html">2.2. Examples</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html">2.3. SELinux Architecture</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating_Systems.html">2.4. SELinux on Other Operating Systems</a></span></dt></dl></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 2. Introduction</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="chap-Security-Enhanced_Linux-Trademark_Information.html" title="Chapter 1. Trademark Information"/><link rel="next" href="sect-Security-Enhanced_Linux-Introduction-Examples.html" title="2.2. Examples"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"
><a accesskey="p" href="chap-Security-Enhanced_Linux-Trademark_Information.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-Examples.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Introduction">Chapter 2. Introduction</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Introduction.html#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux">2.1. Benefits of running SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-Examples.html">2.2. Examples</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html">2.3. SELinux Architecture</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-S
ELinux_on_Other_Operating_Systems.html">2.4. SELinux on Other Operating Systems</a></span></dt></dl></div><div class="para">
Files, such as directories and devices, are called objects. Processes, such as a user running a command or the <span class="trademark">Mozilla</span>®<span class="trademark"> Firefox</span>® application, are called subjects. Most operating systems use a Discretionary Access Control (DAC) system that controls how subjects interact with objects, and how subjects interact with each other. On operating systems using DAC, users control the permissions of files (objects) that they own. For example, on <span class="trademark">Linux</span>® operating systems, users can make their home directories world-readable, giving users and processes (subjects) access to potentially sensitive information.
- </p><p>
- DAC mechanisms are fundamentally inadequate for strong system security. DAC access decisions are only based on user identity and ownership, ignoring other security-relevant information such as the role of the user, the function and trustworthiness of the program, and the sensitivity and integrity of the data. Each user has complete discretion over their files, making it impossible to enforce a system-wide security policy. Furthermore, every program run by a user inherits all of the permissions granted to the user and is free to change access to the user's files, so no protection is provided against malicious software. Many system services and privileged programs must run with coarse-grained privileges that far exceed their requirements, so that a flaw in any one of these programs can be exploited to obtain complete system access.<sup>[<a id="d0e465" href="#ftn.d0e465" class="footnote">1</a>]</sup>
- </p><p>
+ </div><div class="para">
+ DAC mechanisms are fundamentally inadequate for strong system security. DAC access decisions are only based on user identity and ownership, ignoring other security-relevant information such as the role of the user, the function and trustworthiness of the program, and the sensitivity and integrity of the data. Each user has complete discretion over their files, making it impossible to enforce a system-wide security policy. Furthermore, every program run by a user inherits all of the permissions granted to the user and is free to change access to the user's files, so no protection is provided against malicious software. Many system services and privileged programs must run with coarse-grained privileges that far exceed their requirements, so that a flaw in any one of these programs can be exploited to obtain complete system access.<sup>[<a id="d0e465" href="#ftn.d0e465">1</a>]</sup>
+ </div><div class="para">
The following is an example of permissions used on Linux operating systems that do not run Security-Enhanced Linux (SELinux). The permissions in these examples may differ from your system. Use the <code class="command">ls -l</code> command to view file permissions:
- </p><pre class="screen">$ ls -l file1
+ </div><pre class="screen">$ ls -l file1
-rwxrw-r-- 1 user1 group1 0 2008-11-21 15:42 file1
-</pre><p>
+</pre><div class="para">
The first three permission bits, <code class="computeroutput">rwx</code>, control the access the Linux <code class="computeroutput">user1</code> user (in this case, the owner) has to <code class="filename">file1</code>. The next three permission bits, <code class="computeroutput">rw-</code>, control the access the Linux <code class="computeroutput">group1</code> group has to <code class="filename">file1</code>. The last three permission bits, <code class="computeroutput">r--</code>, control the access everyone else has to <code class="filename">file1</code>, which includes all users and processes.
- </p><p>
- Security-Enhanced Linux (SELinux) adds Mandatory Access Control (MAC) to the Linux kernel, and is enabled by default in Fedora. A general purpose MAC architecture needs the ability to enforce an administratively-set security policy over all processes and files in the system, basing decisions on labels containing a variety of security-relevant information. When properly implemented, it enables a system to adequately defend itself and offers critical support for application security by protecting against the tampering with, and bypassing of, secured applications. MAC provides strong separation of applications that permits the safe execution of untrustworthy applications. Its ability to limit the privileges associated with executing processes limits the scope of potential damage that can result from the exploitation of vulnerabilities in applications and system services. MAC enables information to be protected from legitimate users with limited authorization as well as from a
uthorized users who have unwittingly executed malicious applications.<sup>[<a id="d0e507" href="#ftn.d0e507" class="footnote">2</a>]</sup>
- </p><p>
+ </div><div class="para">
+ Security-Enhanced Linux (SELinux) adds Mandatory Access Control (MAC) to the Linux kernel, and is enabled by default in Fedora. A general purpose MAC architecture needs the ability to enforce an administratively-set security policy over all processes and files in the system, basing decisions on labels containing a variety of security-relevant information. When properly implemented, it enables a system to adequately defend itself and offers critical support for application security by protecting against the tampering with, and bypassing of, secured applications. MAC provides strong separation of applications that permits the safe execution of untrustworthy applications. Its ability to limit the privileges associated with executing processes limits the scope of potential damage that can result from the exploitation of vulnerabilities in applications and system services. MAC enables information to be protected from legitimate users with limited authorization as well as from a
uthorized users who have unwittingly executed malicious applications.<sup>[<a id="d0e507" href="#ftn.d0e507">2</a>]</sup>
+ </div><div class="para">
The following is an example of the labels containing security-relevant information that are used on processes, Linux users, and files, on Linux operating systems that run SELinux. This information is called the SELinux context, and is viewed using the <code class="command">ls -Z</code> command:
- </p><pre class="screen">$ ls -Z file1
+ </div><pre class="screen">$ ls -Z file1
-rwxrw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-</pre><p>
+</pre><div class="para">
In this example, SELinux provides a user (<code class="computeroutput">unconfined_u</code>), a role (<code class="computeroutput">object_r</code>), a type (<code class="computeroutput">user_home_t</code>), and a level (<code class="computeroutput">s0</code>). This information is used to make access control decisions. With DAC, access is controlled based only on Linux user and group IDs. SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Introduction-Linux_and_SELinux_Users">Linux and SELinux Users</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Introduction-Linux_and_SELinux_Users">Linux and SELinux Users</h5>
On Linux operating systems that run SELinux, there are Linux users as well as SELinux users. SELinux users are part of SELinux policy. Linux users are mapped to SELinux users. To avoid confusion, this guide uses "Linux user" and "SELinux user" to differentiate between the two.
- <div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux">2.1. Benefits of running SELinux</h2></div></div></div><div class="itemizedlist"><ul><li><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux">2.1. Benefits of running SELinux</h2></div></div></div><div class="itemizedlist"><ul><li><div class="para">
All processes and files are labeled with a type. A type defines a domain for processes, and a type for files. Processes are separated from each other by running in their own domains, and SELinux policy rules define how processes interact with files, as well as how processes interact with each other. Access is only allowed if an SELinux policy rule exists that specifically allows it.
- </p></li><li><p>
+ </div></li><li><div class="para">
Fine-grained access control. Stepping beyond traditional <span class="trademark">UNIX</span>® permissions that are controlled at user discretion and based on Linux user and group IDs, SELinux access decisions are based on all available information, such as an SELinux user, role, type, and, optionally, a level.
- </p></li><li><p>
+ </div></li><li><div class="para">
SELinux policy is administratively-defined, enforced system-wide, and is not set at user discretion.
- </p></li><li><p>
+ </div></li><li><div class="para">
Reduced vulnerability to privilege escalation attacks. One example: since processes run in domains, and are therefore separated from each other, and SELinux policy rules define how processes access files and other processes, if a process is compromised, the attacker only has access to the normal functions of that process, and to files the process has been configured to have access to. For example, if the Apache HTTP Server is compromised, an attacker can not use that process to read files in user home directories, unless a specific SELinux policy rule was added or configured to allow such access.
- </p></li><li><p>
+ </div></li><li><div class="para">
SELinux can be used to enforce data confidentiality and integrity, as well as protecting processes from untrusted inputs.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
SELinux is not:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
antivirus software.
- </p></li><li><p>
+ </div></li><li><div class="para">
a replacement for passwords, firewalls, or other security systems.
- </p></li><li><p>
+ </div></li><li><div class="para">
an all-in-one security solution.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
SELinux is designed to enhance existing security solutions, not replace them. Even when running SELinux, continue to follow good security practices, such as keeping software up-to-date, using hard-to-guess passwords, firewalls, and so on.
- </p></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e465" href="#d0e465" class="para">1</a>] </sup>
- "Integrating Flexible Support for Security Policies into the Linux Operating System", by Peter Loscocco and Stephen Smalley. This paper was originally prepared for the National Security Agency and is, consequently, in the public domain. Refer to the <a href="http://www.nsa.gov/selinux/papers/freenix01/freenix01.html">original paper</a> for details and the document as it was first released. Any edits and changes were done by Murray McAllister.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e507" href="#d0e507" class="para">2</a>] </sup>
- "Meeting Critical Security Objectives with Security-Enhanced Linux", by Peter Loscocco and Stephen Smalley. This paper was originally prepared for the National Security Agency and is, consequently, in the public domain. Refer to the <a href="http://www.nsa.gov/selinux/papers/ottawa01/index.html">original paper</a> for details and the document as it was first released. Any edits and changes were done by Murray McAllister.
+ </div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e465" href="#d0e465">1</a>] </sup>
+ "Integrating Flexible Support for Security Policies into the Linux Operating System", by Peter Loscocco and Stephen Smalley. This paper was originally prepared for the National Security Agency and is, consequently, in the public domain. Refer to the <a href="http://www.nsa.gov/research/_files/selinux/papers/freenix01/index.shtml">original paper</a> for details and the document as it was first released. Any edits and changes were done by Murray McAllister.
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e507" href="#d0e507">2</a>] </sup>
+ "Meeting Critical Security Objectives with Security-Enhanced Linux", by Peter Loscocco and Stephen Smalley. This paper was originally prepared for the National Security Agency and is, consequently, in the public domain. Refer to the <a href="http://www.nsa.gov/research/_files/selinux/papers/ottawa01/index.shtml">original paper</a> for details and the document as it was first released. Any edits and changes were done by Murray McAllister.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Trademark_Information.html"><strong>Prev</strong>Chapter 1. Trademark Information</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-Examples.html"><strong>Next</strong>2.2. Examples</a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-SELinux_Contexts.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-SELinux_Contexts.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-SELinux_Contexts.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-SELinux_Contexts.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,17 +1,17 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 3. SELinux Contexts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating_Systems.html" title="2.4. SELinux on Other Operating Systems"/><link rel="next" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html" title="3.2. SELinux Contexts for Processes"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 3. SELinux Contexts</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating
_Systems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-SELinux_Contexts">Chapter 3. SELinux Contexts</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-SELinux_Contexts.html#sect-Security-Enhanced_Linux-SELinux_Contexts-Domain_Transitions">3.1. Domain Transitions</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html">3.2. SELinux Contexts for Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html">3.3. SELinux Contexts for Users</a></span></dt></dl></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 3. SELinux Contexts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html" title="2.4. SELinux on Other Operating Systems"/><link rel="next" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html" title="3.2. SELinux Contexts for Processes"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_
right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-SELinux_Contexts">Chapter 3. SELinux Contexts</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-SELinux_Contexts.html#sect-Security-Enhanced_Linux-SELinux_Contexts-Domain_Transitions">3.1. Domain Transitions</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html">3.2. SELinux Contexts for Processes</a></span></dt><dt><span class="section"><a href="sect-S
ecurity-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html">3.3. SELinux Contexts for Users</a></span></dt></dl></div><div class="para">
Processes and files are labeled with an SELinux context that contains additional information, such as an SELinux user, role, type, and, optionally, a level. When running SELinux, all of this information is used to make access control decisions. In Fedora 10, SELinux provides a combination of Role-Based Access Control (RBAC), <span class="trademark">Type Enforcement</span>® (TE), and, optionally, Multi-Level Security (MLS).
- </p><p>
+ </div><div class="para">
The following is an example SELinux context. SELinux contexts are used on processes, Linux users, and files, on Linux operating systems that run SELinux. Use the <code class="command">ls -Z</code> command to view the SELinux context of files and directories:
- </p><pre class="screen">$ ls -Z file1
+ </div><pre class="screen">$ ls -Z file1
-rwxrw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-</pre><p>
+</pre><div class="para">
SELinux contexts follow the <span class="emphasis"><em>SELinux user:role:type:level</em></span> syntax:
- </p><div class="variablelist"><dl><dt><span class="term"><span class="emphasis"><em>SELinux user</em></span></span></dt><dd><p>
+ </div><div class="variablelist"><dl><dt><span class="term"><span class="emphasis"><em>SELinux user</em></span></span></dt><dd><div class="para">
The SELinux user identity is an identity known to the policy that is authorized for a specific set of roles, and for a specific MLS range. Each Linux user is mapped to an SELinux user via SELinux policy. This allows Linux users to inherit the restrictions on SELinux users. The mapped SELinux user identity is used in the SELinux context for processes in that session, in order to bound what roles and levels they can enter. Run the <code class="command">semanage login -l</code> command as the Linux root user to view a list of mappings between SELinux and Linux user accounts:
- </p><pre class="screen">
+ </div><pre class="screen">
# /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
@@ -19,42 +19,42 @@
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
-</pre><p>
+</pre><div class="para">
Output may differ from system to system. The <code class="computeroutput">Login Name</code> column lists Linux users, and the the <code class="computeroutput">SELinux User</code> column lists which SELinux user is mapped to which Linux user. For processes, the SELinux user limits which roles and levels are accessible. The last column, <code class="computeroutput">MLS/MCS Range</code>, is the level used by Multi-Level Security (MLS) and Multi-Category Security (MCS). Levels are briefly discussed later.
- </p></dd><dt><span class="term"><span class="emphasis"><em>role</em></span></span></dt><dd><p>
+ </div></dd><dt><span class="term"><span class="emphasis"><em>role</em></span></span></dt><dd><div class="para">
Part of SELinux is the Role-Based Access Control (RBAC) security model. The role is an attribute of RBAC. SELinux users are authorized for roles, and roles are authorized for domains. The role serves as an intermediary between domains and SELinux users. The roles that can be entered determine which domains can be entered - ultimately, this controls which object types can be accessed. This helps reduce vulnerability to privilege escalation attacks.
- </p></dd><dt><span class="term"><span class="emphasis"><em>type</em></span></span></dt><dd><p>
+ </div></dd><dt><span class="term"><span class="emphasis"><em>type</em></span></span></dt><dd><div class="para">
The type is an attribute of Type Enforcement. The type defines a domain for processes, and a type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
- </p></dd><dt><span class="term"><span class="emphasis"><em>level</em></span></span></dt><dd><p>
+ </div></dd><dt><span class="term"><span class="emphasis"><em>level</em></span></span></dt><dd><div class="para">
The level is an attribute of MLS and Multi-Category Security (MCS). An MLS range is a pair of levels, written as <span class="emphasis"><em>lowlevel-highlevel</em></span> if the levels differ, or <span class="emphasis"><em>lowlevel</em></span> if the levels are identical (<code class="computeroutput">s0-s0</code> is the same as <code class="computeroutput">s0</code>). Each level is a sensitivity-category pair, with categories being optional. If there are categories, the level is written as <span class="emphasis"><em>sensitivity:category-set</em></span>. If there are no categories, it is written as <span class="emphasis"><em>sensitivity</em></span>.
- </p><p>
+ </div><div class="para">
If the category set is a contiguous series, it can be abbreviated. For example, <code class="computeroutput">c0.c3</code> is the same as <code class="computeroutput">c0,c1,c2,c3</code>. The <code class="filename">/etc/selinux/targeted/setrans.conf</code> file maps levels (<code class="computeroutput">s0:c0</code>) to human-readable form (<code class="computeroutput">CompanyConfidential</code>). Do not edit <code class="filename">setrans.conf</code> with a text editor: use <code class="command">semanage</code> to make changes. Refer to the <span class="citerefentry"><span class="refentrytitle">semanage</span>(8)</span> manual page for further information. In Fedora 10, targeted policy enforces MCS, and in MCS, there is one sensitivity, <code class="computeroutput">s0</code>. MCS in Fedora 10 supports 1024 different categories: <code class="computeroutput">c0</code> through to <code class="computeroutput">c1023</code>. <code class="computeroutput">s0-s0:c0.c1023</code> is
sensitivity <code class="computeroutput">s0</code> and authorized for all categories.
- </p><p>
+ </div><div class="para">
MLS enforces the <a href="http://en.wikipedia.org/wiki/Bell-LaPadula_model">Bell-LaPadula Mandatory Access Model</a>, and is used in Labeled Security Protection Profile (LSPP) environments. To use MLS restrictions, install the <span class="package">selinux-policy-mls</span> package, and configure MLS to be the default SELinux policy. The MLS policy shipped with Fedora omits many program domains that were not part of the evaluated configuration, and therefore, MLS on a desktop workstation is unusable (no support for the X Window System); however, an MLS policy from the <a href="http://oss.tresys.com/projects/refpolicy">upstream SELinux Reference Policy</a> can be built that includes all program domains.
- </p></dd></dl></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts-Domain_Transitions">3.1. Domain Transitions</h2></div></div></div><p>
+ </div></dd></dl></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts-Domain_Transitions">3.1. Domain Transitions</h2></div></div></div><div class="para">
A process in one domain transitions to another domain by executing an application that has the <code class="computeroutput">entrypoint</code> type for the new domain. The <code class="computeroutput">entrypoint</code> permission is used in SELinux policy, and controls which applications can be used to enter a domain. The following example demonstrates a domain transition:
- </p><div class="orderedlist"><ol><li><p>
- A users wants to change their password. To change their password, they run the <code class="command">passwd</code> application. The <code class="filename">/usr/bin/passwd</code> file is labeled with the <code class="computeroutput">passwd_exec_t</code> type:
- </p><pre class="screen">$ ls -Z /usr/bin/passwd
+ </div><div class="orderedlist"><ol><li><div class="para">
+ A users wants to change their password. To change their password, they run the <code class="command">passwd</code> application. The <code class="filename">/usr/bin/passwd</code> executable is labeled with the <code class="computeroutput">passwd_exec_t</code> type:
+ </div><pre class="screen">$ ls -Z /usr/bin/passwd
-rwsr-xr-x root root system_u:object_r:passwd_exec_t:s0 /usr/bin/passwd
-</pre><p>
- The <span class="application"><strong>passwd</strong></span> application accesses <code class="filename">/etc/shadow</code>, which is labeled with the <code class="computeroutput">shadow_t</code> type:
- </p><pre class="screen">$ ls -Z /etc/shadow
+</pre><div class="para">
+ The <span><strong class="application">passwd</strong></span> application accesses <code class="filename">/etc/shadow</code>, which is labeled with the <code class="computeroutput">shadow_t</code> type:
+ </div><pre class="screen">$ ls -Z /etc/shadow
-r-------- root root system_u:object_r:shadow_t:s0 /etc/shadow
-</pre></li><li><p>
- An SELinux policy rule states that processes running in the <code class="computeroutput">passwd_t</code> domain are allowed to read and write to files labeled with the <code class="computeroutput">shadow_t</code> type. Only files and their back up copies that are required for a password change, such as <code class="filename">/etc/gshadow</code>, <code class="filename">/etc/gshadow-</code> and <code class="filename">/etc/shadow</code>, are labeled with the <code class="computeroutput">shadow_t</code> type.
- </p></li><li><p>
+</pre></li><li><div class="para">
+ An SELinux policy rule states that processes running in the <code class="computeroutput">passwd_t</code> domain are allowed to read and write to files labeled with the <code class="computeroutput">shadow_t</code> type. The <code class="computeroutput">shadow_t</code> type is only applied to files that are required for a password change. This includes <code class="filename">/etc/gshadow</code>, <code class="filename">/etc/shadow</code>, and their backup files.
+ </div></li><li><div class="para">
An SELinux policy rule states that the <code class="computeroutput">passwd_t</code> domain has <code class="computeroutput">entrypoint</code> permission to the <code class="computeroutput">passwd_exec_t</code> type.
- </p></li><li><p>
- When a user runs the <code class="command">/usr/bin/passwd</code> application, the user's shell process transitions to the <code class="computeroutput">passwd_t</code> domain. With SELinux, since the default action is to deny, and a rule exists that allows (among other things) applications running in the <code class="computeroutput">passwd_t</code> domain to access files labeled with the <code class="computeroutput">shadow_t</code> type, the <span class="application"><strong>passwd</strong></span> application is allowed to access <code class="filename">/etc/shadow</code>, and update the user's password.
- </p></li></ol></div><p>
+ </div></li><li><div class="para">
+ When a user runs the <code class="command">/usr/bin/passwd</code> application, the user's shell process transitions to the <code class="computeroutput">passwd_t</code> domain. With SELinux, since the default action is to deny, and a rule exists that allows (among other things) applications running in the <code class="computeroutput">passwd_t</code> domain to access files labeled with the <code class="computeroutput">shadow_t</code> type, the <span><strong class="application">passwd</strong></span> application is allowed to access <code class="filename">/etc/shadow</code>, and update the user's password.
+ </div></li></ol></div><div class="para">
This example is not exhaustive, and is used as a basic example to explain domain transition. Although there is an actual rule that allows subjects running in the <code class="computeroutput">passwd_t</code> domain to access objects labeled with the <code class="computeroutput">shadow_t</code> file type, other SELinux policy rules must be met before the subject can transition to a new domain. In this example, Type Enforcement ensures:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
the <code class="computeroutput">passwd_t</code> domain can only be entered by executing an application labeled with the <code class="computeroutput">passwd_exec_t</code> type; can only execute from authorized shared libraries, such as the <code class="computeroutput">lib_t</code> type; and can not execute any other applications.
- </p></li><li><p>
+ </div></li><li><div class="para">
only authorized domains, such as <code class="computeroutput">passwd_t</code>, can write to files labeled with the <code class="computeroutput">shadow_t</code> type. Even if other processes are running with superuser privileges, those processes can not write to files labeled with the <code class="computeroutput">shadow_t</code> type, as they are not running in the <code class="computeroutput">passwd_t</code> domain.
- </p></li><li><p>
- only authorized domains can transition to the <code class="computeroutput">passwd_t</code> domain. For example, the <code class="systemitem">sendmail</code> process running in the <code class="computeroutput">sendmail_t</code> domain does not have a legitimate reason to execute <code class="command">/usr/bin/passwd</code>; therefore, it can never transition to the <code class="computeroutput">passwd_t</code> domain.
- </p></li><li><p>
- processes running in the <code class="computeroutput">passwd_t</code> domain can only read and write to authorized types, such as files labeled with the <code class="computeroutput">etc_t</code> or <code class="computeroutput">shadow_t</code> types. This prevents the <span class="application"><strong>passwd</strong></span> application from being tricked into reading or writing arbitrary files.
- </p></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating_Systems.html"><strong>Prev</strong>2.4. SELinux on Other Operating Systems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html"><strong>Next</strong>3.2. SELinux Contexts for Processes</a></li></ul></body></html>
\ No newline at end of file
+ </div></li><li><div class="para">
+ only authorized domains can transition to the <code class="computeroutput">passwd_t</code> domain. For example, the <code class="systemitem">sendmail</code> process running in the <code class="computeroutput">sendmail_t</code> domain does not have a legitimate reason to execute <code class="command">passwd</code>; therefore, it can never transition to the <code class="computeroutput">passwd_t</code> domain.
+ </div></li><li><div class="para">
+ processes running in the <code class="computeroutput">passwd_t</code> domain can only read and write to authorized types, such as files labeled with the <code class="computeroutput">etc_t</code> or <code class="computeroutput">shadow_t</code> types. This prevents the <span><strong class="application">passwd</strong></span> application from being tricked into reading or writing arbitrary files.
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html"><strong>Prev</strong>2.4. SELinux on Other Operating Systems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html"><strong>Next</strong>3.2. SELinux Contexts for Processes</a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-Targeted_Policy.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Targeted_Policy.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-Targeted_Policy.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-Targeted_Policy.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,38 +1,40 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 4. Targeted Policy</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html" title="3.3. SELinux Contexts for Users"/><link rel="next" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html" title="4.2. Unconfined Processes"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 4. Targeted Policy</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html"><strong>Prev</strong></a
></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Targeted_Policy">Chapter 4. Targeted Policy</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Targeted_Policy.html#sect-Security-Enhanced_Linux-Targeted_Policy-Confined_Processes">4.1. Confined Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html">4.2. Unconfined Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html">4.3. Confined and Unconfined Users</a></span></dt></dl></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 4. Targeted Policy</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html" title="3.3. SELinux Contexts for Users"/><link rel="next" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html" title="4.2. Unconfined Processes"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site
"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Targeted_Policy">Chapter 4. Targeted Policy</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Targeted_Policy.html#sect-Security-Enhanced_Linux-Targeted_Policy-Confined_Processes">4.1. Confined Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html">4.2. Unconfined Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html"
>4.3. Confined and Unconfined Users</a></span></dt></dl></div><div class="para">
Targeted policy is the default SELinux policy used in Fedora 10. When using targeted policy, processes that are targeted run in a confined domain, and processes that are not targeted run in an unconfined domain. For example, by default, logged in users run in the <code class="computeroutput">unconfined_t</code> domain, and system processes started by init run in the <code class="computeroutput">initrc_t</code> domain - both of these domains are unconfined.
- </p><p>
+ </div><div class="para">
Unconfined domains (as well as confined domains) are subject to executable and writeable memory checks. By default, subjects running in an unconfined domain can not allocate writeable memory and execute it. This reduces vulnerability to <a href="http://en.wikipedia.org/wiki/Buffer_overflow">buffer overflow attacks</a>. These memory checks are disable by setting Booleans, which allow the SELinux policy to be modified at runtime. Boolean configuration is discussed later.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_Processes">4.1. Confined Processes</h2></div></div></div><p>
- Almost every process that has network access is confined in Fedora 10. Most processes that run as the Linux root user and perform tasks for users, such as the <span class="application"><strong>passwd</strong></span> application, are confined. When a process is confined, it runs in its own domain, such as the <code class="systemitem">httpd</code> process running in the <code class="computeroutput">httpd_t</code> domain. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited.
- </p><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_Processes">4.1. Confined Processes</h2></div></div></div><div class="para">
+ Almost every service that listens on a network is confined in Fedora 10. Also, most processes that run as the Linux root user and perform tasks for users, such as the <span><strong class="application">passwd</strong></span> application, are confined. When a process is confined, it runs in its own domain, such as the <code class="systemitem">httpd</code> process running in the <code class="computeroutput">httpd_t</code> domain. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited.
+ </div><div class="para">
The following example demonstrates how SELinux prevents the Apache HTTP Server (<code class="systemitem">httpd</code>) from reading files that are not correctly labeled, such as files intended for use by Samba. This is an example, and should not be used in production. It assumes that the <span class="package">httpd</span>, <span class="package">wget</span>, <span class="package">setroubleshoot-server</span>, and <span class="package">audit</span> packages are installed, that the SELinux targeted policy is used, and that SELinux is running in enforcing mode:
- </p><div class="orderedlist"><ol><li><p>
- Run the <code class="command">/usr/sbin/sestatus</code> command to confirm that SELinux is enabled, is running in enforcing mode, and that targeted policy is being used:
- </p><pre class="screen">SELinux status: enabled
+ </div><div class="orderedlist"><ol><li><div class="para">
+ Run the <code class="command">sestatus</code> command to confirm that SELinux is enabled, is running in enforcing mode, and that targeted policy is being used:
+ </div><pre class="screen">
+$ /usr/sbin/sestatus
+SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 23
Policy from config file: targeted
-</pre><p>
+</pre><div class="para">
<code class="computeroutput">SELinux status: enabled</code> is returned when SELinux is enabled. <code class="computeroutput">Current mode: enforcing</code> is returned when SELinux is running in enforcing mode. <code class="computeroutput">Policy from config file: targeted</code> is returned when the SELinux targeted policy is used.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">touch /var/www/html/testfile</code> command to create a file.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">ls -Z /var/www/html/testfile</code> command to view the SELinux context:
- </p><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/testfile
-</pre><p>
- By default, Linux users run unconfined in Fedora 10, which is why the <code class="filename">testfile</code> file is labeled with the SELinux <code class="computeroutput">unconfined_u</code> user. RBAC is used for processes, not files. Roles do not have a meaning for files - the <code class="computeroutput">object_r</code> role is a generic role used for files (on persistent storage and network file systems). Under the <code class="filename">/proc/</code> directory, files related to processes may use the <code class="computeroutput">system_r</code> role.<sup>[<a id="d0e1219" href="#ftn.d0e1219" class="footnote">6</a>]</sup> The <code class="computeroutput">httpd_sys_content_t</code> type allows the <code class="systemitem">httpd</code> process to access this file.
- </p></li><li><p>
- As the Linux root user, run the <code class="command">/sbin/service httpd start</code> command to start the <code class="systemitem">httpd</code> process. The output is as follows if <code class="systemitem">httpd</code> starts successfully:
- </p><pre class="screen"># /sbin/service httpd start
+ </div><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/testfile
+</pre><div class="para">
+ By default, Linux users run unconfined in Fedora 10, which is why the <code class="filename">testfile</code> file is labeled with the SELinux <code class="computeroutput">unconfined_u</code> user. RBAC is used for processes, not files. Roles do not have a meaning for files - the <code class="computeroutput">object_r</code> role is a generic role used for files (on persistent storage and network file systems). Under the <code class="filename">/proc/</code> directory, files related to processes may use the <code class="computeroutput">system_r</code> role.<sup>[<a id="d0e1213" href="#ftn.d0e1213">6</a>]</sup> The <code class="computeroutput">httpd_sys_content_t</code> type allows the <code class="systemitem">httpd</code> process to access this file.
+ </div></li><li><div class="para">
+ As the Linux root user, run the <code class="command">service httpd start</code> command to start the <code class="systemitem">httpd</code> process. The output is as follows if <code class="systemitem">httpd</code> starts successfully:
+ </div><pre class="screen"># /sbin/service httpd start
Starting httpd: [ OK ]
-</pre></li><li><p>
- Change into a directory where your Linux user has write access to, and run the <code class="command">wget http://localhost/testfile</code> command. Unless there are any changes to the default configuration, this command succeeds:
- </p><pre class="screen">--2008-09-06 23:00:01-- http://localhost/testfile
+</pre></li><li><div class="para">
+ Change into a directory where your Linux user has write access to, and run the <code class="command">wget http://localhost/testfile</code> command. Unless there are changes to the default configuration, this command succeeds:
+ </div><pre class="screen">--2008-09-06 23:00:01-- http://localhost/testfile
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
@@ -42,41 +44,41 @@
[ <=> ] 0 --.-K/s in 0s
2008-09-06 23:00:01 (0.00 B/s) - `testfile' saved [0/0]
-</pre></li><li><p>
- The <code class="command">/usr/bin/chcon</code> command relabels files; however, such label changes do not survive when the file system is relabeled. For permanent changes that survive a file system relabel, use the <code class="command">semanage</code> command, which is discussed later. As the Linux root user, run the following command to change the type to a type used by Samba:
- </p><p>
- <code class="command">/usr/bin/chcon -t samba_share_t /var/www/html/testfile</code>
- </p><p>
+</pre></li><li><div class="para">
+ The <code class="command">chcon</code> command relabels files; however, such label changes do not survive when the file system is relabeled. For permanent changes that survive a file system relabel, use the <code class="command">semanage</code> command, which is discussed later. As the Linux root user, run the following command to change the type to a type used by Samba:
+ </div><div class="para">
+ <code class="command">chcon -t samba_share_t /var/www/html/testfile</code>
+ </div><div class="para">
Run the <code class="command">ls -Z /var/www/html/testfile</code> command to view the changes:
- </p><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:samba_share_t:s0 /var/www/html/testfile
-</pre></li><li><p>
- Note: the current DAC permissions allow the <code class="systemitem">httpd</code> process access to <code class="filename">testfile</code>. Change into a directory where your Linux user has write access to, and run the <code class="command">wget http://localhost/testfile</code> command. Unless there are any changes to the default configuration, this command fails:
- </p><pre class="screen">--2008-09-06 23:00:54-- http://localhost/testfile
+ </div><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:samba_share_t:s0 /var/www/html/testfile
+</pre></li><li><div class="para">
+ Note: the current DAC permissions allow the <code class="systemitem">httpd</code> process access to <code class="filename">testfile</code>. Change into a directory where your Linux user has write access to, and run the <code class="command">wget http://localhost/testfile</code> command. Unless there are changes to the default configuration, this command fails:
+ </div><pre class="screen">--2008-09-06 23:00:54-- http://localhost/testfile
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2008-09-06 23:00:54 ERROR 403: Forbidden.
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">rm -i /var/www/html/testfile</code> command to remove <code class="filename">testfile</code>.
- </p></li><li><p>
- If you do not require <code class="systemitem">httpd</code> to be running, as the Linux root user, run the <code class="command">/sbin/service httpd stop</code> command to stop <code class="systemitem">httpd</code>:
- </p><pre class="screen"># /sbin/service httpd stop
+ </div></li><li><div class="para">
+ If you do not require <code class="systemitem">httpd</code> to be running, as the Linux root user, run the <code class="command">service httpd stop</code> command to stop <code class="systemitem">httpd</code>:
+ </div><pre class="screen"># /sbin/service httpd stop
Stopping httpd: [ OK ]
-</pre></li></ol></div><p>
+</pre></li></ol></div><div class="para">
This example demonstrates the additional security added by SELinux. Although DAC rules allowed the <code class="systemitem">httpd</code> process access to <code class="filename">testfile</code> in step 7, because the file was labeled with a type that the <code class="systemitem">httpd</code> process does not have access to, SELinux denied access. After step 7, an error similar to the following is logged to <code class="filename">/var/log/messages</code>:
- </p><pre class="screen">Sep 6 23:00:54 localhost setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr"
+ </div><pre class="screen">Sep 6 23:00:54 localhost setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr"
to /var/www/html/testfile (samba_share_t). For complete SELinux messages.
run sealert -l c05911d3-e680-4e42-8e36-fe2ab9f8e654
-</pre><p>
- Previous log files may use a <code class="filename">/var/log/messages.<em class="replaceable"><code>YYYYMMDD</code></em></code> format. When running <span class="application"><strong>syslog-ng</strong></span>, previous log files may use a <code class="filename">/var/log/messages.<em class="replaceable"><code>X</code></em></code> format. If the <code class="systemitem">setroubleshootd</code> and <code class="systemitem">auditd</code> processes are running, errors similar to the following are logged to <code class="filename">/var/log/audit/audit.log</code>:
- </p><pre class="screen">type=AVC msg=audit(1220706212.937:70): avc: denied { getattr } for pid=1904 comm="httpd" path="/var/www/html/testfile" dev=sda5 ino=247576 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file
+</pre><div class="para">
+ Previous log files may use a <code class="filename">/var/log/messages.<em class="replaceable"><code>YYYYMMDD</code></em></code> format. When running <span><strong class="application">syslog-ng</strong></span>, previous log files may use a <code class="filename">/var/log/messages.<em class="replaceable"><code>X</code></em></code> format. If the <code class="systemitem">setroubleshootd</code> and <code class="systemitem">auditd</code> processes are running, errors similar to the following are logged to <code class="filename">/var/log/audit/audit.log</code>:
+ </div><pre class="screen">type=AVC msg=audit(1220706212.937:70): avc: denied { getattr } for pid=1904 comm="httpd" path="/var/www/html/testfile" dev=sda5 ino=247576 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file
type=SYSCALL msg=audit(1220706212.937:70): arch=40000003 syscall=196 success=no exit=-13 a0=b9e21da0 a1=bf9581dc a2=555ff4 a3=2008171 items=0 ppid=1902 pid=1904 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
-</pre><p>
- Also, an error similar to the following is logged to <code class="filename">/etc/httpd/logs/error_log</code>:
- </p><pre class="screen">[Sat Sep 06 23:00:54 2008] [error] [client <em class="replaceable"><code>127.0.0.1</code></em>] (13)Permission denied: access to /testfile denied
-</pre><div class="note"><h2>Note</h2><p>
- In Fedora 10, the <span class="package">setroubleshoot-server</span> and <span class="package">audit</span> packages are installed by default. These packages include the <code class="systemitem">setroubleshootd</code> and <code class="systemitem">auditd</code> daemons respectively. These daemons run by default. Stopping either of these daemons changes where SELinux denials are written to. Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used">Section 5.2, “Which Log File is Used”</a> for further information.
- </p></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e1219" href="#d0e1219" class="para">6</a>] </sup>
+</pre><div class="para">
+ Also, an error similar to the following is logged to <code class="filename">/var/log/httpd/error_log</code>:
+ </div><pre class="screen">[Sat Sep 06 23:00:54 2008] [error] [client <em class="replaceable"><code>127.0.0.1</code></em>] (13)Permission denied: access to /testfile denied
+</pre><div class="note"><h2>Note</h2><div class="para">
+ In Fedora 10, the <span class="package">setroubleshoot-server</span> and <span class="package">audit</span> packages are installed by default. These packages include the <code class="systemitem">setroubleshootd</code> and <code class="systemitem">auditd</code> daemons respectively. These daemons run by default. Stopping either of these daemons changes where SELinux denials are written to. Refer to <a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used">Section 5.2, “Which Log File is Used”</a> for further information.
+ </div></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e1213" href="#d0e1213">6</a>] </sup>
When using other policies, such as MLS, other roles may be used, for example, <code class="computeroutput">secadm_r</code>.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html"><strong>Prev</strong>3.3. SELinux Contexts for Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html"><strong>Next</strong>4.2. Unconfined Processes</a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-Trademark_Information.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Trademark_Information.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-Trademark_Information.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-Trademark_Information.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 1. Trademark Information</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="pr01s02.html" title="2. We Need Feedback!"/><link rel="next" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 1. Trademark Information</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Introduction.html"><strong>Next</strong></a></li></ul><div class="chapter" lang
="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Trademark_Information">Chapter 1. Trademark Information</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 1. Trademark Information</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="pr01s02.html" title="2. We Need Feedback!"/><link rel="next" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong
>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Introduction.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Trademark_Information">Chapter 1. Trademark Information</h2></div></div></div><div class="para">
<span class="trademark">Linux</span>® is the registered trademark of Linus Torvalds in the U.S. and other countries.
- </p><p>
+ </div><div class="para">
UNIX is a registered trademark of The Open Group.
- </p><p>
+ </div><div class="para">
Type Enforcement is a trademark of Secure Computing Corporation, registered in the U.S. and in other countries. Secure Computing Corporation has not consented to the use or reference to this trademark by the author outside of this guide.
- </p><p>
+ </div><div class="para">
Apache is a trademark of The Apache Software Foundation.
- </p><p>
+ </div><div class="para">
MySQL is a trademark or registered trademark of MySQL AB in the U.S. and other countries.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>Prev</strong>2. We Need Feedback!</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Introduction.html"><strong>Next</strong>Chapter 2. Introduction</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pr01s02.html"><strong>Prev</strong>2. We Need Feedback!</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Introduction.html"><strong>Next</strong>Chapter 2. Introduction</a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-Troubleshooting.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Troubleshooting.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-Troubleshooting.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-Troubleshooting.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,22 +1,22 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 7. Troubleshooting</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html" title="6.5. xguest: Kiosk Mode"/><link rel="next" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 7. Troubleshooting</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Prev</strong></a></li><li cl
ass="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Troubleshooting">Chapter 7. Troubleshooting</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Troubleshooting.html#sect-Security-Enhanced_Linux-Troubleshooting-What_Happens_when_Access_is_Denied">7.1. What Happens when Access is Denied</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html">7.2. Top Three Causes of Problems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems">7.2.1. Labeling Problems</a></span></dt><dt><span
class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html">7.2.2. How are Confined Services Running?</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html">7.2.3. Evolving Rules and Broken Applications</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html">7.3. Fixing Problems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html#sect-Security-Enhanced_Linux-Fixing_Problems-Linux_Permissions">7.3.1. Linux Permissions</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html">7.3.2. Possible Causes of Silent Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_P
roblems-Manual_Pages_for_Services.html">7.3.3. Manual Pages for Services</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html">7.3.4. Permissive Domains</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html">7.3.5. Searching For and Viewing Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html">7.3.6. Raw Audit Messages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html">7.3.7. sealert Messages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html">7.3.8. Allowing Access: audit2allow</a></span></dt></dl></dd></dl></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 7. Troubleshooting</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html" title="6.6. Booleans for Users Executing Applications"/><link rel="next" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/im
ages/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Troubleshooting">Chapter 7. Troubleshooting</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Troubleshooting.html#sect-Security-Enhanced_Linux-Troubleshooting-What_Happens_when_Access_is_Denied">7.1. What Happens when Access is Denied</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html">7.2. Top Three Causes of Problems</a></span></dt>
<dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems">7.2.1. Labeling Problems</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html">7.2.2. How are Confined Services Running?</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html">7.2.3. Evolving Rules and Broken Applications</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html">7.3. Fixing Problems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html#sect-Security-Enhanced_Linux-Fixing_Problems-Linux_Permissions">7.3.1. Linux Permissions</a></span></dt>
<dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html">7.3.2. Possible Causes of Silent Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html">7.3.3. Manual Pages for Services</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html">7.3.4. Permissive Domains</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html">7.3.5. Searching For and Viewing Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html">7.3.6. Raw Audit Messages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html">7.3.7. sealert Messages</a></span></dt><dt><span class="section"><a href="sect-Sec
urity-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html">7.3.8. Allowing Access: audit2allow</a></span></dt></dl></dd></dl></div><div class="para">
The following chapter describes what happens when SELinux denies access; the top three causes of problems; where to find information about correct labeling; analyzing SELinux denials; and creating custom policy modules with <code class="command">audit2allow</code>.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Troubleshooting-What_Happens_when_Access_is_Denied">7.1. What Happens when Access is Denied</h2></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Troubleshooting-What_Happens_when_Access_is_Denied">7.1. What Happens when Access is Denied</h2></div></div></div><div class="para">
SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). Denial messages are logged when SELinux denies access. These denials are also know as "AVC denials", and are logged to a different location, depending on which daemons are running:
- </p><div class="segmentedlist"><table border="0"><thead><tr class="segtitle"><th>Daemon</th><th>Log Location</th></tr></thead><tbody><tr class="seglistitem"><td class="seg">auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code></td></tr><tr class="seglistitem"><td class="seg">auditd off; rsyslogd on</td><td class="seg"><code class="filename">/var/log/messages</code></td></tr><tr class="seglistitem"><td class="seg">setroubleshootd, rsyslogd, and auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code>. Easier-to-read denial messages also sent to <code class="filename">/var/log/messages</code></td></tr></tbody></table></div><p>
- If you are running the X Window System, have the <span class="package">setroubleshoot</span> and <span class="package">setroubleshoot-server</span> packages installed, and the <code class="systemitem">setroubleshootd</code> daemon running, a yellow star and a warning are displayed when access is denied by SELinux:
- </p><div class="mediaobject"><img src="./images/setroubleshoot_denial.png"/></div><p>
+ </div><div class="segmentedlist"><table border="0"><thead><tr class="segtitle"><th>Daemon</th><th>Log Location</th></tr></thead><tbody><tr class="seglistitem"><td class="seg">auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code></td></tr><tr class="seglistitem"><td class="seg">auditd off; rsyslogd on</td><td class="seg"><code class="filename">/var/log/messages</code></td></tr><tr class="seglistitem"><td class="seg">setroubleshootd, rsyslogd, and auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code>. Easier-to-read denial messages also sent to <code class="filename">/var/log/messages</code></td></tr></tbody></table></div><div class="para">
+ If you are running the X Window System, have the <span class="package">setroubleshoot</span> and <span class="package">setroubleshoot-server</span> packages installed, and the <code class="systemitem">setroubleshootd</code> and <code class="systemitem">auditd</code> daemons are running, a yellow star and a warning are displayed when access is denied by SELinux:
+ </div><div class="mediaobject"><img src="./images/setroubleshoot_denial.png"/></div><div class="para">
Clicking on the star presents a detailed analysis of why SELinux denied access, and a possible solution for allowing access. If you are not running the X Window System, it is less obvious when access is denied by SELinux. For example, users browsing your website may receive an error similar to the following:
- </p><pre class="screen">
+ </div><pre class="screen">
Forbidden
You don't have permission to access <em class="replaceable"><code>file name</code></em> on this server
-</pre><p>
- For these situations, if DAC rules (standard Linux permissions) allow access, check <code class="filename">/var/log/messages</code> and <code class="filename">/var/log/audit/audit.log</code> for <code class="computeroutput">SELinux is preventing</code> and <code class="computeroutput">denied</code> errors respectively. This can be done by running the following commands as the Linux root user:
- </p><p>
+</pre><div class="para">
+ For these situations, if DAC rules (standard Linux permissions) allow access, check <code class="filename">/var/log/messages</code> and <code class="filename">/var/log/audit/audit.log</code> for <code class="computeroutput">"SELinux is preventing"</code> and <code class="computeroutput">"denied"</code> errors respectively. This can be done by running the following commands as the Linux root user:
+ </div><div class="para">
<code class="command">grep "SELinux is preventing" /var/log/messages</code>
- </p><p>
+ </div><div class="para">
<code class="command">grep "denied" /var/log/audit/audit.log</code>
- </p></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Prev</strong>6.5. xguest: Kiosk Mode</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html"><strong>Next</strong>7.2. Top Three Causes of Problems</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html"><strong>Prev</strong>6.6. Booleans for Users Executing Applications</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html"><strong>Next</strong>7.2. Top Three Causes of Problems</a></li></ul></body></html>
\ No newline at end of file
Index: chap-Security-Enhanced_Linux-Working_with_SELinux.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/chap-Security-Enhanced_Linux-Working_with_SELinux.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- chap-Security-Enhanced_Linux-Working_with_SELinux.html 24 Nov 2008 22:43:10 -0000 1.1
+++ chap-Security-Enhanced_Linux-Working_with_SELinux.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,34 +1,34 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 5. Working with SELinux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html" title="4.3. Confined and Unconfined Users"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Chapter 5. Working with SELinux</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Working_with_SELinux">Chapter 5. Working with SELinux</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Working_with_SELinux.html#sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Packages">5.1. SELinux Packages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html">5.2. Which Log File is Used</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html">5.3. Main Configuration File</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_wit
h_SELinux-Enabling_and_Disabling_SELinux.html">5.4. Enabling and Disabling SELinux</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html#sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Enabling_SELinux">5.4.1. Enabling SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html">5.4.2. Disabling SELinux</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html">5.5. SELinux Modes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html">5.6. Booleans</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html#sect-Security-Enhanced_Linux-Booleans-Listing_Booleans">5.6.1. Listing Booleans</a></span></dt><dt><s
pan class="section"><a href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html">5.6.2. Configuring Booleans</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html">5.6.3. Examples: Booleans for NFS and CIFS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html">5.7. SELinux Contexts - Labeling Files</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon">5.7.1. Temporary Changes: chcon</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html">5.7.2. Persistent Changes: semanage fcontext</a></span></dt></dl></dd><dt><span class="sect
ion"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html">5.8. The file_t and default_t Types</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html">5.9. Mounting File Systems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html#sect-Security-Enhanced_Linux-Mounting_File_Systems-Context_Mounts">5.9.1. Context Mounts</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html">5.9.2. Changing the Default Context</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html">5.9.3. Mounting an NFS File System</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html">5.9.
4. Multiple NFS Mounts</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html">5.9.5. Making Context Mounts Persistent</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html">5.10. Maintaining SELinux Labels </a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html#sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Copying_Files_and_Directories">5.10.1. Copying Files and Directories</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html">5.10.2. Moving Files and Directories</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html">5.10.3. Chec
king the Default SELinux Context</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html">5.10.4. Archiving Files with tar</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html">5.10.5. Archiving Files with star</a></span></dt></dl></dd></dl></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Chapter 5. Working with SELinux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html" title="4.3. Confined and Unconfined Users"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt=
"Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html"><strong>Next</strong></a></li></ul><div class="chapter" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="chap-Security-Enhanced_Linux-Working_with_SELinux">Chapter 5. Working with SELinux</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Working_with_SELinux.html#sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Packages">5.1. SELinux Packages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html">5.2. Which Log File is Used</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linu
x-Working_with_SELinux-Main_Configuration_File.html">5.3. Main Configuration File</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html">5.4. Enabling and Disabling SELinux</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html#sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Enabling_SELinux">5.4.1. Enabling SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html">5.4.2. Disabling SELinux</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html">5.5. SELinux Modes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html">5.6. Booleans</a></span></dt><dd><dl><dt><span class="section"><a
href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html#sect-Security-Enhanced_Linux-Booleans-Listing_Booleans">5.6.1. Listing Booleans</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html">5.6.2. Configuring Booleans</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html">5.6.3. Booleans for NFS and CIFS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html">5.7. SELinux Contexts - Labeling Files</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon">5.7.1. Temporary Changes: chcon</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Conte
xts_Labeling_Files-Persistent_Changes_semanage_fcontext.html">5.7.2. Persistent Changes: semanage fcontext</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html">5.8. The file_t and default_t Types</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html">5.9. Mounting File Systems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html#sect-Security-Enhanced_Linux-Mounting_File_Systems-Context_Mounts">5.9.1. Context Mounts</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html">5.9.2. Changing the Default Context</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html">5.9.3. Mounti
ng an NFS File System</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html">5.9.4. Multiple NFS Mounts</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html">5.9.5. Making Context Mounts Persistent</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html">5.10. Maintaining SELinux Labels </a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html#sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Copying_Files_and_Directories">5.10.1. Copying Files and Directories</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html">5.10.2. Moving Files and Directories</a></span
></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html">5.10.3. Checking the Default SELinux Context</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html">5.10.4. Archiving Files with tar</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html">5.10.5. Archiving Files with star</a></span></dt></dl></dd></dl></div><div class="para">
The following sections give a brief overview of the main SELinux packages in Fedora 10; installing and updating packages; which log files are used; the main SELinux configuration file; enabling and disabling SELinux; SELinux modes; configuring Booleans; temporarily and persistently changing file and directory labels; overriding file system labels with the <code class="command">mount</code> command; mounting NFS file systems; and how to preserve SELinux contexts when copying and archiving files and directories.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Packages">5.1. SELinux Packages</h2></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Packages">5.1. SELinux Packages</h2></div></div></div><div class="para">
In Fedora 10, the SELinux packages are installed by default, unless they are manually excluded during installation. By default, SELinux targeted policy is used, and SELinux runs in enforcing mode. The following is a brief description of the main SELinux packages:
- </p><p>
+ </div><div class="para">
<span class="package">policycoreutils</span>: provides utilities, such as <code class="command">semanage</code>, <code class="command">restorecon</code>, <code class="command">audit2allow</code>, <code class="command">semodule</code>, <code class="command">load_policy</code>, and <code class="command">setsebool</code>, for operating and managing SELinux.
- </p><p>
+ </div><div class="para">
<span class="package">policycoreutils-gui</span>: provides <code class="command">system-config-selinux</code>, a graphical tool for managing SELinux.
- </p><p>
+ </div><div class="para">
<span class="package">selinux-policy</span>: provides the SELinux Reference Policy. The SELinux Reference Policy is a complete SELinux policy, and is used as a basis for other policies, such as the SELinux targeted policy. Refer to the Tresys Technology <a href="http://oss.tresys.com/projects/refpolicy">SELinux Reference Policy</a> page for further information. The <span class="package">selinux-policy-devel</span> package provides development tools, such as <code class="command">/usr/share/selinux/devel/policygentool</code> and <code class="command">/usr/share/selinux/devel/policyhelp</code>, as well as example policy files. This package was merged into the <span class="package">selinux-policy</span> package.
- </p><p>
+ </div><div class="para">
<span class="package">selinux-policy-<em class="replaceable"><code>policy</code></em></span>: provides SELinux policies. For targeted policy, install <span class="package">selinux-policy-targeted</span>. For MLS, install <span class="package">selinux-policy-mls</span>. In Fedora 8, the strict policy was merged into targeted policy, allowing confined and unconfined users to co-exist on the same system.
- </p><p>
+ </div><div class="para">
<span class="package">setroubleshoot-server</span>: translates denial messages, produced when access is denied by SELinux, into detailed descriptions that are viewed with <code class="command">sealert</code> (which is provided by this package).
- </p><p>
- <span class="package">setools</span>, <span class="package">setools-gui</span>, and <span class="package">setools-console</span>: these packages provide the <a href="http://oss.tresys.com/projects/setools">Tresys Technology SETools distribution</a>, a number of tools and libraries for analyzing and querying policy, audit log monitoring and reporting, and file context management<sup>[<a id="d0e2035" href="#ftn.d0e2035" class="footnote">8</a>]</sup>. The <span class="package">setools</span> package is a meta-package for SETools. The <span class="package">setools-gui</span> package provides the <code class="command">apol</code>, <code class="command">seaudit</code>, and <code class="command">sediffx</code> tools. The <span class="package">setools-console</span> package provides the <code class="command">seaudit-report</code>, <code class="command">sechecker</code>, <code class="command">sediff</code>, <code class="command">seinfo</code>, <code class="command">sesearch</code>
, <code class="command">findcon</code>, <code class="command">replcon</code>, and <code class="command">indexcon</code> command line tools. Refer to the <a href="http://oss.tresys.com/projects/setools">Tresys Technology SETools</a> page for information about these tools.
- </p><p>
+ </div><div class="para">
+ <span class="package">setools</span>, <span class="package">setools-gui</span>, and <span class="package">setools-console</span>: these packages provide the <a href="http://oss.tresys.com/projects/setools">Tresys Technology SETools distribution</a>, a number of tools and libraries for analyzing and querying policy, audit log monitoring and reporting, and file context management<sup>[<a id="d0e2044" href="#ftn.d0e2044">8</a>]</sup>. The <span class="package">setools</span> package is a meta-package for SETools. The <span class="package">setools-gui</span> package provides the <code class="command">apol</code>, <code class="command">seaudit</code>, and <code class="command">sediffx</code> tools. The <span class="package">setools-console</span> package provides the <code class="command">seaudit-report</code>, <code class="command">sechecker</code>, <code class="command">sediff</code>, <code class="command">seinfo</code>, <code class="command">sesearch</code>, <code class="co
mmand">findcon</code>, <code class="command">replcon</code>, and <code class="command">indexcon</code> command line tools. Refer to the <a href="http://oss.tresys.com/projects/setools">Tresys Technology SETools</a> page for information about these tools.
+ </div><div class="para">
<span class="package">libselinux-utils</span>: provides the <code class="command">avcstat</code>, <code class="command">getenforce</code>, <code class="command">getsebool</code>, <code class="command">matchpathcon</code>, <code class="command">selinuxconlist</code>, <code class="command">selinuxdefcon</code>, <code class="command">selinuxenabled</code>, <code class="command">setenforce</code>, <code class="command">togglesebool</code> tools.
- </p><p>
+ </div><div class="para">
<span class="package">mcstrans</span>: translates levels, such as <code class="computeroutput">s0-s0:c0.c1023</code>, to an easier to read form, such as <code class="computeroutput">SystemLow-SystemHigh</code>. This package is not installed by default.
- </p><p>
+ </div><div class="para">
To install packages in Fedora 10, as the Linux root user, run the <code class="command">yum install <em class="replaceable"><code>package-name</code></em></code> command. For example, to install the <span class="package">mcstrans</span> package, run the <code class="command">yum install mcstrans</code> command. To upgrade all installed packages in Fedora 10, run the <code class="command">yum update</code> command.
- </p><p>
- Refer to <a href="http://docs.fedoraproject.org/yum/en/">Managing Software with yum</a><sup>[<a id="d0e2147" href="#ftn.d0e2147" class="footnote">9</a>]</sup> for further information about using <code class="command">yum</code> to manage packages.
- </p><div class="note"><h2>Note</h2><p>
+ </div><div class="para">
+ Refer to <a href="http://docs.fedoraproject.org/yum/en/">Managing Software with yum</a><sup>[<a id="d0e2156" href="#ftn.d0e2156">9</a>]</sup> for further information about using <code class="command">yum</code> to manage packages.
+ </div><div class="note"><h2>Note</h2><div class="para">
In previous versions of Fedora, the <span class="package">selinux-policy-devel</span> package is required when making a local policy module with <code class="command">audit2allow -M</code>.
- </p></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e2035" href="#d0e2035" class="para">8</a>] </sup>
+ </div></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e2044" href="#d0e2044">8</a>] </sup>
Brindle, Joshua. "Re: blurb for fedora setools packages" Email to Murray McAllister. 1 November 2008. Any edits or changes in this version were done by Murray McAllister.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e2147" href="#d0e2147" class="para">9</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e2156" href="#d0e2156">9</a>] </sup>
Managing Software with yum, written by Stuart Ellis, edited by Paul W. Frields, Rodrigo Menezes, and Hugo Cisneiros.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html"><strong>Prev</strong>4.3. Confined and Unconfined Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html"><strong>Next</strong>5.2. Which Log File is Used</a></li></ul></body></html>
\ No newline at end of file
Index: index.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/index.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- index.html 24 Nov 2008 22:43:10 -0000 1.1
+++ index.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Security-Enhanced Linux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><meta name="description" content="This book is about managing and using Security-Enhanced Linux."/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="next" href="pref-Security-Enhanced_Linux-Preface.html" title="Preface"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Security-Enhanced Linux</strong></a></p><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Next</strong></a></li></ul><div class="book" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">10</span></div><div><h1
id="d0e1" class="title">Security-Enhanced Linux</h1></div><div><h2 class="subtitle">User Guide</h2></div><p class="edition">Edition 1.0</p><div><h3 class="corpauthor">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Security-Enhanced Linux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><meta name="description" content="This book is about managing and using Security-Enhanced Linux."/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="next" href="pref-Security-Enhanced_Linux-Preface.html" title="Preface"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Next</strong></a></li
></ul><div class="book" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">10</span></div><div><h1 id="d0e1" class="title">Security-Enhanced Linux</h1></div><div><h2 class="subtitle">User Guide</h2></div><p class="edition">Edition 1.1</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"/></span>
- </h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Murray</span> <span class="surname">McAllister</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Engineering Content Services</span></div><code class="email"><a class="email" href="mailto:mmcallis@redhat.com">mmcallis(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Daniel</span> <span class="surname">Walsh</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Security Engineering</span></div><code class="email"><a class="email" href="mailto:dwalsh@redhat.com">dwalsh(a)redhat.com</a></code></div><div class="othercredit"><h3 class="othercredit"><span class="firstname">Dominick</span> <span class="surname">Grift</span></h3><span class="contrib">Technical editor for the Introduction, SELinux Contexts, Targeted Policy, Working with SELinux, Confining Us
ers, and Troubleshooting chapters.</span> <div class="affiliation"><span class="orgname"/> <span class="orgdiv"/></div><code class="email"><a class="email" href="mailto:domg472@gmail.com">domg472(a)gmail.com</a></code></div><div class="othercredit"><h3 class="othercredit"><span class="firstname">Eric</span> <span class="surname">Paris</span></h3><span class="contrib">Technical editor for the Mounting File Systems and Raw Audit Messages sections.</span> <div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Security Engineering</span></div><code class="email"><a class="email" href="mailto:eparis@parisplace.org">eparis(a)parisplace.org</a></code></div><div class="othercredit"><h3 class="othercredit"><span class="firstname">James</span> <span class="surname">Morris</span></h3><span class="contrib">Technical editor for the Introduction and Targeted Policy chapters.</span> <div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv
">Security Engineering</span></div><code class="email"><a class="email" href="mailto:jmorris@redhat.com">jmorris(a)redhat.com</a></code></div></div></div><div><p class="copyright">Copyright © 2008 Red Hat, Inc.</p></div><hr/><div><div id="d0e35" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><p>
+ </h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Murray</span> <span class="surname">McAllister</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Engineering Content Services</span></div><code class="email"><a href="mailto:mmcallis@redhat.com">mmcallis(a)redhat.com</a></code></div><div class="author"><h3 class="author"><span class="firstname">Daniel</span> <span class="surname">Walsh</span></h3><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Security Engineering</span></div><code class="email"><a href="mailto:dwalsh@redhat.com">dwalsh(a)redhat.com</a></code></div><div class="othercredit"><h3 class="othercredit"><span class="firstname">Dominick</span> <span class="surname">Grift</span></h3><span class="contrib">Technical editor for the Introduction, SELinux Contexts, Targeted Policy, Working with SELinux, Confining Users, and Troubleshooting cha
pters.</span><div class="affiliation"><span class="orgname"/> <span class="orgdiv"/></div><code class="email"><a href="mailto:domg472@gmail.com">domg472(a)gmail.com</a></code></div><div class="othercredit"><h3 class="othercredit"><span class="firstname">Eric</span> <span class="surname">Paris</span></h3><span class="contrib">Technical editor for the Mounting File Systems and Raw Audit Messages sections.</span><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Security Engineering</span></div><code class="email"><a href="mailto:eparis@parisplace.org">eparis(a)parisplace.org</a></code></div><div class="othercredit"><h3 class="othercredit"><span class="firstname">James</span> <span class="surname">Morris</span></h3><span class="contrib">Technical editor for the Introduction and Targeted Policy chapters.</span><div class="affiliation"><span class="orgname">Red Hat</span> <span class="orgdiv">Security Engineering</span></div><code class="email"><a href
="mailto:jmorris@redhat.com">jmorris(a)redhat.com</a></code></div></div></div><div><p class="copyright">Copyright © 2008 Red Hat, Inc.</p></div><hr/><div><div id="d0e35" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
Copyright <span class="trademark"/>© 2008 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0, (the latest version is presently available at <a href="http://www.opencontent.org/openpub/">http://www.opencontent.org/openpub/</a>).
- </p><p>
+ </div><div class="para">
Fedora and the Fedora Infinity Design logo are trademarks or registered trademarks of Red Hat, Inc., in the U.S. and other countries.
- </p><p>
+ </div><div class="para">
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat Inc. in the United States and other countries.
- </p><p>
+ </div><div class="para">
All other trademarks and copyrights referred to are the property of their respective owners.
- </p><p>
+ </div><div class="para">
Documentation, as with software itself, may be subject to export control. Read about Fedora Project export controls at <a href="http://fedoraproject.org/wiki/Legal/Export">http://fedoraproject.org/wiki/Legal/Export</a>.
- </p></div></div><div><div class="abstract"><h6>Abstract</h6><p>This book is about managing and using Security-Enhanced <span class="trademark">Linux</span>®.</p></div></div></div><hr/></div><div class="toc"><dl><dt><span class="preface"><a href="pref-Security-Enhanced_Linux-Preface.html">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e146">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e156">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e372">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e391">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="pr01s02.html">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-
Enhanced_Linux-Trademark_Information.html">1. Trademark Information</a></span></dt><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Introduction.html">2. Introduction</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Introduction.html#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux">2.1. Benefits of running SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-Examples.html">2.2. Examples</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html">2.3. SELinux Architecture</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating_Systems.html">2.4. SELinux on Other Operating Systems</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-SELinux_Contexts.html">3. SELinux Contexts</a></span></dt><dd><dl><dt>
<span class="section"><a href="chap-Security-Enhanced_Linux-SELinux_Contexts.html#sect-Security-Enhanced_Linux-SELinux_Contexts-Domain_Transitions">3.1. Domain Transitions</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html">3.2. SELinux Contexts for Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html">3.3. SELinux Contexts for Users</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Targeted_Policy.html">4. Targeted Policy</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Targeted_Policy.html#sect-Security-Enhanced_Linux-Targeted_Policy-Confined_Processes">4.1. Confined Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html">4.2. Unconfined Processes</a></span></
dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html">4.3. Confined and Unconfined Users</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Working_with_SELinux.html">5. Working with SELinux</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Working_with_SELinux.html#sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Packages">5.1. SELinux Packages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html">5.2. Which Log File is Used</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html">5.3. Main Configuration File</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html">5.4. Enabling and Disabling SELinux</a>
</span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html#sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Enabling_SELinux">5.4.1. Enabling SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html">5.4.2. Disabling SELinux</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html">5.5. SELinux Modes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html">5.6. Booleans</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html#sect-Security-Enhanced_Linux-Booleans-Listing_Booleans">5.6.1. Listing Booleans</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Booleans-Configuring_Boolean
s.html">5.6.2. Configuring Booleans</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html">5.6.3. Examples: Booleans for NFS and CIFS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html">5.7. SELinux Contexts - Labeling Files</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon">5.7.1. Temporary Changes: chcon</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html">5.7.2. Persistent Changes: semanage fcontext</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default
_t_Types.html">5.8. The file_t and default_t Types</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html">5.9. Mounting File Systems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html#sect-Security-Enhanced_Linux-Mounting_File_Systems-Context_Mounts">5.9.1. Context Mounts</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html">5.9.2. Changing the Default Context</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html">5.9.3. Mounting an NFS File System</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html">5.9.4. Multiple NFS Mounts</a></span></dt><dt><span class="section"><a href="sect-Security
-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html">5.9.5. Making Context Mounts Persistent</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html">5.10. Maintaining SELinux Labels </a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html#sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Copying_Files_and_Directories">5.10.1. Copying Files and Directories</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html">5.10.2. Moving Files and Directories</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html">5.10.3. Checking the Default SELinux Context</a></span></dt><dt><span class="section"><a href="sec
t-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html">5.10.4. Archiving Files with tar</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html">5.10.5. Archiving Files with star</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Confining_Users.html">6. Confining Users</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Confining_Users.html#sect-Security-Enhanced_Linux-Confining_Users-Linux_and_SELinux_User_Mappings">6.1. Linux and SELinux User Mappings</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html">6.2. Confining New Linux Users: useradd</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html">6.3. Confinin
g Existing Linux Users: semanage login</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html">6.4. Changing the Default Mapping</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html">6.5. xguest: Kiosk Mode</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Troubleshooting.html">7. Troubleshooting</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Troubleshooting.html#sect-Security-Enhanced_Linux-Troubleshooting-What_Happens_when_Access_is_Denied">7.1. What Happens when Access is Denied</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html">7.2. Top Three Causes of Problems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_
of_Problems.html#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems">7.2.1. Labeling Problems</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html">7.2.2. How are Confined Services Running?</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html">7.2.3. Evolving Rules and Broken Applications</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html">7.3. Fixing Problems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html#sect-Security-Enhanced_Linux-Fixing_Problems-Linux_Permissions">7.3.1. Linux Permissions</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent
_Denials.html">7.3.2. Possible Causes of Silent Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html">7.3.3. Manual Pages for Services</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html">7.3.4. Permissive Domains</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html">7.3.5. Searching For and Viewing Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html">7.3.6. Raw Audit Messages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html">7.3.7. sealert Messages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html">7.3.8. Allowing Access: audit2allo
w</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Further_Information.html">8. Further Information</a></span></dt><dt><span class="appendix"><a href="appe-Security-Enhanced_Linux-Revision_History.html">A. Revision History</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Next</strong>Preface</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">This book is about managing and using Security-Enhanced <span class="trademark">Linux</span>®.</div></div></div></div><hr/></div><div class="toc"><dl><dt><span class="preface"><a href="pref-Security-Enhanced_Linux-Preface.html">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e146">1. Document Conventions</a></span></dt><dd><dl><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e156">1.1. Typographic Conventions</a></span></dt><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e372">1.2. Pull-quote Conventions</a></span></dt><dt><span class="section"><a href="pref-Security-Enhanced_Linux-Preface.html#d0e391">1.3. Notes and Warnings</a></span></dt></dl></dd><dt><span class="section"><a href="pr01s02.html">2. We Need Feedback!</a></span></dt></dl></dd><dt><span class="chapter"><a h
ref="chap-Security-Enhanced_Linux-Trademark_Information.html">1. Trademark Information</a></span></dt><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Introduction.html">2. Introduction</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Introduction.html#sect-Security-Enhanced_Linux-Introduction-Benefits_of_running_SELinux">2.1. Benefits of running SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-Examples.html">2.2. Examples</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html">2.3. SELinux Architecture</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html">2.4. SELinux on Other Operating Systems</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-SELinux_Contexts.html">3. SELinux Contexts</a></spa
n></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-SELinux_Contexts.html#sect-Security-Enhanced_Linux-SELinux_Contexts-Domain_Transitions">3.1. Domain Transitions</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html">3.2. SELinux Contexts for Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html">3.3. SELinux Contexts for Users</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Targeted_Policy.html">4. Targeted Policy</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Targeted_Policy.html#sect-Security-Enhanced_Linux-Targeted_Policy-Confined_Processes">4.1. Confined Processes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html">4.2. Unconfined Pro
cesses</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html">4.3. Confined and Unconfined Users</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Working_with_SELinux.html">5. Working with SELinux</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Working_with_SELinux.html#sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Packages">5.1. SELinux Packages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html">5.2. Which Log File is Used</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html">5.3. Main Configuration File</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html">5.4. Enabling and Di
sabling SELinux</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html#sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Enabling_SELinux">5.4.1. Enabling SELinux</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html">5.4.2. Disabling SELinux</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html">5.5. SELinux Modes</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html">5.6. Booleans</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html#sect-Security-Enhanced_Linux-Booleans-Listing_Booleans">5.6.1. Listing Booleans</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Booleans-
Configuring_Booleans.html">5.6.2. Configuring Booleans</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html">5.6.3. Booleans for NFS and CIFS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html">5.7. SELinux Contexts - Labeling Files</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html#sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon">5.7.1. Temporary Changes: chcon</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html">5.7.2. Persistent Changes: semanage fcontext</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default
_t_Types.html">5.8. The file_t and default_t Types</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html">5.9. Mounting File Systems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html#sect-Security-Enhanced_Linux-Mounting_File_Systems-Context_Mounts">5.9.1. Context Mounts</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html">5.9.2. Changing the Default Context</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html">5.9.3. Mounting an NFS File System</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html">5.9.4. Multiple NFS Mounts</a></span></dt><dt><span class="section"><a href="sect-Security
-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html">5.9.5. Making Context Mounts Persistent</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html">5.10. Maintaining SELinux Labels </a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html#sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Copying_Files_and_Directories">5.10.1. Copying Files and Directories</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html">5.10.2. Moving Files and Directories</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html">5.10.3. Checking the Default SELinux Context</a></span></dt><dt><span class="section"><a href="sec
t-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html">5.10.4. Archiving Files with tar</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html">5.10.5. Archiving Files with star</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Confining_Users.html">6. Confining Users</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Confining_Users.html#sect-Security-Enhanced_Linux-Confining_Users-Linux_and_SELinux_User_Mappings">6.1. Linux and SELinux User Mappings</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html">6.2. Confining New Linux Users: useradd</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html">6.3. Confinin
g Existing Linux Users: semanage login</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html">6.4. Changing the Default Mapping</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html">6.5. xguest: Kiosk Mode</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html">6.6. Booleans for Users Executing Applications</a></span></dt></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Troubleshooting.html">7. Troubleshooting</a></span></dt><dd><dl><dt><span class="section"><a href="chap-Security-Enhanced_Linux-Troubleshooting.html#sect-Security-Enhanced_Linux-Troubleshooting-What_Happens_when_Access_is_Denied">7.1. What Happens when Access is Denied</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting
-Top_Three_Causes_of_Problems.html">7.2. Top Three Causes of Problems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems">7.2.1. Labeling Problems</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html">7.2.2. How are Confined Services Running?</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html">7.2.3. Evolving Rules and Broken Applications</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html">7.3. Fixing Problems</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html#sect-Security-Enhan
ced_Linux-Fixing_Problems-Linux_Permissions">7.3.1. Linux Permissions</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html">7.3.2. Possible Causes of Silent Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html">7.3.3. Manual Pages for Services</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html">7.3.4. Permissive Domains</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html">7.3.5. Searching For and Viewing Denials</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html">7.3.6. Raw Audit Messages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.htm
l">7.3.7. sealert Messages</a></span></dt><dt><span class="section"><a href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html">7.3.8. Allowing Access: audit2allow</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="chap-Security-Enhanced_Linux-Further_Information.html">8. Further Information</a></span></dt><dt><span class="appendix"><a href="appe-Security-Enhanced_Linux-Revision_History.html">A. Revision History</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"/><li class="next"><a accesskey="n" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Next</strong>Preface</a></li></ul></body></html>
\ No newline at end of file
Index: pr01s02.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/pr01s02.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pr01s02.html 24 Nov 2008 22:43:10 -0000 1.1
+++ pr01s02.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2. We Need Feedback!</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="pref-Security-Enhanced_Linux-Preface.html" title="Preface"/><link rel="prev" href="pref-Security-Enhanced_Linux-Preface.html" title="Preface"/><link rel="next" href="chap-Security-Enhanced_Linux-Trademark_Information.html" title="Chapter 1. Trademark Information"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>2. We Need Feedback!</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Trademark_Information.html">
<strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e411">2. We Need Feedback!</h2></div></div></div><a id="d0e414" class="indexterm"/><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2. We Need Feedback!</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="pref-Security-Enhanced_Linux-Preface.html" title="Preface"/><link rel="prev" href="pref-Security-Enhanced_Linux-Preface.html" title="Preface"/><link rel="next" href="chap-Security-Enhanced_Linux-Trademark_Information.html" title="Chapter 1. Trademark Information"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a access
key="p" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Trademark_Information.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e411">2. We Need Feedback!</h2></div></div></div><a id="d0e414" class="indexterm"/><div class="para">
If you find a typographical error in this manual, or if you have thought of a way to make this manual better, we would love to hear from you! Please submit a report in Bugzilla: <a href="http://bugzilla.redhat.com/bugzilla/">http://bugzilla.redhat.com/bugzilla/</a>
- against the product <span class="application"><strong>Fedora Documentation.</strong></span>
- </p><p>
+ against the product <span><strong class="application">Fedora Documentation.</strong></span>
+ </div><div class="para">
When submitting a bug report, be sure to mention the manual's identifier: <em class="citetitle">selinux-user-guide</em>
- </p><p>
+ </div><div class="para">
If you have a suggestion for improving the documentation, try to be as specific as possible when describing it. If you have found an error, please include the section number and some of the surrounding text so we can find it easily.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Prev</strong>Preface</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Trademark_Information.html"><strong>Next</strong>Chapter 1. Trademark Information</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="pref-Security-Enhanced_Linux-Preface.html"><strong>Prev</strong>Preface</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Trademark_Information.html"><strong>Next</strong>Chapter 1. Trademark Information</a></li></ul></body></html>
\ No newline at end of file
Index: pref-Security-Enhanced_Linux-Preface.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/pref-Security-Enhanced_Linux-Preface.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- pref-Security-Enhanced_Linux-Preface.html 24 Nov 2008 22:43:10 -0000 1.1
+++ pref-Security-Enhanced_Linux-Preface.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,108 +1,108 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Preface</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="index.html" title="Security-Enhanced Linux"/><link rel="next" href="pr01s02.html" title="2. We Need Feedback!"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>Preface</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>Next</strong></a></li></ul><div class="preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security-Enhanced_Linux-Preface" class="title">Preface</h1></div></div></
div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Preface</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="index.html" title="Security-Enhanced Linux"/><link rel="prev" href="index.html" title="Security-Enhanced Linux"/><link rel="next" href="pr01s02.html" title="2. We Need Feedback!"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="pr01
s02.html"><strong>Next</strong></a></li></ul><div class="preface" lang="en-US"><div class="titlepage"><div><div><h1 id="pref-Security-Enhanced_Linux-Preface" class="title">Preface</h1></div></div></div><div class="para">
The Fedora 10 SELinux User Guide is for people with minimal or no experience with SELinux. Although system administration experience is not necessary, content in this guide is written for system administration tasks. This guide provides an introduction to fundamental concepts and practical applications of SELinux. After reading this guide you should have an intermediate understanding of SELinux.
- </p><p>
+ </div><div class="para">
Thank you to everyone who offered encouragement, help, and testing - it is most appreciated. Very special thanks to:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
Dominick Grift, Stephen Smalley, and Russell Coker for their contributions, help, and patience.
- </p></li><li><p>
+ </div></li><li><div class="para">
Karsten Wade for his help, adding a component for this guide to <a href="https://bugzilla.redhat.com/"> Red Hat Bugzilla</a>, and sorting out web hosting on <a href="http://docs.fedoraproject.org/">http://docs.fedoraproject.org/</a>.
- </p></li><li><p>
+ </div></li><li><div class="para">
The <a href="http://fedoraproject.org/wiki/Infrastructure">Fedora Infrastructure Team</a> for providing hosting.
- </p></li><li><p>
+ </div></li><li><div class="para">
Jens-Ulrik Petersen for making sure the Red Hat Brisbane office has up-to-date Fedora mirrors.
- </p></li></ul></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e146">1. Document Conventions</h2></div></div></div><p>
+ </div></li></ul></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="d0e146">1. Document Conventions</h2></div></div></div><div class="para">
This manual uses several conventions to highlight certain words and phrases and draw attention to specific pieces of information.
- </p><p>
+ </div><div class="para">
In PDF and paper editions, this manual uses typefaces drawn from the <a href="https://fedorahosted.org/liberation-fonts/">Liberation Fonts</a> set. The Liberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternative but equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes the Liberation Fonts set by default.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="d0e156">1.1. Typographic Conventions</h3></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="d0e156">1.1. Typographic Conventions</h3></div></div></div><div class="para">
Four typographic conventions are used to call attention to specific words and phrases. These conventions, and the circumstances they apply to, are as follows.
- </p><p>
+ </div><div class="para">
<code class="literal">Mono-spaced Bold</code>
- </p><p>
+ </div><div class="para">
Used to highlight system input, including shell commands, file names and paths. Also used to highlight key caps and key-combinations. For example:
- </p><div class="blockquote"><blockquote class="blockquote"><p>
- To see the contents of the file <code class="filename">my_next_bestselling_novel</code> in your current working directory, enter the <code class="command">cat my_next_bestselling_novel</code> command at the shell prompt and press <span class="keycap"><strong>Enter</strong></span> to execute the command.
- </p></blockquote></div><p>
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ To see the contents of the file <code class="filename">my_next_bestselling_novel</code> in your current working directory, enter the <code class="command">cat my_next_bestselling_novel</code> command at the shell prompt and press <span><strong class="keycap">Enter</strong></span> to execute the command.
+ </div></blockquote></div><div class="para">
The above includes a file name, a shell command and a key cap, all presented in Mono-spaced Bold and all distinguishable thanks to context.
- </p><p>
+ </div><div class="para">
Key-combinations can be distinguished from key caps by the hyphen connecting each part of a key-combination. For example:
- </p><div class="blockquote"><blockquote class="blockquote"><p>
- Press <span class="keycap"><strong>Enter</strong></span> to execute the command.
- </p><p>
- Press <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F1</strong></span> to switch to the first virtual terminal. Press <span class="keycap"><strong>Ctrl</strong></span>+<span class="keycap"><strong>Alt</strong></span>+<span class="keycap"><strong>F7</strong></span> to return to your X-Windows session.
- </p></blockquote></div><p>
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Press <span><strong class="keycap">Enter</strong></span> to execute the command.
+ </div><div class="para">
+ Press <span><strong class="keycap">Ctrl</strong></span>-<span><strong class="keycap">Alt</strong></span>-<span><strong class="keycap">F1</strong></span> to switch to the first virtual terminal. Press <span><strong class="keycap">Ctrl</strong></span>-<span><strong class="keycap">Alt</strong></span>-<span><strong class="keycap">F7</strong></span> to return to your X-Windows session.
+ </div></blockquote></div><div class="para">
The first sentence highlights the particular key cap to press. The second highlights two sets of three key caps, each set pressed simultaneously.
- </p><p>
+ </div><div class="para">
If source code is discussed, class names, methods, functions, variable names and returned values mentioned within a paragraph will be presented as above, in <code class="literal">Mono-spaced Bold</code>. For example:
- </p><div class="blockquote"><blockquote class="blockquote"><p>
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
File-related classes include <code class="classname">filesystem</code> for file systems, <code class="classname">file</code> for files, and <code class="classname">dir</code> for directories. Each class has its own associated set of permissions.
- </p></blockquote></div><p>
- <span class="application"><strong>Proportional Bold</strong></span>
- </p><p>
+ </div></blockquote></div><div class="para">
+ <span><strong class="application">Proportional Bold</strong></span>
+ </div><div class="para">
This denotes words or phrases encountered on a system, including application names; dialogue box text; labelled buttons; check-box and radio button labels; menu titles and sub-menu titles. For example:
- </p><div class="blockquote"><blockquote class="blockquote"><p>
- Choose <span class="guimenu"><strong>System > Preferences > Mouse</strong></span> from the main menu bar to launch <span class="application"><strong>Mouse Preferences</strong></span>. In the <span class="guilabel"><strong>Buttons</strong></span> tab, click the <span class="guilabel"><strong>Left-handed mouse</strong></span> check box and click <span class="guibutton"><strong>Close</strong></span> to switch the primary mouse button from the left to the right (making the mouse suitable for use in the left hand).
- </p><p>
- To insert a special character into a <span class="application"><strong>gedit</strong></span> file, choose <span class="guimenu"><strong>Applications > Accessories > Character Map</strong></span> from the main menu bar. Next, choose <span class="guimenu"><strong>Search > Find…</strong></span> from the <span class="application"><strong>Character Map</strong></span> menu bar, type the name of the character in the <span class="guilabel"><strong>Search</strong></span> field and click <span class="guibutton"><strong>Next</strong></span>. The character you sought will be highlighted in the <span class="guilabel"><strong>Character Table</strong></span>. Double-click this highlighted character to place it in the <span class="guilabel"><strong>Text to copy</strong></span> field and then click the <span class="guibutton"><strong>Copy</strong></span> button. Now switch back to your document and choose <span class="guimenu"><strong>Edit > Paste</strong></span> from the
<span class="application"><strong>gedit</strong></span> menu bar.
- </p></blockquote></div><p>
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
+ Choose <span><strong class="guimenu">System > Preferences > Mouse</strong></span> from the main menu bar to launch <span><strong class="application">Mouse Preferences</strong></span>. In the <span><strong class="guilabel">Buttons</strong></span> tab, click the <span><strong class="guilabel">Left-handed mouse</strong></span> check box and click <span><strong class="guibutton">Close</strong></span> to switch the primary mouse button from the left to the right (making the mouse suitable for use in the left hand).
+ </div><div class="para">
+ To insert a special character into a <span><strong class="application">gedit</strong></span> file, choose <span><strong class="guimenu">Applications > Accessories > Character Map</strong></span> from the main menu bar. Next, choose <span><strong class="guimenu">Search > Find…</strong></span> from the <span><strong class="application">Character Map</strong></span> menu bar, type the name of the character in the <span><strong class="guilabel">Search</strong></span> field and click <span><strong class="guibutton">Next</strong></span>. The character you sought will be highlighted in the <span><strong class="guilabel">Character Table</strong></span>. Double-click this highlighted character to place it in the <span><strong class="guilabel">Text to copy</strong></span> field and then click the <span><strong class="guibutton">Copy</strong></span> button. Now switch back to your document and choose <span><strong class="guimenu">Edit > Paste</strong></span> from the
<span><strong class="application">gedit</strong></span> menu bar.
+ </div></blockquote></div><div class="para">
The above text includes application names; system-wide menu names and items; application-specific menu names; and buttons and text found within a GUI interface, all presented in Proportional Bold and all distinguishable by context.
- </p><p>
- Note the <span class="guimenu"><strong>></strong></span> shorthand used to indicate traversal through a menu and its sub-menus. This is to avoid the difficult-to-follow 'Select <span class="guimenuitem"><strong>Mouse</strong></span> from the <span class="guimenu"><strong>Preferences</strong></span> sub-menu in the <span class="guimenu"><strong>System</strong></span> menu of the main menu bar' approach.
- </p><p>
- <code class="command"><em class="replaceable"><code>Mono-spaced Bold Italic</code></em></code> or <span class="application"><strong><em class="replaceable"><code>Proportional Bold Italic</code></em></strong></span>
- </p><p>
+ </div><div class="para">
+ Note the <span><strong class="guimenu">></strong></span> shorthand used to indicate traversal through a menu and its sub-menus. This is to avoid the difficult-to-follow 'Select <span><strong class="guimenuitem">Mouse</strong></span> from the <span><strong class="guimenu">Preferences</strong></span> sub-menu in the <span><strong class="guimenu">System</strong></span> menu of the main menu bar' approach.
+ </div><div class="para">
+ <code class="command"><em class="replaceable"><code>Mono-spaced Bold Italic</code></em></code> or <span><strong class="application"><em class="replaceable"><code>Proportional Bold Italic</code></em></strong></span>
+ </div><div class="para">
Whether Mono-spaced Bold or Proportional Bold, the addition of Italics indicates replaceable or variable text. Italics denotes text you do not input literally or displayed text that changes depending on circumstance. For example:
- </p><div class="blockquote"><blockquote class="blockquote"><p>
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
To connect to a remote machine using ssh, type <code class="command">ssh <em class="replaceable"><code>username</code></em>@<em class="replaceable"><code>domain.name</code></em></code> at a shell prompt. If the remote machine is <code class="filename">example.com</code> and your username on that machine is john, type <code class="command">ssh john(a)example.com</code>.
- </p><p>
+ </div><div class="para">
The <code class="command">mount -o remount <em class="replaceable"><code>file-system</code></em></code> command remounts the named file system. For example, to remount the <code class="filename">/home</code> file system, the command is <code class="command">mount -o remount /home</code>.
- </p><p>
+ </div><div class="para">
To see the version of a currently installed package, use the <code class="command">rpm -q <em class="replaceable"><code>package</code></em></code> command. It will return a result as follows: <code class="command"><em class="replaceable"><code>package-version-release</code></em></code>.
- </p></blockquote></div><p>
+ </div></blockquote></div><div class="para">
Note the words in bold italics above — username, domain.name, file-system, package, version and release. Each word is a placeholder, either for text you enter when issuing a command or for text displayed by the system.
- </p><p>
+ </div><div class="para">
Aside from standard usage for presenting the title of a work, italics denotes the first use of a new and important term. For example:
- </p><div class="blockquote"><blockquote class="blockquote"><p>
+ </div><div class="blockquote"><blockquote class="blockquote"><div class="para">
When the Apache HTTP Server accepts requests, it dispatches child processes or threads to handle them. This group of child processes or threads is known as a <em class="firstterm">server-pool</em>. Under Apache HTTP Server 2.0, the responsibility for creating and maintaining these server-pools has been abstracted to a group of modules called <em class="firstterm">Multi-Processing Modules</em> (<em class="firstterm">MPMs</em>). Unlike other modules, only one module from the MPM group can be loaded by the Apache HTTP Server.
- </p></blockquote></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="d0e372">1.2. Pull-quote Conventions</h3></div></div></div><p>
+ </div></blockquote></div></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="d0e372">1.2. Pull-quote Conventions</h3></div></div></div><div class="para">
Two, commonly multi-line, data types are set off visually from the surrounding text.
- </p><p>
+ </div><div class="para">
Output sent to a terminal is set in <code class="computeroutput">Mono-spaced Roman</code> and presented thus:
- </p><pre class="screen">
+ </div><pre class="screen">
books Desktop documentation drafts mss photos stuff svn
books_tests Desktop1 downloads images notes scripts svgs
-</pre><p>
+</pre><div class="para">
Source-code listings are also set in <code class="computeroutput">Mono-spaced Roman</code> but are presented and highlighted as follows:
- </p><pre class="programlisting">
-package org.jboss.book.jca.ex1;
+ </div><pre class="programlisting">
+<span class="hl-keyword">package</span> org.jboss.book.jca.ex1;
-import javax.naming.InitialContext;
+<span class="hl-keyword">import</span> javax.naming.InitialContext;
-public class ExClient
+<span class="hl-keyword">public</span> <span class="hl-keyword">class</span> ExClient
{
- public static void main(String args[])
- throws Exception
+ <span class="hl-keyword">public</span> <span class="hl-keyword">static</span> <span class="hl-keyword">void</span> main(String args[])
+ <span class="hl-keyword">throws</span> Exception
{
- InitialContext iniCtx = new InitialContext();
- Object ref = iniCtx.lookup("EchoBean");
+ InitialContext iniCtx = <span class="hl-keyword">new</span> InitialContext();
+ Object ref = iniCtx.lookup(<span class="hl-string">"EchoBean"</span>);
EchoHome home = (EchoHome) ref;
Echo echo = home.create();
- System.out.println("Created Echo");
+ System.out.println(<span class="hl-string">"Created Echo"</span>);
- System.out.println("Echo.echo('Hello') = " + echo.echo("Hello"));
+ System.out.println(<span class="hl-string">"Echo.echo('Hello') = "</span> + echo.echo(<span class="hl-string">"Hello"</span>));
}
}
-</pre></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="d0e391">1.3. Notes and Warnings</h3></div></div></div><p>
+</pre></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="d0e391">1.3. Notes and Warnings</h3></div></div></div><div class="para">
Finally, we use three visual styles to draw attention to information that might otherwise be overlooked.
- </p><div class="note"><h2>Note</h2><p>
+ </div><div class="note"><h2>Note</h2><div class="para">
A note is a tip or shortcut or alternative approach to the task at hand. Ignoring a note should have no negative consequences, but you might miss out on a trick that makes your life easier.
- </p></div><div class="important"><h2>Important</h2><p>
+ </div></div><div class="important"><h2>Important</h2><div class="para">
Important boxes detail things that are easily missed: configuration changes that only apply to the current session, or services that need restarting before an update will apply. Ignoring Important boxes won't cause data loss but may cause irritation and frustration.
- </p></div><div class="warning"><h2>Warning</h2><p>
+ </div></div><div class="warning"><h2>Warning</h2><div class="para">
A Warning should not be ignored. Ignoring warnings will most likely cause data loss.
- </p></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Security-Enhanced Linux</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>Next</strong>2. We Need Feedback!</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="index.html"><strong>Prev</strong>Security-Enhanced Linux</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="pr01s02.html"><strong>Next</strong>2. We Need Feedback!</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,25 +1,25 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.6.2. Configuring Booleans</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans"/><link rel="next" href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html" title="5.6.3. Examples: Booleans for NFS and CIFS"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.6.2. Configuring Booleans</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><s
trong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans">5.6.2. Configuring Booleans</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.6.2. Configuring Booleans</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans"/><link rel="next" href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html" title="5.6.3. Booleans for NFS and CIFS"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="D
ocumentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans">5.6.2. Configuring Booleans</h3></div></div></div><div class="para">
The <code class="command">setsebool <em class="replaceable"><code>boolean-name</code></em> <em class="replaceable"><code>x</code></em></code> command turns Booleans on or off, where <em class="replaceable"><code>boolean-name</code></em> is a Boolean name, and <em class="replaceable"><code>x</code></em> is either <code class="option">on</code> to turn the Boolean on, or <code class="option">off</code> to turn it off.
- </p><p>
+ </div><div class="para">
The following example demonstrates configuring the <code class="computeroutput">httpd_can_network_connect_db</code> Boolean:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
By default, the <code class="computeroutput">httpd_can_network_connect_db</code> Boolean is off, preventing Apache HTTP Server scripts and modules from connecting to database servers:
- </p><pre class="screen">$ /usr/sbin/getsebool httpd_can_network_connect_db
+ </div><pre class="screen">$ /usr/sbin/getsebool httpd_can_network_connect_db
httpd_can_network_connect_db --> off
-</pre></li><li><p>
+</pre></li><li><div class="para">
To temporarily enable Apache HTTP Server scripts and modules to connect to database servers, run the <code class="command">setsebool httpd_can_network_connect_db on</code> command as the Linux root user.
- </p></li><li><p>
+ </div></li><li><div class="para">
Use the <code class="command">getsebool httpd_can_network_connect_db</code> command to verify the Boolean is turned on:
- </p><pre class="screen">$ /usr/sbin/getsebool httpd_can_network_connect_db
+ </div><pre class="screen">$ /usr/sbin/getsebool httpd_can_network_connect_db
httpd_can_network_connect_db --> on
-</pre><p>
+</pre><div class="para">
This allows Apache HTTP Server scripts and modules to connect to database servers.
- </p></li><li><p>
+ </div></li><li><div class="para">
This change is not persistent across reboots. To make changes persistent across reboots, run the <code class="command">setsebool -P <em class="replaceable"><code>boolean-name</code></em> on</code> command as the Linux root user:
- </p><pre class="screen"># /usr/sbin/setsebool -P httpd_can_network_connect_db on
-</pre></li><li><p>
+ </div><pre class="screen"># /usr/sbin/setsebool -P httpd_can_network_connect_db on
+</pre></li><li><div class="para">
To temporarily revert to the default behavior, as the Linux root user, run the <code class="command">setsebool httpd_can_network_connect_db off</code> command. For changes that persist across reboots, run the <code class="command">setsebool -P httpd_can_network_connect_db off</code> command.
- </p></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><strong>Prev</strong>5.6. Booleans</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html"><strong>Next</strong>5.6.3. Examples: Booleans for NFS and CIFS</a></li></ul></body></html>
\ No newline at end of file
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><strong>Prev</strong>5.6. Booleans</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html"><strong>Next</strong>5.6.3. Booleans for NFS and CIFS</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.4. Changing the Default Mapping</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html" title="6.3. Confining Existing Linux Users: semanage login"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html" title="6.5. xguest: Kiosk Mode"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>6.4. Changing the Default Mapping</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-
Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping">6.4. Changing the Default Mapping</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.4. Changing the Default Mapping</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html" title="6.3. Confining Existing Linux Users: semanage login"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html" title="6.5. xguest: Kiosk Mode"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedorapr
oject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping">6.4. Changing the Default Mapping</h2></div></div></div><div class="para">
In Fedora 10, Linux users are mapped to the SELinux <code class="computeroutput">__default__</code> login by default (which is mapped to the SELinux <code class="computeroutput">unconfined_u</code> user). If you would like new Linux users, and Linux users not specifically mapped to an SELinux user to be confined by default, change the default mapping with the <code class="command">semanage login</code> command.
- </p><p>
+ </div><div class="para">
For example, run the following command as the Linux root user to change the default mapping from <code class="computeroutput">unconfined_u</code> to <code class="computeroutput">user_u</code>:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semanage login -m -S targeted -s "user_u" -r s0 __default__</code>
- </p><p>
- As the Linux root user, run the <code class="command">semanage login -l</code> command to verify that the <code class="computeroutput">__default__</code> login is mapped to <code class="computeroutput">user_u</code>:
- </p><pre class="screen">
+ </div><div class="para">
+ Run the <code class="command">semanage login -l</code> command as the Linux root user to verify the <code class="computeroutput">__default__</code> login is mapped to <code class="computeroutput">user_u</code>:
+ </div><pre class="screen">
# /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
@@ -17,13 +17,13 @@
__default__ user_u s0
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
-</pre><p>
+</pre><div class="para">
If a new Linux user is created and an SELinux user is not specified, or if an existing Linux user logs in and does not match a specific entry from the <code class="command">semanage login -l</code> output, they are mapped to <code class="computeroutput">user_u</code>, as per the <code class="computeroutput">__default__</code> login.
- </p><p>
+ </div><div class="para">
To change back to the default behavior, run the following command as the Linux root user to map the <code class="computeroutput">__default__</code> login to the SELinux <code class="computeroutput">unconfined_u</code> user:
- </p><p>
+ </div><div class="para">
<pre class="screen">/usr/sbin/semanage login -m -S targeted -s "unconfined_u" -r\
s0-s0:c0.c1023 __default__
</pre>
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Prev</strong>6.3. Confining Existing Linux Users: semanage log...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Next</strong>6.5. xguest: Kiosk Mode</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Prev</strong>6.3. Confining Existing Linux Users: semanage log...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html"><strong>Next</strong>6.5. xguest: Kiosk Mode</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.3. Confining Existing Linux Users: semanage login</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html" title="6.2. Confining New Linux Users: useradd"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html" title="6.4. Changing the Default Mapping"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>6.3. Confining Existing Linux Users: semanage login</strong></a></p><ul class="docnav"><li class="previous"><a a
ccesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login">6.3. Confining Existing Linux Users: semanage login</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.3. Confining Existing Linux Users: semanage login</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html" title="6.2. Confining New Linux Users: useradd"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html" title="6.4. Changing the Default Mapping"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http:
//docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login">6.3. Confining Existing Linux Users: semanage login</h2></div></div></div><div class="para">
If a Linux user is mapped to the SELinux <code class="computeroutput">unconfined_u</code> user (the default behavior), and you would like to change which SELinux user they are mapped to, use the <code class="command">semanage login</code> command. The following example creates a new Linux user named newuser, then maps that Linux user to the SELinux <code class="computeroutput">user_u</code> user:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/useradd newuser</code> command to create a new Linux user (newuser). Since this user uses the default mapping, it does not appear in the <code class="command">/usr/sbin/semanage login -l</code> output:
- </p><pre class="screen">
+ </div><pre class="screen">
# /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
@@ -13,15 +13,15 @@
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
-</pre></li><li><p>
+</pre></li><li><div class="para">
To map the Linux newuser user to the SELinux <code class="computeroutput">user_u</code> user, run the following command as the Linux root user:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semanage login -a -s user_u newuser</code>
- </p><p>
+ </div><div class="para">
The <code class="option">-a</code> option adds a new record, and the <code class="option">-s</code> option specifies the SELinux user to map a Linux user to. The last argument, <code class="computeroutput">newuser</code>, is the Linux user you want mapped to the specified SELinux user.
- </p></li><li><p>
- To view the mapping between the Linux newuser user and <code class="computeroutput">user_u</code>, run the <code class="command">/usr/sbin/semanage login -l</code> command as the Linux root user:
- </p><pre class="screen">
+ </div></li><li><div class="para">
+ To view the mapping between the Linux newuser user and <code class="computeroutput">user_u</code>, run the <code class="command">semanage login -l</code> command as the Linux root user:
+ </div><pre class="screen">
# /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
@@ -30,22 +30,22 @@
newuser user_u s0
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">passwd newuser</code> command to assign a password to the Linux newuser user:
- </p><pre class="screen">
+ </div><pre class="screen">
# passwd newuser
Changing password for user newuser.
New UNIX password: <em class="replaceable"><code>Enter a password</code></em>
Retype new UNIX password: <em class="replaceable"><code>Enter the same password again</code></em>
passwd: all authentication tokens updated successfully.
-</pre></li><li><p>
- Log out of your current session, and log in as the Linux newuser user. Run the <code class="command">id -Z</code> command to the newuser's SELinux context:
- </p><pre class="screen">
+</pre></li><li><div class="para">
+ Log out of your current session, and log in as the Linux newuser user. Run the <code class="command">id -Z</code> command to view the newuser's SELinux context:
+ </div><pre class="screen">
[newuser@rlocalhost ~]$ id -Z
user_u:user_r:user_t:s0
-</pre></li><li><p>
- Log out of the Linux newuser's session, and log back in with your account. If you do not want the Linux newuser user, as the Linux root user, run the <code class="command">/usr/sbin/userdel -r newuser</code> command to remove it, along with its home directory. Also, the mapping between the Linux newuser user and <code class="computeroutput">user_u</code> is removed:
- </p><pre class="screen">
+</pre></li><li><div class="para">
+ Log out of the Linux newuser's session, and log back in with your account. If you do not want the Linux newuser user, run the <code class="command">userdel -r newuser</code> command as the Linux root user to remove it, along with its home directory. Also, the mapping between the Linux newuser user and <code class="computeroutput">user_u</code> is removed:
+ </div><pre class="screen">
# /usr/sbin/userdel -r newuser
# /usr/sbin/semanage login -l
Index: sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.2. Confining New Linux Users: useradd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html" title="6.3. Confining Existing Linux Users: semanage login"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>6.2. Confining New Linux Users: useradd</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-En
hanced_Linux-Confining_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd">6.2. Confining New Linux Users: useradd</h2></div></div></div><p>
- Linux users mapped to the SELinux <code class="computeroutput">unconfined_u</code> user run in the <code class="computeroutput">unconfined_t</code> domain. This is seen by running the <code class="command">id -Z</code> command while logged-in as a Linux users mapped to <code class="computeroutput">unconfined_u</code>:
- </p><pre class="screen">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.2. Confining New Linux Users: useradd</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html" title="6.3. Confining Existing Linux Users: semanage login"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.or
g"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Confining_Users.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-Confining_New_Linux_Users_useradd">6.2. Confining New Linux Users: useradd</h2></div></div></div><div class="para">
+ Linux users mapped to the SELinux <code class="computeroutput">unconfined_u</code> user run in the <code class="computeroutput">unconfined_t</code> domain. This is seen by running the <code class="command">id -Z</code> command while logged-in as a Linux user mapped to <code class="computeroutput">unconfined_u</code>:
+ </div><pre class="screen">
$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-</pre><p>
+</pre><div class="para">
When Linux users run in the <code class="computeroutput">unconfined_t</code> domain, SELinux policy rules are applied, but policy rules exist that allow Linux users running in the <code class="computeroutput">unconfined_t</code> domain almost all access. If unconfined Linux users execute an application that SELinux policy defines can transition from the <code class="computeroutput">unconfined_t</code> domain to its own confined domain, unconfined Linux users are still subject to the restrictions of that confined domain. The security benefit of this is that, even though a Linux user is running unconfined, the application remains confined, and therefore, the exploitation of a flaw in the application can be limited by policy. Note: this does not protect the system from the user. Instead, the user and the system are being protected from possible damage caused by a flaw in the application.
- </p><p>
- When creating Linux users with <code class="command">useradd</code>, use the <code class="option">-Z</code> option to specify which SELinux user they are mapped to. The following example creates a new Linux user, useruuser, and maps that user to the SELinux <code class="computeroutput">user_u</code> user. Linux users mapped to the SELinux <code class="computeroutput">user_u</code> user run in the <code class="computeroutput">user_t</code> domain. In this domain, Linux users are unable to run setuid applications unless SELinux policy permits it (such as <code class="command">passwd</code>), can not run <code class="command">su</code> or <code class="command">sudo</code>, preventing them from becoming the Linux root user with these commands.
- </p><div class="orderedlist"><ol><li><p>
- As the Linux root, run the <code class="command">/usr/sbin/useradd -Z user_u useruuser</code> command to create a new Linux user (useruuser) that is mapped to the SELinux <code class="computeroutput">user_u</code> user.
- </p></li><li><p>
+ </div><div class="para">
+ When creating Linux users with <code class="command">useradd</code>, use the <code class="option">-Z</code> option to specify which SELinux user they are mapped to. The following example creates a new Linux user, useruuser, and maps that user to the SELinux <code class="computeroutput">user_u</code> user. Linux users mapped to the SELinux <code class="computeroutput">user_u</code> user run in the <code class="computeroutput">user_t</code> domain. In this domain, Linux users are unable to run setuid applications unless SELinux policy permits it (such as <code class="command">passwd</code>), and can not run <code class="command">su</code> or <code class="command">sudo</code>, preventing them from becoming the Linux root user with these commands.
+ </div><div class="orderedlist"><ol><li><div class="para">
+ As the Linux root user, run the <code class="command">/usr/sbin/useradd -Z user_u useruuser</code> command to create a new Linux user (useruuser) that is mapped to the SELinux <code class="computeroutput">user_u</code> user.
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">semanage login -l</code> command to view the mapping between the Linux <code class="computeroutput">useruuser</code> user and <code class="computeroutput">user_u</code>:
- </p><pre class="screen">
+ </div><pre class="screen">
# /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
@@ -23,19 +23,19 @@
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
useruuser user_u s0
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">passwd useruuser</code> command to assign a password to the Linux useruuser user:
- </p><pre class="screen">
+ </div><pre class="screen">
# passwd useruuser
Changing password for user useruuser.
New UNIX password: <em class="replaceable"><code>Enter a password</code></em>
Retype new UNIX password: <em class="replaceable"><code>Enter the same password again</code></em>
passwd: all authentication tokens updated successfully.
-</pre></li><li><p>
- Log out of your current session, and log in as the Linux useruuser user. When you log in, pam_selinux maps the Linux user to an SELinux user (in this case, <code class="computeroutput">user_u</code>), and sets up the resulting SELinux context. The Linux user's shell is then launched with this SELinux context. To view the SELinux context for a Linux user, run the <code class="command">id -Z</code> command:
- </p><pre class="screen">
+</pre></li><li><div class="para">
+ Log out of your current session, and log in as the Linux useruuser user. When you log in, pam_selinux maps the Linux user to an SELinux user (in this case, <code class="computeroutput">user_u</code>), and sets up the resulting SELinux context. The Linux user's shell is then launched with this context. Run the <code class="command">id -Z</code> command to view the context of a Linux user:
+ </div><pre class="screen">
[useruuser@localhost ~]$ id -Z
user_u:user_r:user_t:s0
-</pre></li><li><p>
- Log out of the Linux useruuser's session, and log back in with your account. If you do not want the Linux useruuser user, as the Linux root user, run the <code class="command">/usr/sbin/userdel -r useruuser</code> command to remove it, along with its home directory.
- </p></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Confining_Users.html"><strong>Prev</strong>Chapter 6. Confining Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Next</strong>6.3. Confining Existing Linux Users: semanage log...</a></li></ul></body></html>
\ No newline at end of file
+</pre></li><li><div class="para">
+ Log out of the Linux useruuser's session, and log back in with your account. If you do not want the Linux useruuser user, run the <code class="command">/usr/sbin/userdel -r useruuser</code> command as the Linux root user to remove it, along with its home directory.
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Confining_Users.html"><strong>Prev</strong>Chapter 6. Confining Users</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Confining_Existing_Linux_Users_semanage_login.html"><strong>Next</strong>6.3. Confining Existing Linux Users: semanage log...</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,19 +1,19 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.5. xguest: Kiosk Mode</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html" title="6.4. Changing the Default Mapping"/><link rel="next" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>6.5. xguest: Kiosk Mode</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html"><st
rong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Troubleshooting.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode">6.5. xguest: Kiosk Mode</h2></div></div></div><p>
- The <span class="package">xguest</span> package provides a kiosk user account. This account is used to secure machines that people walk up to and use, such as those at libraries, banks, airports, information kiosks, and coffee shops. The kiosk user account is very locked down: essentially, it only allows users to log in, and then use the <span class="application"><strong>Firefox</strong></span> application to browse Internet websites. Any changes made while logged in with his account, such as creating files or changing settings, are lost when you log out.
- </p><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>6.5. xguest: Kiosk Mode</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/><link rel="prev" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html" title="6.4. Changing the Default Mapping"/><link rel="next" href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html" title="6.6. Booleans for Users Executing Applications"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedora
project.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Confining_Users-xguest_Kiosk_Mode">6.5. xguest: Kiosk Mode</h2></div></div></div><div class="para">
+ The <span class="package">xguest</span> package provides a kiosk user account. This account is used to secure machines that people walk up to and use, such as those at libraries, banks, airports, information kiosks, and coffee shops. The kiosk user account is very locked down: essentially, it only allows users to log in and use <span><strong class="application">Firefox</strong></span> to browse Internet websites. Any changes made while logged in with his account, such as creating files or changing settings, are lost when you log out.
+ </div><div class="para">
To set up the kiosk account:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run <code class="command">yum install xguest</code> command to install the <span class="package">xguest</span> package. Install dependencies as required.
- </p></li><li><p>
+ </div></li><li><div class="para">
In order to allow the kiosk account to be used by a variety of people, the account is not password-protected, and as such, the account can only be protected if SELinux is running in enforcing mode. Before logging in with this account, use the <code class="command">getenforce</code> command to confirm that SELinux is running in enforcing mode:
- </p><pre class="screen">
+ </div><pre class="screen">
$ /usr/sbin/getenforce
Enforcing
-</pre><p>
- If this is not the case, refer to <a class="xref" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html" title="5.5. SELinux Modes">Section 5.5, “SELinux Modes”</a> for information about changing to enforcing mode. It is not possible to log in with this account if SELinux is in permissive mode or disabled.
- </p></li><li><p>
+</pre><div class="para">
+ If this is not the case, refer to <a href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html" title="5.5. SELinux Modes">Section 5.5, “SELinux Modes”</a> for information about changing to enforcing mode. It is not possible to log in with this account if SELinux is in permissive mode or disabled.
+ </div></li><li><div class="para">
You can only log in to this account via the GNOME Display Manager (GDM). Once the <span class="package">xguest</span> package is installed, a <code class="computeroutput">Guest</code> account is added to GDM. To log in, click on the <code class="computeroutput">Guest</code> account:
- </p><div class="mediaobject"><img src="./images/xguest.png"/></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html"><strong>Prev</strong>6.4. Changing the Default Mapping</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Troubleshooting.html"><strong>Next</strong>Chapter 7. Troubleshooting</a></li></ul></body></html>
\ No newline at end of file
+ </div><div class="mediaobject"><img src="./images/xguest.png"/></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Confining_Users-Changing_the_Default_Mapping.html"><strong>Prev</strong>6.4. Changing the Default Mapping</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html"><strong>Next</strong>6.6. Booleans for Users Executing Applications</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.4.2. Disabling SELinux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html" title="5.5. SELinux Modes"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.4.2. Disabling SELinux</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enha
nced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux">5.4.2. Disabling SELinux</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.4.2. Disabling SELinux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html" title="5.5. SELinux Modes"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fed
oraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux">5.4.2. Disabling SELinux</h3></div></div></div><div class="para">
To disable SELinux, configure <code class="option">SELINUX=disabled</code> in <code class="filename">/etc/selinux/config</code>:
- </p><pre class="screen"># This file controls the state of SELinux on the system.
+ </div><pre class="screen"># This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
@@ -13,8 +13,8 @@
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-</pre><p>
+</pre><div class="para">
Reboot your system. After reboot, confirm that the <code class="command">getenforce</code> command returns <code class="computeroutput">Disabled</code>:
- </p><pre class="screen">$ /usr/sbin/getenforce
+ </div><pre class="screen">$ /usr/sbin/getenforce
Disabled
</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html"><strong>Prev</strong>5.4. Enabling and Disabling SELinux</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html"><strong>Next</strong>5.5. SELinux Modes</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,34 +1,44 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.8. Allowing Access: audit2allow</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages"/><link rel="next" href="chap-Security-Enhanced_Linux-Further_Information.html" title="Chapter 8. Further Information"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.8. Allowing Access: audit2allow</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.ht
ml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Further_Information.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow">7.3.8. Allowing Access: audit2allow</h3></div></div></div><p>
- The example in this section should not be used, as the example denial can be solved with correct labeling. The example shown is used only to demonstrate the use of <code class="command">audit2allow</code>.
- </p><p>
- From the <span class="citerefentry"><span class="refentrytitle">audit2allow</span>(1)</span> manual page: "<code class="command">audit2allow</code> - generate SELinux policy allow rules from logs of denied operations"<sup>[<a id="d0e6386" href="#ftn.d0e6386" class="footnote">19</a>]</sup>. After analyzing denials as per <a class="xref" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages">Section 7.3.7, “sealert Messages”</a>, and if no label changes or Booleans allowed access, use <code class="command">audit2allow</code> to create a local policy module. After access is denied by SELinux, running the <code class="command">audit2allow</code> command presents Type Enforcement rules that allow the previously denied access. The following example demonstrates a denial and the associated system call logged to <code class="filename">/var/log/audit/audit.log</code>:
- </p><pre class="screen">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.8. Allowing Access: audit2allow</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages"/><link rel="next" href="chap-Security-Enhanced_Linux-Further_Information.html" title="Chapter 8. Further Information"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_rig
ht.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Further_Information.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow">7.3.8. Allowing Access: audit2allow</h3></div></div></div><div class="para">
+ Do not use the example in this section in production. It is used only to demonstrate the use of <code class="command">audit2allow</code>.
+ </div><div class="para">
+ From the <span class="citerefentry"><span class="refentrytitle">audit2allow</span>(1)</span> manual page: "<code class="command">audit2allow</code> - generate SELinux policy allow rules from logs of denied operations"<sup>[<a id="d0e6493" href="#ftn.d0e6493">19</a>]</sup>. After analyzing denials as per <a href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages">Section 7.3.7, “sealert Messages”</a>, and if no label changes or Booleans allowed access, use <code class="command">audit2allow</code> to create a local policy module. After access is denied by SELinux, running the <code class="command">audit2allow</code> command presents Type Enforcement rules that allow the previously denied access.
+ </div><div class="para">
+ The following example demonstrates using <code class="command">audit2allow</code> to create a policy module:
+ </div><div class="orderedlist"><ol><li><div class="para">
+ A denial and the associated system call are logged to <code class="filename">/var/log/audit/audit.log</code>:
+ </div><pre class="screen">
type=AVC msg=audit(1226270358.848:238): avc: denied { write } for pid=13349 comm="certwatch" name="cache" dev=dm-0 ino=218171 scontext=system_u:system_r:certwatch_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1226270358.848:238): arch=40000003 syscall=39 success=no exit=-13 a0=39a2bf a1=3ff a2=3a0354 a3=94703c8 items=0 ppid=13344 pid=13349 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="certwatch" exe="/usr/bin/certwatch" subj=system_u:system_r:certwatch_t:s0 key=(null)
-</pre><p>
- In this example, <span class="application"><strong>certwatch</strong></span> (<code class="computeroutput">comm="certwatch"</code>) was denied write access (<code class="computeroutput">{ write }</code>) to a directory labeled with the <code class="computeroutput">var_t</code> type (<code class="computeroutput">tcontext=system_u:object_r:var_t:s0</code>). With such a denial logged, running <code class="command">audit2allow</code> with the <code class="option">-w</code> option produces a human-readable description of why access was denied. The <code class="command">audit2allow</code> tool accesses <code class="filename">/var/log/audit/audit.log</code>, and as such, must be run as the Linux root user:
- </p><pre class="screen">
+</pre><div class="para">
+ In this example, <span><strong class="application">certwatch</strong></span> (<code class="computeroutput">comm="certwatch"</code>) was denied write access (<code class="computeroutput">{ write }</code>) to a directory labeled with the <code class="computeroutput">var_t</code> type (<code class="computeroutput">tcontext=system_u:object_r:var_t:s0</code>). Analyze the denial as per <a href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages">Section 7.3.7, “sealert Messages”</a>. If no label changes or Booleans allowed access, use <code class="command">audit2allow</code> to create a local policy module.
+ </div></li><li><div class="para">
+ With a denial logged, such as the <code class="computeroutput">certwatch</code> denial in step 1, run the <code class="command">audit2allow -w -a</code> command to produce a human-readable description of why access was denied. The <code class="option">-a</code> option causes all audit logs to be read. The <code class="option">-w</code> option produces the human-readable description. The <code class="command">audit2allow</code> tool accesses <code class="filename">/var/log/audit/audit.log</code>, and as such, must be run as the Linux root user:
+ </div><pre class="screen">
# audit2allow -w -a
type=AVC msg=audit(1226270358.848:238): avc: denied { write } for pid=13349 comm="certwatch" name="cache" dev=dm-0 ino=218171 scontext=system_u:system_r:certwatch_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
-</pre><p>
- As shown, access was denied due to a missing Type Enforcement rule. Run the <code class="command">audit2allow -a</code> command to view the Type Enforcement rule that allows the denied access:
- </p><pre class="screen">
+</pre><div class="para">
+ As shown, access was denied due to a missing Type Enforcement rule.
+ </div></li><li><div class="para">
+ Run the <code class="command">audit2allow -a</code> command to view the Type Enforcement rule that allows the denied access:
+ </div><pre class="screen">
# audit2allow -a
#============= certwatch_t ==============
allow certwatch_t var_t:dir write;
-</pre><p>
- To use this rule, run the <code class="command">audit2allow -a -M <em class="replaceable"><code>mycertwatch</code></em></code> command as the Linux root user to create custom module. The <code class="option">-M</code> option creates a Type Enforcement file (<code class="filename">.te</code>) with the name specified with <code class="option">-M</code>, in your current working directory:
- </p><pre class="screen">
+</pre><div class="important"><h2>Important</h2><div class="para">
+ Missing Type Enforcement rules are usually caused by bugs in SELinux policy, and should be reported in <a href="https://bugzilla.redhat.com/">Red Hat Bugzilla</a>. For Fedora, create bugs against the <code class="computeroutput">Fedora</code> product, and select the <code class="computeroutput">selinux-policy</code> component. Include the output of the <code class="command">audit2allow -w -a</code> and <code class="command">audit2allow -a</code> commands in such bug reports.
+ </div></div></li><li><div class="para">
+ To use the rule displayed by <code class="command">audit2allow -a</code>, run the <code class="command">audit2allow -a -M <em class="replaceable"><code>mycertwatch</code></em></code> command as the Linux root user to create custom module. The <code class="option">-M</code> option creates a Type Enforcement file (<code class="filename">.te</code>) with the name specified with <code class="option">-M</code>, in your current working directory:
+ </div><pre class="screen">
# audit2allow -a -M mycertwatch
******************** IMPORTANT ***********************
@@ -38,20 +48,20 @@
# ls
mycertwatch.pp mycertwatch.te
-</pre><p>
- Also, <code class="command">audit2allow</code> compiles the Type Enforcement rule into a policy package (<code class="filename">.pp</code>). To install the module, run the <code class="command">/usr/sbin/semodule -i <em class="replaceable"><code>mycertwatch.pp</code></em></code> command as the Linux root user.
- </p><p>
+</pre><div class="para">
+ Also, <code class="command">audit2allow</code> compiles the Type Enforcement rule into a policy package (<code class="filename">.pp</code>). To install the module, run the <code class="command">/usr/sbin/semodule -i <em class="replaceable"><code>mycertwatch.pp</code></em></code> command as the Linux root user.
+ </div><div class="important"><h2>Important</h2><div class="para">
+ Modules created with <code class="command">audit2allow</code> may allow more access than required. It is recommended that policy created with <code class="command">audit2allow</code> be posted to an SELinux list, such as <a href="http://www.redhat.com/mailman/listinfo/fedora-selinux-list">fedora-selinux-list</a>, for review. If you believe their is a bug in policy, create a bug in <a href="https://bugzilla.redhat.com/">Red Hat Bugzilla</a>.
+ </div></div></li></ol></div><div class="para">
If you have multiple denials from multiple processes, but only want to create a custom policy for a single process, use the <code class="command">grep</code> command to narrow down the input for <code class="command">audit2allow</code>. The following example demonstrates using <code class="command">grep</code> to only send denials related to <code class="command">certwatch</code> through <code class="command">audit2allow</code>:
- </p><pre class="screen">
+ </div><pre class="screen">
# grep certwatch /var/log/audit/audit.log | audit2allow -M mycertwatch2
******************** IMPORTANT ***********************
To make this policy package active, execute:
-# semodule -i mycertwatch2.pp
-</pre><p>
+# /usr/sbin/semodule -i mycertwatch2.pp
+</pre><div class="para">
Refer to Dan Walsh's <a href="http://danwalsh.livejournal.com/24750.html">"Using audit2allow to build policy modules. Revisited."</a> blog entry for further information about using <code class="command">audit2allow</code> to build policy modules.
- </p><div class="important"><h2>Important</h2><p>
- Modules created with <code class="command">audit2allow</code> may allow more access than required. It is recommended that policy created with <code class="command">audit2allow</code> be posted to an SELinux list, such as <a href="http://www.redhat.com/mailman/listinfo/fedora-selinux-list">fedora-selinux-list</a>, for review. If you believe their is a bug in policy, create a bug in <a href="https://bugzilla.redhat.com/">Red Hat Bugzilla</a>.
- </p></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e6386" href="#d0e6386" class="para">19</a>] </sup>
+ </div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e6493" href="#d0e6493">19</a>] </sup>
From the <span class="citerefentry"><span class="refentrytitle">audit2allow</span>(1)</span> manual page, as shipped with the <span class="package">policycoreutils</span> package in Fedora 10.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html"><strong>Prev</strong>7.3.7. sealert Messages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Further_Information.html"><strong>Next</strong>Chapter 8. Further Information</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html 24 Nov 2008 22:43:10 -0000 1.1
+++ sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.3. Manual Pages for Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html" title="7.3.2. Possible Causes of Silent Denials"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html" title="7.3.4. Permissive Domains"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.3. Manual Pages for Services</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linu
x-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services">7.3.3. Manual Pages for Services</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.3. Manual Pages for Services</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html" title="7.3.2. Possible Causes of Silent Denials"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html" title="7.3.4. Permissive Domains"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services">7.3.3. Manual Pages for Services</h3></div></div></div><div class="para">
Manual pages for services contain valuable information, such as what file type to use for a given situation, and Booleans to change the access a service has (such as <code class="systemitem">httpd</code> accessing NFS file systems). This information may be in the standard manual page, or a manual page with <code class="computeroutput">selinux</code> prepended or appended.
- </p><p>
+ </div><div class="para">
For example, the <span class="citerefentry"><span class="refentrytitle">httpd_selinux</span>(8)</span> manual page has information about what file type to use for a given situation, as well as Booleans to allow scripts, sharing files, accessing directories inside user home directories, and so on. Other manual pages with SELinux information for services include:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
Samba: the <span class="citerefentry"><span class="refentrytitle">samba_selinux</span>(8)</span> manual page describes that files and directories to be exported via Samba must be labeled with the <code class="computeroutput">samba_share_t</code> type, as well as Booleans to allow files labeled with types other than <code class="computeroutput">samba_share_t</code> to be exported via Samba.
- </p></li><li><p>
+ </div></li><li><div class="para">
NFS: the <span class="citerefentry"><span class="refentrytitle">nfs_selinux</span>(8)</span> manual page describes that, by default, file systems can not be exported via NFS, and that to allow file systems to be exported, Booleans such as <code class="computeroutput">nfs_export_all_ro</code> or <code class="computeroutput">nfs_export_all_rw</code> must be turned on.
- </p></li><li><p>
+ </div></li><li><div class="para">
Berkeley Internet Name Domain (BIND): the <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span> manual page describes what file type to use for a given situation (see the <code class="computeroutput">Red Hat SELinux BIND Security Profile</code> section). The <span class="citerefentry"><span class="refentrytitle">named_selinux</span>(8)</span> manual page describes that, by default, <code class="systemitem">named</code> can not write to master zone files, and to allow such access, the <code class="computeroutput">named_write_master_zones</code> Boolean must be turned on.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
The information in manual pages helps you configure the correct file types and Booleans, helping to prevent SELinux from denying access.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Prev</strong>7.3.2. Possible Causes of Silent Denials</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Next</strong>7.3.4. Permissive Domains</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Prev</strong>7.3.2. Possible Causes of Silent Denials</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Next</strong>7.3.4. Permissive Domains</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,35 +1,35 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.4. Permissive Domains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html" title="7.3.3. Manual Pages for Services"/><link rel="next" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html" title="7.3.4.2. Denials for Permissive Domains"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.4. Permissive Domains</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux
-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains">7.3.4. Permissive Domains</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.4. Permissive Domains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html" title="7.3.3. Manual Pages for Services"/><link rel="next" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html" title="7.3.4.2. Denials for Permissive Domains"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.
org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains">7.3.4. Permissive Domains</h3></div></div></div><div class="para">
When SELinux is running in permissive mode, SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode. Previously, it was not possible to make a single domain permissive (remember: processes run in domains). In certain situations, this led to making the whole system permissive to troubleshoot issues.
- </p><p>
+ </div><div class="para">
Fedora 10 introduces permissive domains, where an administrator can configure a single process (domain) to run permissive, rather than making the whole system permissive. SELinux checks are still performed for permissive domains; however, the kernel allows access and reports an AVC denial for situations where SELinux would have denied access. Permissive domains are also available in Fedora 9 (with the latest updates applied).
- </p><p>
+ </div><div class="para">
In Red Hat Enterprise Linux 4 and 5, <code class="computeroutput"><em class="replaceable"><code>domain</code></em>_disable_trans</code> Booleans are available to prevent an application from transitioning to a confined domain, and therefore, the process runs in an unconfined domain, such as <code class="computeroutput">initrc_t</code>. Turning such Booleans on can cause major problems. For example, if the <code class="computeroutput">httpd_disable_trans</code> Boolean is turned on:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
<code class="systemitem">httpd</code> runs in the unconfined <code class="computeroutput">initrc_t</code> domain. Files created by processes running in the <code class="computeroutput">initrc_t</code> domain may not have the same labeling rules applied as files created by a process running in the <code class="computeroutput">httpd_t</code> domain, potentially allowing processes to create mislabeled files. This causes access problems later on.
- </p></li><li><p>
+ </div></li><li><div class="para">
confined domains that are allowed to communicate with <code class="computeroutput">httpd_t</code> can not communicate with <code class="computeroutput">initrc_t</code>, possibly causing additional failures.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
The <code class="computeroutput"><em class="replaceable"><code>domain</code></em>_disable_trans</code> Booleans were removed from Fedora 7, even though there was no replacement. Permissive domains solve the above issues: transition rules apply, and files are created with the correct labels.
- </p><p>
+ </div><div class="para">
Permissive domains can be used for:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
making a single process (domain) run permissive to troubleshoot an issue, rather than putting the entire system at risk by making the entire system permissive.
- </p></li><li><p>
+ </div></li><li><div class="para">
creating policies for new applications. Previously, it was recommended that a minimal policy be created, and then the entire machine put into permissive mode, so that the application could run, but SELinux denials still logged. <code class="command">audit2allow</code> could then be used to help write the policy. This put the whole system at risk. With permissive domains, only the domain in the new policy can be marked permissive, without putting the whole system at risk.
- </p></li></ul></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security-Enhanced_Linux-Permissive_Domains-Making_a_Domain_Permissive">7.3.4.1. Making a Domain Permissive</h4></div></div></div><p>
+ </div></li></ul></div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security-Enhanced_Linux-Permissive_Domains-Making_a_Domain_Permissive">7.3.4.1. Making a Domain Permissive</h4></div></div></div><div class="para">
To make a domain permissive, run the <code class="command">semanage permissive -a <em class="replaceable"><code>domain</code></em></code> command, where <em class="replaceable"><code>domain</code></em> is the domain you want to make permissive. For example, run the following command as the Linux root user to make the <code class="computeroutput">httpd_t</code> domain (the domain the Apache HTTP Server runs in) permissive:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semanage permissive -a httpd_t</code>
- </p><p>
+ </div><div class="para">
To view a list of domains you have made permissive, run the <code class="command">semodule -l | grep permissive</code> command as the Linux root user. For example:
- </p><pre class="screen">
+ </div><pre class="screen">
# /usr/sbin/semodule -l | grep permissive
permissive_httpd_t 1.0
-</pre><p>
+</pre><div class="para">
If you no longer want a domain to be permissive, run the <code class="command">semanage permissive -d <em class="replaceable"><code>domain</code></em></code> command as the Linux root user. For example:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semanage permissive -d httpd_t</code>
- </p></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Prev</strong>7.3.3. Manual Pages for Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html"><strong>Next</strong>7.3.4.2. Denials for Permissive Domains</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Prev</strong>7.3.3. Manual Pages for Services</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html"><strong>Next</strong>7.3.4.2. Denials for Permissive Domains</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,25 +1,25 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.2. Possible Causes of Silent Denials</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html" title="7.3.3. Manual Pages for Services"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.2. Possible Causes of Silent Denials</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Troubl
eshooting-Fixing_Problems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials">7.3.2. Possible Causes of Silent Denials</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.2. Possible Causes of Silent Denials</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html" title="7.3.3. Manual Pages for Services"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_
Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials">7.3.2. Possible Causes of Silent Denials</h3></div></div></div><div class="para">
In certain situations, AVC denials may not be logged when SELinux denies access. Applications and system library functions often probe for more access than required to perform their tasks. To maintain least privilege without filling audit logs with AVC denials for harmless application probing, the policy can silence AVC denials without allowing a permission by using <code class="computeroutput">dontaudit</code> rules. These rules are common in standard policy. The downside of <code class="computeroutput">dontaudit</code> is that, although SELinux denies access, denial messages are not logged, making troubleshooting hard.
- </p><p>
+ </div><div class="para">
To temporarily disable <code class="computeroutput">dontaudit</code> rules, allowing all denials to be logged, run the following command as the Linux root user:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semodule -DB</code>
- </p><p>
+ </div><div class="para">
The <code class="option">-D</code> option disables <code class="computeroutput">dontaudit</code> rules; the <code class="option">-B</code> option rebuilds policy. After running <code class="command">semodule -DB</code>, try exercising the application that was encountering permission problems, and see if SELinux denials — relevant to the application — are now being logged. Take care in deciding which denials should be allowed, as some should be ignored and handled via <code class="computeroutput">dontaudit</code> rules. If in doubt, or in search of guidance, contact other SELinux users and developers on an SELinux list, such as <a href="http://www.redhat.com/mailman/listinfo/fedora-selinux-list">fedora-selinux-list</a>.
- </p><p>
+ </div><div class="para">
To rebuild policy and enable <code class="computeroutput">dontaudit</code> rules, run the following command as the Linux root user:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semodule -B</code>
- </p><p>
+ </div><div class="para">
This restores the policy to its original state. For a full list of <code class="computeroutput">dontaudit</code> rules, run the <code class="command">sesearch --dontaudit</code> command. Narrow down searches using the <code class="option">-s <em class="replaceable"><code>domain</code></em></code> option and the <code class="command">grep</code> command. For example:
- </p><pre class="screen">
+ </div><pre class="screen">
$ sesearch --dontaudit -s smbd_t | grep squid
WARNING: This policy contained disabled aliases; they have been removed.
dontaudit smbd_t squid_port_t : tcp_socket name_bind ;
dontaudit smbd_t squid_port_t : udp_socket name_bind ;
-</pre><p>
- Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages">Section 7.3.6, “Raw Audit Messages”</a> and <a class="xref" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages">Section 7.3.7, “sealert Messages”</a> for information about analyzing denials.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html"><strong>Prev</strong>7.3. Fixing Problems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Next</strong>7.3.3. Manual Pages for Services</a></li></ul></body></html>
\ No newline at end of file
+</pre><div class="para">
+ Refer to <a href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages">Section 7.3.6, “Raw Audit Messages”</a> and <a href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages">Section 7.3.7, “sealert Messages”</a> for information about analyzing denials.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html"><strong>Prev</strong>7.3. Fixing Problems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Manual_Pages_for_Services.html"><strong>Next</strong>7.3.3. Manual Pages for Services</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,30 +1,30 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.6. Raw Audit Messages</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html" title="7.3.5. Searching For and Viewing Denials"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.6. Raw Audit Messages</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-
Searching_For_and_Viewing_Denials.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages">7.3.6. Raw Audit Messages</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.6. Raw Audit Messages</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html" title="7.3.5. Searching For and Viewing Denials"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html" title="7.3.7. sealert Messages"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages">7.3.6. Raw Audit Messages</h3></div></div></div><div class="para">
Raw audit messages are logged to <code class="filename">/var/log/audit/audit.log</code>. The following is an example AVC denial (and the associated system call) that occurred when the Apache HTTP Server (running in the <code class="computeroutput">httpd_t</code> domain) attempted to access the <code class="filename">/var/www/html/file1</code> file (labeled with the <code class="computeroutput">samba_share_t</code> type):
- </p><pre class="screen">
+ </div><pre class="screen">
type=AVC msg=audit(1226874073.147:96): avc: denied { getattr } for pid=2465 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=284133 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file
type=SYSCALL msg=audit(1226874073.147:96): arch=40000003 syscall=196 success=no exit=-13 a0=b98df198 a1=bfec85dc a2=54dff4 a3=2008171 items=0 ppid=2463 pid=2465 auid=502 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=6 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
-</pre><div class="variablelist"><dl><dt><span class="term"><em class="replaceable"><code>{ getattr }</code></em></span></dt><dd><p>
+</pre><div class="variablelist"><dl><dt><span class="term"><em class="replaceable"><code>{ getattr }</code></em></span></dt><dd><div class="para">
The item in braces indicates the permission that was denied. <code class="computeroutput">getattr</code> indicates the source process was trying to read the target file's status information. This occurs before reading files. This action is denied due to the file being accessed having the wrong label. Commonly seen permissions include <code class="computeroutput">getattr</code>, <code class="computeroutput">read</code>, and <code class="computeroutput">write</code>.
- </p></dd><dt><span class="term">comm="<em class="replaceable"><code>httpd</code></em>"</span></dt><dd><p>
+ </div></dd><dt><span class="term">comm="<em class="replaceable"><code>httpd</code></em>"</span></dt><dd><div class="para">
The executable that launched the process. The full path of the executable is found in the <code class="computeroutput">exe=</code> section of the system call (<code class="computeroutput">SYSCALL</code>) message, which in this case, is <code class="computeroutput">exe="/usr/sbin/httpd"</code>.
- </p></dd><dt><span class="term">path="<em class="replaceable"><code>/var/www/html/file1</code></em>"</span></dt><dd><p>
- The path to the object (target) that the process attempted to access.
- </p></dd><dt><span class="term">scontext="<em class="replaceable"><code>unconfined_u:system_r:httpd_t:s0</code></em>"</span></dt><dd><p>
+ </div></dd><dt><span class="term">path="<em class="replaceable"><code>/var/www/html/file1</code></em>"</span></dt><dd><div class="para">
+ The path to the object (target) the process attempted to access.
+ </div></dd><dt><span class="term">scontext="<em class="replaceable"><code>unconfined_u:system_r:httpd_t:s0</code></em>"</span></dt><dd><div class="para">
The SELinux context of the process that attempted the denied action. In this case, it is the SELinux context of the Apache HTTP Server, which is running in the <code class="computeroutput">httpd_t</code> domain.
- </p></dd><dt><span class="term">tcontext="<em class="replaceable"><code>unconfined_u:object_r:samba_share_t:s0</code></em>"</span></dt><dd><p>
- The SELinux context of the object (target) that the process attempted to access. In this case, it is the SELinux context of <code class="filename">file1</code>. Note: the <code class="computeroutput">samba_share_t</code> type is not accessible to processes running in the <code class="computeroutput">httpd_t</code> domain.
- </p><p>
+ </div></dd><dt><span class="term">tcontext="<em class="replaceable"><code>unconfined_u:object_r:samba_share_t:s0</code></em>"</span></dt><dd><div class="para">
+ The SELinux context of the object (target) the process attempted to access. In this case, it is the SELinux context of <code class="filename">file1</code>. Note: the <code class="computeroutput">samba_share_t</code> type is not accessible to processes running in the <code class="computeroutput">httpd_t</code> domain.
+ </div><div class="para">
In certain situations, the <code class="computeroutput">tcontext</code> may match the <code class="computeroutput">scontext</code>, for example, when a process attempts to execute a system service that will change characteristics of that running process, such as the user ID. Also, the <code class="computeroutput">tcontext</code> may match the <code class="computeroutput">scontext</code> when a process tries to use more resources (such as memory) than normal limits allow, resulting in a security check to see if that process is allowed to break those limits.
- </p></dd></dl></div><p>
+ </div></dd></dl></div><div class="para">
From the system call (<code class="computeroutput">SYSCALL</code>) message, two items are of interest:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
<code class="computeroutput">success=<em class="replaceable"><code>no</code></em></code>: indicates whether the denial (AVC) was enforced or not. <code class="computeroutput">success=no</code> indicates the system call was not successful (SELinux denied access). <code class="computeroutput">success=yes</code> indicates the system call was successful - this can be seen for permissive domains or unconfined domains, such as <code class="computeroutput">initrc_t</code> and <code class="computeroutput">kernel_t</code>.
- </p></li><li><p>
+ </div></li><li><div class="para">
<code class="computeroutput">exe="<em class="replaceable"><code>/usr/sbin/httpd</code></em>"</code>: the full path to the executable that launched the process, which in this case, is <code class="computeroutput">exe="/usr/sbin/httpd"</code>.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
An incorrect file type is a common cause for SELinux denying access. To start troubleshooting, compare the source context (<code class="computeroutput">scontext</code>) with the target context (<code class="computeroutput">tcontext</code>). Should the process (<code class="computeroutput">scontext</code>) be accessing such an object (<code class="computeroutput">tcontext</code>)? For example, the Apache HTTP Server (<code class="computeroutput">httpd_t</code>) should only be accessing types specified in the <span class="citerefentry"><span class="refentrytitle">httpd_selinux</span>(8)</span> manual page, such as <code class="computeroutput">httpd_sys_content_t</code>, <code class="computeroutput">public_content_t</code>, and so on, unless configured otherwise.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html"><strong>Prev</strong>7.3.5. Searching For and Viewing Denials</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html"><strong>Next</strong>7.3.7. sealert Messages</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html"><strong>Prev</strong>7.3.5. Searching For and Viewing Denials</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html"><strong>Next</strong>7.3.7. sealert Messages</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,21 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.5. Searching For and Viewing Denials</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html" title="7.3.4.2. Denials for Permissive Domains"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.5. Searching For and Viewing Denials</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Securit
y-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials">7.3.5. Searching For and Viewing Denials</h3></div></div></div><p>
- This section assumes the <span class="package">setroubleshoot</span>, <span class="package">setroubleshoot-server</span>, and <span class="package">audit</span> packages are installed, and that the <code class="systemitem">auditd</code>, <code class="systemitem">rsyslogd</code>, and <code class="systemitem">setroubleshootd</code> daemons are running. Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used">Section 5.2, “Which Log File is Used”</a> for information about starting these daemons. A number of tools are available for searching for and viewing SELinux denials, such as <code class="command">ausearch</code>, <code class="command">aureport</code>, and <code class="command">sealert</code>.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Searching_For_and_Viewing_Denials-ausearch">ausearch</h5>
- The <span class="package">audit</span> package provides <code class="command">ausearch</code>. From the <span class="citerefentry"><span class="refentrytitle">ausearch</span>(8)</span> manual page: "<code class="command">ausearch</code> is a tool that can query the audit daemon logs based for events based on different search criteria"<sup>[<a id="d0e5841" href="#ftn.d0e5841" class="footnote">16</a>]</sup>. The <code class="command">ausearch</code> tool accesses <code class="filename">/var/log/audit/audit.log</code>, and as such, must be run as the Linux root user:
- <div class="segmentedlist"><table border="0"><thead><tr class="segtitle"><th>Searching For</th><th>Command</th></tr></thead><tbody><tr class="seglistitem"><td class="seg">all denials</td><td class="seg"><code class="command">/sbin/ausearch -m avc</code></td></tr><tr class="seglistitem"><td class="seg">denials for that today</td><td class="seg"><code class="command">/sbin/ausearch -m avc -ts today</code></td></tr><tr class="seglistitem"><td class="seg">denials from the last 10 minutes</td><td class="seg"><code class="command">/sbin/ausearch -m avc -ts recent</code></td></tr></tbody></table></div><p>
- To search for SELinux denials for a particular service, use the <code class="option">-c <em class="replaceable"><code>comm-name</code></em></code> option, where <em class="replaceable"><code>comm-name</code></em> "is the executable’s name"<sup>[<a id="d0e5893" href="#ftn.d0e5893" class="footnote">17</a>]</sup>, for example, <code class="systemitem">httpd</code> for the Apache HTTP Server, and <code class="systemitem">smbd</code> for Samba:
- </p><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.5. Searching For and Viewing Denials</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html" title="7.3.4.2. Denials for Permissive Domains"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject
.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials">7.3.5. Searching For and Viewing Denials</h3></div></div></div><div class="para">
+ This section assumes the <span class="package">setroubleshoot</span>, <span class="package">setroubleshoot-server</span>, and <span class="package">audit</span> packages are installed, and that the <code class="systemitem">auditd</code>, <code class="systemitem">rsyslogd</code>, and <code class="systemitem">setroubleshootd</code> daemons are running. Refer to <a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used">Section 5.2, “Which Log File is Used”</a> for information about starting these daemons. A number of tools are available for searching for and viewing SELinux denials, such as <code class="command">ausearch</code>, <code class="command">aureport</code>, and <code class="command">sealert</code>.
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Searching_For_and_Viewing_Denials-ausearch">ausearch</h5>
+ The <span class="package">audit</span> package provides <code class="command">ausearch</code>. From the <span class="citerefentry"><span class="refentrytitle">ausearch</span>(8)</span> manual page: "<code class="command">ausearch</code> is a tool that can query the audit daemon logs based for events based on different search criteria"<sup>[<a id="d0e5939" href="#ftn.d0e5939">16</a>]</sup>. The <code class="command">ausearch</code> tool accesses <code class="filename">/var/log/audit/audit.log</code>, and as such, must be run as the Linux root user:
+ </div><div class="segmentedlist"><table border="0"><thead><tr class="segtitle"><th>Searching For</th><th>Command</th></tr></thead><tbody><tr class="seglistitem"><td class="seg">all denials</td><td class="seg"><code class="command">/sbin/ausearch -m avc</code></td></tr><tr class="seglistitem"><td class="seg">denials for that today</td><td class="seg"><code class="command">/sbin/ausearch -m avc -ts today</code></td></tr><tr class="seglistitem"><td class="seg">denials from the last 10 minutes</td><td class="seg"><code class="command">/sbin/ausearch -m avc -ts recent</code></td></tr></tbody></table></div><div class="para">
+ To search for SELinux denials for a particular service, use the <code class="option">-c <em class="replaceable"><code>comm-name</code></em></code> option, where <em class="replaceable"><code>comm-name</code></em> "is the executable’s name"<sup>[<a id="d0e5991" href="#ftn.d0e5991">17</a>]</sup>, for example, <code class="systemitem">httpd</code> for the Apache HTTP Server, and <code class="systemitem">smbd</code> for Samba:
+ </div><div class="para">
<code class="command">/sbin/ausearch -m avc -c httpd</code>
- </p><p>
+ </div><div class="para">
<code class="command">/sbin/ausearch -m avc -c smbd</code>
- </p><p>
+ </div><div class="para">
Refer to the <span class="citerefentry"><span class="refentrytitle">ausearch</span>(8)</span> manual page for further <code class="command">ausearch</code> options.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Searching_For_and_Viewing_Denials-aureport">aureport</h5>
- The <span class="package">audit</span> package provides <code class="command">aureport</code>. From the <span class="citerefentry"><span class="refentrytitle">aureport</span>(8)</span> manual page: "<code class="command">aureport</code> is a tool that produces summary reports of the audit system logs"<sup>[<a id="d0e5953" href="#ftn.d0e5953" class="footnote">18</a>]</sup>. The <code class="command">aureport</code> tool accesses <code class="filename">/var/log/audit/audit.log</code>, and as such, must be run as the Linux root user. To view a list of SELinux denials and how often each one occurred, run the <code class="command">aureport -a</code> command. The following is example output that includes two denials:
- <pre class="screen">
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Searching_For_and_Viewing_Denials-aureport">aureport</h5>
+ The <span class="package">audit</span> package provides <code class="command">aureport</code>. From the <span class="citerefentry"><span class="refentrytitle">aureport</span>(8)</span> manual page: "<code class="command">aureport</code> is a tool that produces summary reports of the audit system logs"<sup>[<a id="d0e6051" href="#ftn.d0e6051">18</a>]</sup>. The <code class="command">aureport</code> tool accesses <code class="filename">/var/log/audit/audit.log</code>, and as such, must be run as the Linux root user. To view a list of SELinux denials and how often each one occurred, run the <code class="command">aureport -a</code> command. The following is example output that includes two denials:
+ </div><pre class="screen">
# /sbin/aureport -a
AVC Report
@@ -24,28 +24,28 @@
========================================================
1. 11/01/2008 21:41:39 httpd unconfined_u:system_r:httpd_t:s0 195 file getattr system_u:object_r:samba_share_t:s0 denied 2
2. 11/03/2008 22:00:25 vsftpd unconfined_u:system_r:ftpd_t:s0 5 file read unconfined_u:object_r:cifs_t:s0 denied 4
-</pre><p>
+</pre><div class="para">
Refer to the <span class="citerefentry"><span class="refentrytitle">aureport</span>(8)</span> manual page for further <code class="command">aureport</code> options.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Searching_For_and_Viewing_Denials-sealert">sealert</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Searching_For_and_Viewing_Denials-sealert">sealert</h5>
The <span class="package">setroubleshoot-server</span> package provides <code class="command">sealert</code>, which reads denial messages translated by <span class="package">setroubleshoot-server</span>. Denials are assigned IDs, as seen in <code class="filename">/var/log/messages</code>. The following is an example denial from <code class="filename">messages</code>:
- <pre class="screen">
+ </div><pre class="screen">
setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020
-</pre><p>
+</pre><div class="para">
In this example, the denial ID is <code class="computeroutput">84e0b04d-d0ad-4347-8317-22e74f6cd020</code>. The <code class="option">-l</code> option takes an ID as an argument. Running the <code class="command">sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020</code> command presents a detailed analysis of why SELinux denied access, and a possible solution for allowing access.
- </p><p>
- If you are running the X Window System, have the <span class="package">setroubleshoot</span> and <span class="package">setroubleshoot-server</span> packages installed, and the <code class="systemitem">setroubleshootd</code> daemon running, a yellow star and a warning are displayed when access is denied by SELinux. Clicking on the star launches the <code class="command">sealert</code> GUI, and displays denials in HTML output:
- </p><div class="mediaobject"><img src="./images/sealert_gui.png"/></div><div class="itemizedlist"><ul><li><p>
+ </div><div class="para">
+ If you are running the X Window System, have the <span class="package">setroubleshoot</span> and <span class="package">setroubleshoot-server</span> packages installed, and the <code class="systemitem">setroubleshootd</code> and <code class="systemitem">auditd</code> daemons are running, a yellow star and a warning are displayed when access is denied by SELinux. Clicking on the star launches the <code class="command">sealert</code> GUI, and displays denials in HTML output:
+ </div><div class="mediaobject"><img src="./images/sealert_gui.png"/></div><div class="itemizedlist"><ul><li><div class="para">
Run the <code class="command">sealert -b</code> command to launch the <code class="command">sealert</code> GUI.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">sealert -l \*</code> command to view a detailed analysis of all denials.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">sealert -a /var/log/audit/audit.log -H > audit.html</code> command to create a HTML version of the <code class="command">sealert</code> analysis, as seen with the <code class="command">sealert</code> GUI.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
Refer to the <span class="citerefentry"><span class="refentrytitle">sealert</span>(8)</span> manual page for further <code class="command">sealert</code> options.
- </p><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e5841" href="#d0e5841" class="para">16</a>] </sup>
+ </div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e5939" href="#d0e5939">16</a>] </sup>
From the <span class="citerefentry"><span class="refentrytitle">ausearch</span>(8)</span> manual page, as shipped with the <span class="package">audit</span> package in Fedora 10.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e5893" href="#d0e5893" class="para">17</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e5991" href="#d0e5991">17</a>] </sup>
From the <span class="citerefentry"><span class="refentrytitle">ausearch</span>(8)</span> manual page, as shipped with the <span class="package">audit</span> package in Fedora 10.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e5953" href="#d0e5953" class="para">18</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e6051" href="#d0e6051">18</a>] </sup>
From the <span class="citerefentry"><span class="refentrytitle">aureport</span>(8)</span> manual page, as shipped with the <span class="package">audit</span> package in Fedora 10.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html"><strong>Prev</strong>7.3.4.2. Denials for Permissive Domains</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html"><strong>Next</strong>7.3.6. Raw Audit Messages</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.7. sealert Messages</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html" title="7.3.8. Allowing Access: audit2allow"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.7. sealert Messages</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_M
essages.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages">7.3.7. sealert Messages</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.7. sealert Messages</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html" title="7.3.8. Allowing Access: audit2allow"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Cont
ent/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-sealert_Messages">7.3.7. sealert Messages</h3></div></div></div><div class="para">
Denials are assigned IDs, as seen in <code class="filename">/var/log/messages</code>. The following is an example AVC denial (logged to <code class="filename">messages</code>) that occurred when the Apache HTTP Server (running in the <code class="computeroutput">httpd_t</code> domain) attempted to access the <code class="filename">/var/www/html/file1</code> file (labeled with the <code class="computeroutput">samba_share_t</code> type):
- </p><pre class="screen">
+ </div><pre class="screen">
<em class="replaceable"><code>hostname</code></em> setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020
-</pre><p>
+</pre><div class="para">
As suggested, run the <code class="command">sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020</code> command to view the complete message. This command only works on the local machine, and presents the same information as the <code class="command">sealert</code> GUI:
- </p><pre class="screen">
+ </div><pre class="screen">
$ sealert -l 84e0b04d-d0ad-4347-8317-22e74f6cd020
Summary:
@@ -49,8 +49,8 @@
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name public_content
-Host Name rawhide
-Platform Linux rawhide 2.6.27.4-68.fc10.i686 #1 SMP Thu Oct
+Host Name <em class="replaceable"><code>hostname</code></em>
+Platform <em class="replaceable"><code>Linux hostname 2.6.27.4-68.fc10.i686 #1 SMP Thu Oct</code></em>
30 00:49:42 EDT 2008 i686 i686
Alert Count 4
First Seen Wed Nov 5 18:53:05 2008
@@ -63,16 +63,16 @@
node=<em class="replaceable"><code>hostname</code></em> type=AVC msg=audit(1225812178.788:101): avc: denied { getattr } for pid=2441 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=284916 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file
node=<em class="replaceable"><code>hostname</code></em> type=SYSCALL msg=audit(1225812178.788:101): arch=40000003 syscall=196 success=no exit=-13 a0=b8e97188 a1=bf87aaac a2=54dff4 a3=2008171 items=0 ppid=2439 pid=2441 auid=502 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=3 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
-</pre><div class="variablelist"><dl><dt><span class="term">Summary</span></dt><dd><p>
+</pre><div class="variablelist"><dl><dt><span class="term">Summary</span></dt><dd><div class="para">
A brief summary of the denied action. This is the same as the denial in <code class="filename">/var/log/messages</code>. In this example, the <code class="systemitem">httpd</code> process was denied access to a file (<code class="filename">file1</code>), which is labeled with the <code class="computeroutput">samba_share_t</code> type.
- </p></dd><dt><span class="term">Detailed Description</span></dt><dd><p>
- A more verbose description. In this example, <code class="filename">file1</code> is labeled with the <code class="computeroutput">samba_share_t</code>. This type is used for files and directories that you want to export via Samba. The description suggests changing the type to a type that can be accessed by the Apache HTTP Server and Samba, if such access is desired.
- </p></dd><dt><span class="term">Allowing Access</span></dt><dd><p>
- A suggestion for how to allow access. This may be relabeling files, turning a Boolean on, or making a local policy module. In this case, the suggestion is to label the file with a type accessable to both the Apache HTTP Server and Samba.
- </p></dd><dt><span class="term">Fix Command</span></dt><dd><p>
- A suggested command to allow access and resolve the denial. In this example, it gives the command to change the <code class="filename">file1</code> type to <code class="computeroutput">public_content_t</code>, which is accessable to the Apache HTTP Server and Samba.
- </p></dd><dt><span class="term">Additional Information</span></dt><dd><p>
+ </div></dd><dt><span class="term">Detailed Description</span></dt><dd><div class="para">
+ A more verbose description. In this example, <code class="filename">file1</code> is labeled with the <code class="computeroutput">samba_share_t</code> type. This type is used for files and directories that you want to export via Samba. The description suggests changing the type to a type that can be accessed by the Apache HTTP Server and Samba, if such access is desired.
+ </div></dd><dt><span class="term">Allowing Access</span></dt><dd><div class="para">
+ A suggestion for how to allow access. This may be relabeling files, turning a Boolean on, or making a local policy module. In this case, the suggestion is to label the file with a type accessible to both the Apache HTTP Server and Samba.
+ </div></dd><dt><span class="term">Fix Command</span></dt><dd><div class="para">
+ A suggested command to allow access and resolve the denial. In this example, it gives the command to change the <code class="filename">file1</code> type to <code class="computeroutput">public_content_t</code>, which is accessible to the Apache HTTP Server and Samba.
+ </div></dd><dt><span class="term">Additional Information</span></dt><dd><div class="para">
Information that is useful in bug reports, such as the policy package name and version (<code class="computeroutput">selinux-policy-3.5.13-11.fc10</code>), but may not help towards solving why the denial occurred.
- </p></dd><dt><span class="term">Raw Audit Messages</span></dt><dd><p>
- The raw audit messages from <code class="filename">/var/log/audit/audit.log</code> that are associated with the denial. Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages">Section 7.3.6, “Raw Audit Messages”</a> for information about each item in the AVC denial.
- </p></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html"><strong>Prev</strong>7.3.6. Raw Audit Messages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Next</strong>7.3.8. Allowing Access: audit2allow</a></li></ul></body></html>
\ No newline at end of file
+ </div></dd><dt><span class="term">Raw Audit Messages</span></dt><dd><div class="para">
+ The raw audit messages from <code class="filename">/var/log/audit/audit.log</code> that are associated with the denial. Refer to <a href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html" title="7.3.6. Raw Audit Messages">Section 7.3.6, “Raw Audit Messages”</a> for information about each item in the AVC denial.
+ </div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Raw_Audit_Messages.html"><strong>Prev</strong>7.3.6. Raw Audit Messages</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html"><strong>Next</strong>7.3.8. Allowing Access: audit2allow</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Introduction-Examples.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Introduction-Examples.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Introduction-Examples.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Introduction-Examples.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,28 +1,28 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2. Examples</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/><link rel="prev" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/><link rel="next" href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html" title="2.3. SELinux Architecture"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>2.2. Examples</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Introduction.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-En
hanced_Linux-Introduction-SELinux_Architecture.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Introduction-Examples">2.2. Examples</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2. Examples</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/><link rel="prev" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/><link rel="next" href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html" title="2.3. SELinux Architecture"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul cl
ass="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Introduction.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Introduction-Examples">2.2. Examples</h2></div></div></div><div class="para">
The following examples demonstrate how SELinux increases security:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
the default action is deny. If an SELinux policy rule does not exist to allow access, such as for a process opening a file, access is denied.
- </p></li><li><p>
+ </div></li><li><div class="para">
SELinux can confine Linux users. A number of confined SELinux users exist. Linux users can be mapped to SELinux users to take advantage of confined SELinux users. For example, mapping a Linux user to the SELinux user_u user, results in a Linux user that is not able to run (unless configured otherwise) set user ID (setuid) applications, such as <code class="command">sudo</code> and <code class="command">su</code>, as well as preventing them from executing files and applications in their home directory- if configured, this prevents users from executing malicious files from their home directories.
- </p></li><li><p>
+ </div></li><li><div class="para">
process separation. Processes run in their own domains, preventing processes from accessing files used by other processes, as well as processes accessing other processes. For example, when running SELinux, unless otherwise configured, an attacker can not compromise a Samba server, and then use that Samba server to read and write to files used by other processes, such as databases used by <span class="trademark">MySQL</span>®.
- </p></li><li><p>
- help limit the damage done by configuration mistakes. <a href="http://en.wikipedia.org/wiki/Domain_Name_System">Domain Name System (DNS)</a> servers can replicate information between each other. This is known as a zone transfer. Attackers can use zone transfers to update DNS servers with false information. When running the <a href="https://www.isc.org/software/bind">Berkeley Internet Name Domain (BIND)</a> DNS server in Fedora 10, even if an administrator forgets to limit which servers can perform a zone transfer, the default SELinux policy prevents zone files <sup>[<a id="d0e609" href="#ftn.d0e609" class="footnote">3</a>]</sup> from being updated by zone transfers, the BIND <code class="systemitem">named</code> daemon, and other processes.
- </p></li><li><p>
- refer to the <a href="http://www.redhatmagazine.com/"><span class="trademark">Red Hat</span>® Magazine</a> article, <a href="http://www.redhatmagazine.com/2008/02/26/risk-report-three-years-of-red-h...">Risk report: Three years of Red Hat Enterprise Linux 4</a><sup>[<a id="d0e626" href="#ftn.d0e626" class="footnote">4</a>]</sup>, for exploits that were restricted due to the default SELinux targeted policy in <span class="trademark">Red Hat</span>® Enterprise <span class="trademark">Linux</span>® 4.
- </p></li><li><p>
- refer to the <a href="http://www.linuxworld.com">LinuxWorld.com</a> article, <a href="http://www.linuxworld.com/news/2008/022408-selinux.html?page=1">A seatbelt for server software: SELinux blocks real-world exploits</a><sup>[<a id="d0e646" href="#ftn.d0e646" class="footnote">5</a>]</sup>, for background information about SELinux, and information about various exploits that SELinux has prevented.
- </p></li><li><p>
+ </div></li><li><div class="para">
+ help limit the damage done by configuration mistakes. <a href="http://en.wikipedia.org/wiki/Domain_Name_System">Domain Name System (DNS)</a> servers can replicate information between each other. This is known as a zone transfer. Attackers can use zone transfers to update DNS servers with false information. When running the <a href="https://www.isc.org/software/bind">Berkeley Internet Name Domain (BIND)</a> DNS server in Fedora 10, even if an administrator forgets to limit which servers can perform a zone transfer, the default SELinux policy prevents zone files <sup>[<a id="d0e609" href="#ftn.d0e609">3</a>]</sup> from being updated by zone transfers, the BIND <code class="systemitem">named</code> daemon, and other processes.
+ </div></li><li><div class="para">
+ refer to the <a href="http://www.redhatmagazine.com/"><span class="trademark">Red Hat</span>® Magazine</a> article, <a href="http://www.redhatmagazine.com/2008/02/26/risk-report-three-years-of-red-h...">Risk report: Three years of Red Hat Enterprise Linux 4</a><sup>[<a id="d0e626" href="#ftn.d0e626">4</a>]</sup>, for exploits that were restricted due to the default SELinux targeted policy in <span class="trademark">Red Hat</span>® Enterprise <span class="trademark">Linux</span>® 4.
+ </div></li><li><div class="para">
+ refer to the <a href="http://www.linuxworld.com">LinuxWorld.com</a> article, <a href="http://www.linuxworld.com/news/2008/022408-selinux.html?page=1">A seatbelt for server software: SELinux blocks real-world exploits</a><sup>[<a id="d0e646" href="#ftn.d0e646">5</a>]</sup>, for background information about SELinux, and information about various exploits that SELinux has prevented.
+ </div></li><li><div class="para">
refer to James Morris's <a href="http://james-morris.livejournal.com/25421.html">SELinux mitigates remote root vulnerability in OpenPegasus</a> blog post, for information about an exploit in <a href="http://www.openpegasus.org/">OpenPegasus</a> that was mitigated by SELinux as shipped with Red Hat Enterprise Linux 4 and 5.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
The <a href="http://www.tresys.com/">Tresys Technology</a> website has an <a href="http://www.tresys.com/innovation.php">SELinux Mitigation News</a> section (on the right-hand side), that lists recent exploits that have been mitigated or prevented by SELinux.
- </p><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e609" href="#d0e609" class="para">3</a>] </sup>
+ </div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e609" href="#d0e609">3</a>] </sup>
Text files that include information, such as hostname to IP address mappings, that are used by DNS servers.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e626" href="#d0e626" class="para">4</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e626" href="#d0e626">4</a>] </sup>
Cox, Mark. "Risk report: Three years of Red Hat Enterprise Linux 4". Published 26 February 2008. Accessed 28 August 2008: <a href="http://www.redhatmagazine.com/2008/02/26/risk-report-three-years-of-red-h...">http://www.redhatmagazine.com/2008/02/26/risk-report-three-years-of-red-h...</a>.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e646" href="#d0e646" class="para">5</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.d0e646" href="#d0e646">5</a>] </sup>
Marti, Don. "A seatbelt for server software: SELinux blocks real-world exploits". Published 24 February 2008. Accessed 28 August 2008: <a href="http://www.linuxworld.com/news/2008/022408-selinux.html?page=1">http://www.linuxworld.com/news/2008/022408-selinux.html?page=1</a>.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Introduction.html"><strong>Prev</strong>Chapter 2. Introduction</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html"><strong>Next</strong>2.3. SELinux Architecture</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3. SELinux Architecture</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/><link rel="prev" href="sect-Security-Enhanced_Linux-Introduction-Examples.html" title="2.2. Examples"/><link rel="next" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating_Systems.html" title="2.4. SELinux on Other Operating Systems"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>2.3. SELinux Architecture</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-Examples.html"><strong>Prev</strong></a></
li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating_Systems.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture">2.3. SELinux Architecture</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.3. SELinux Architecture</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction"/><link rel="prev" href="sect-Security-Enhanced_Linux-Introduction-Examples.html" title="2.2. Examples"/><link rel="next" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html" title="2.4. SELinux on Other Operating Systems"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" al
t="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-Examples.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Introduction-SELinux_Architecture">2.3. SELinux Architecture</h2></div></div></div><div class="para">
SELinux is a Linux security module that is built into the Linux kernel. SELinux is driven by loadable policy rules. When security-relevant access is taking place, such as when a process attempts to open a file, the operation is intercepted in the kernel by SELinux. If an SELinux policy rule allows the operation, it continues, otherwise, the operation is blocked and the process receives an error.
- </p><p>
+ </div><div class="para">
SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). Caching decisions decreases how often SELinux policy rules need to be checked, which increases performance. SELinux policy rules have no affect if DAC rules deny access first.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-Examples.html"><strong>Prev</strong>2.2. Examples</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_other_Operating_Systems.html"><strong>Next</strong>2.4. SELinux on Other Operating Systems</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Introduction-Examples.html"><strong>Prev</strong>2.2. Examples</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Introduction-SELinux_on_Other_Operating_Systems.html"><strong>Next</strong>2.4. SELinux on Other Operating Systems</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,44 +1,44 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.5. Archiving Files with star</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html" title="5.10.4. Archiving Files with tar"/><link rel="next" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.10.5. Archiving Files with star</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enha
nced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Confining_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star">5.10.5. Archiving Files with star</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.5. Archiving Files with star</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html" title="5.10.4. Archiving Files with tar"/><link rel="next" href="chap-Security-Enhanced_Linux-Confining_Users.html" title="Chapter 6. Confining Users"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraprojec
t.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Confining_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star">5.10.5. Archiving Files with star</h3></div></div></div><div class="para">
<code class="command">star</code> does not retain extended attributes by default. Since SELinux contexts are stored in extended attributes, contexts can be lost when archiving files. Use <code class="command">star -xattr -H=exustar</code> to create archives that retain contexts. The <span class="package">star</span> package is not installed by default. To install <code class="command">star</code>, run the <code class="command">yum install star</code> command as the Linux root user.
- </p><p>
+ </div><div class="para">
The following example demonstrates creating a Star archive that retains SELinux contexts:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">touch /var/www/html/file{1,2,3}</code> command to create three files (<code class="filename">file1</code>, <code class="filename">file2</code>, and <code class="filename">file3</code>). These files inherit the <code class="computeroutput">httpd_sys_content_t</code> type from the <code class="filename">/var/www/html/</code> directory:
- </p><pre class="screen">
+ </div><pre class="screen">
# touch /var/www/html/file{1,2,3}
# ls -Z /var/www/html/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
-</pre></li><li><p>
+</pre></li><li><div class="para">
Run the <code class="command">cd /var/www/html/</code> command to change into the <code class="filename">/var/www/html/</code> directory. Once in this directory, as the Linux root user, run the <code class="command">star -xattr -H=exustar -c -f=test.star file{1,2,3}</code> command to create a Star archive named <code class="filename">test.star</code>:
- </p><pre class="screen">
+ </div><pre class="screen">
# star -xattr -H=exustar -c -f=test.star file{1,2,3}
star: 1 blocks + 0 bytes (total of 10240 bytes = 10.00k).
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">mkdir /test</code> command to create a new directory, and then, run the <code class="command">chmod 777 /test/</code> command to allow all users full-access to the <code class="filename">/test/</code> directory.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">cp /var/www/html/test.star /test/</code> command to copy the <code class="filename">test.star</code> file in to the <code class="filename">/test/</code> directory.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">cd /test/</code> command to change into the <code class="filename">/test/</code> directory. Once in this directory, run the <code class="command">star -x -f=test.star</code> command to extract the Star archive:
- </p><pre class="screen">
+ </div><pre class="screen">
$ star -x -f=test.star
star: 1 blocks + 0 bytes (total of 10240 bytes = 10.00k).
-</pre></li><li><p>
+</pre></li><li><div class="para">
Run the <code class="command">ls -lZ /test/</code> command to view the SELinux contexts. The <code class="computeroutput">httpd_sys_content_t</code> type has been retained, rather than being changed to <code class="computeroutput">default_t</code>, which would have happened had the <code class="option">--selinux</code> not been used:
- </p><pre class="screen">
+ </div><pre class="screen">
$ ls -lZ /test/
-rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3
-rw-r--r-- user1 group1 unconfined_u:object_r:default_t:s0 test.star
-</pre></li><li><p>
+</pre></li><li><div class="para">
If the <code class="filename">/test/</code> directory is no longer required, as the Linux root user, run the <code class="command"> rm -ri /test/</code> command to remove it, as well as all files in it.
- </p></li><li><p>
+ </div></li><li><div class="para">
If <code class="command">star</code> is no longer required, as the Linux root user, run the <code class="command">yum remove star</code> command to remove the package.
- </p></li></ol></div><p>
+ </div></li></ol></div><div class="para">
Refer to the <span class="citerefentry"><span class="refentrytitle">star</span>(1)</span> manual page for further information about <code class="command">star</code>.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html"><strong>Prev</strong>5.10.4. Archiving Files with tar</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Confining_Users.html"><strong>Next</strong>Chapter 6. Confining Users</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html"><strong>Prev</strong>5.10.4. Archiving Files with tar</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Confining_Users.html"><strong>Next</strong>Chapter 6. Confining Users</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html 24 Nov 2008 22:43:11 -0000 1.1
+++ sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,40 +1,40 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.4. Archiving Files with tar</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html" title="5.10.3. Checking the Default SELinux Context"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html" title="5.10.5. Archiving Files with star"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.10.4. Archiving Files with tar</strong></a></p><ul class="docn
av"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar">5.10.4. Archiving Files with tar</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.4. Archiving Files with tar</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html" title="5.10.3. Checking the Default SELinux Context"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html" title="5.10.5. Archiving Files with star"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt=
"Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar">5.10.4. Archiving Files with tar</h3></div></div></div><div class="para">
<code class="command">tar</code> does not retain extended attributes by default. Since SELinux contexts are stored in extended attributes, contexts can be lost when archiving files. Use <code class="command">tar --selinux</code> to create archives that retain contexts. If a Tar archive contains files without extended attributes, or if you want the extended attributes to match the system defaults, run the archive through <code class="command">/sbin/restorecon</code>:
- </p><pre class="screen">
+ </div><pre class="screen">
$ tar -xf <em class="replaceable"><code>archive.tar</code></em> | /sbin/restorecon -f -
-</pre><p>
+</pre><div class="para">
Note: depending on the directory, you may need to be the Linux root user to run the <code class="command">/sbin/restorecon</code> command.
- </p><p>
+ </div><div class="para">
The following example demonstrates creating a Tar archive that retains SELinux contexts:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">touch /var/www/html/file{1,2,3}</code> command to create three files (<code class="filename">file1</code>, <code class="filename">file2</code>, and <code class="filename">file3</code>). These files inherit the <code class="computeroutput">httpd_sys_content_t</code> type from the <code class="filename">/var/www/html/</code> directory:
- </p><pre class="screen">
+ </div><pre class="screen">
# touch /var/www/html/file{1,2,3}
# ls -Z /var/www/html/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
-</pre></li><li><p>
+</pre></li><li><div class="para">
Run the <code class="command">cd /var/www/html/</code> command to change into the <code class="filename">/var/www/html/</code> directory. Once in this directory, as the Linux root user, run the <code class="command">tar --selinux -cf test.tar file{1,2,3}</code> command to create a Tar archive named <code class="filename">test.tar</code>.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">mkdir /test</code> command to create a new directory, and then, run the <code class="command">chmod 777 /test/</code> command to allow all users full-access to the <code class="filename">/test/</code> directory.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">cp /var/www/html/test.tar /test/</code> command to copy the <code class="filename">test.tar</code> file in to the <code class="filename">/test/</code> directory.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">cd /test/</code> command to change into the <code class="filename">/test/</code> directory. Once in this directory, run the <code class="command">tar -xf test.tar</code> command to extract the Tar archive.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">ls -lZ /test/</code> command to view the SELinux contexts. The <code class="computeroutput">httpd_sys_content_t</code> type has been retained, rather than being changed to <code class="computeroutput">default_t</code>, which would have happened had the <code class="option">--selinux</code> not been used:
- </p><pre class="screen">
+ </div><pre class="screen">
$ ls -lZ /test/
-rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r-- user1 group1 unconfined_u:object_r:httpd_sys_content_t:s0 file3
-rw-r--r-- user1 group1 unconfined_u:object_r:default_t:s0 test.tar
-</pre></li><li><p>
+</pre></li><li><div class="para">
If the <code class="filename">/test/</code> directory is no longer required, as the Linux root user, run the <code class="command"> rm -ri /test/</code> command to remove it, as well as all files in it.
- </p></li></ol></div><p>
+ </div></li></ol></div><div class="para">
Refer to the <span class="citerefentry"><span class="refentrytitle">tar</span>(1)</span> manual page for further information about <code class="command">tar</code>, such as the <code class="option">--xattrs</code> option that retains all extended attributes.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Prev</strong>5.10.3. Checking the Default SELinux Context</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html"><strong>Next</strong>5.10.5. Archiving Files with star</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Prev</strong>5.10.3. Checking the Default SELinux Context</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_star.html"><strong>Next</strong>5.10.5. Archiving Files with star</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,30 +1,30 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.3. Checking the Default SELinux Context</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html" title="5.10.2. Moving Files and Directories"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html" title="5.10.4. Archiving Files with tar"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.10.3. Checking the Default SELinux Context</strong></a></p><ul class
="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context">5.10.3. Checking the Default SELinux Context</h3></div></div></div><p>
- Use the <code class="command">/usr/sbin/matchpathcon</code> command to check if files and directories have the correct SELinux context. From the <span class="citerefentry"><span class="refentrytitle">matchpathcon</span>(8)</span> manual page: "<code class="command">matchpathcon</code> queries the system policy and outputs the default security context associated with the file path."<sup>[<a id="d0e4322" href="#ftn.d0e4322" class="footnote">13</a>]</sup>. The following example demonstrates using the <code class="command">/usr/sbin/matchpathcon</code> command to verify that files in <code class="filename">/var/www/html/</code> directory are labeled correctly:
- </p><div class="orderedlist"><ol><li><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.3. Checking the Default SELinux Context</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html" title="5.10.2. Moving Files and Directories"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html" title="5.10.4. Archiving Files with tar"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Produ
ct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context">5.10.3. Checking the Default SELinux Context</h3></div></div></div><div class="para">
+ Use the <code class="command">/usr/sbin/matchpathcon</code> command to check if files and directories have the correct SELinux context. From the <span class="citerefentry"><span class="refentrytitle">matchpathcon</span>(8)</span> manual page: "<code class="command">matchpathcon</code> queries the system policy and outputs the default security context associated with the file path."<sup>[<a id="d0e4331" href="#ftn.d0e4331">13</a>]</sup>. The following example demonstrates using the <code class="command">/usr/sbin/matchpathcon</code> command to verify that files in <code class="filename">/var/www/html/</code> directory are labeled correctly:
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">touch /var/www/html/file{1,2,3}</code> command to create three files (<code class="filename">file1</code>, <code class="filename">file2</code>, and <code class="filename">file3</code>). These files inherit the <code class="computeroutput">httpd_sys_content_t</code> type from the <code class="filename">/var/www/html/</code> directory:
- </p><pre class="screen"># touch /var/www/html/file{1,2,3}
+ </div><pre class="screen"># touch /var/www/html/file{1,2,3}
# ls -Z /var/www/html/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">chcon -t samba_share_t /var/www/html/file1</code> command to change the <code class="filename">file1</code> type to <code class="computeroutput">samba_share_t</code>. Note: the Apache HTTP Server can not read files or directories labeled with the <code class="computeroutput">samba_share_t</code> type.
- </p></li><li><p>
+ </div></li><li><div class="para">
The <code class="command">/usr/sbin/matchpathcon</code> <code class="option">-V</code> option compares the current SELinux context to the correct, default context in SELinux policy. Run the <code class="command">/usr/sbin/matchpathcon -V /var/www/html/*</code> command to check all files in the <code class="filename">/var/www/html/</code> directory:
- </p><pre class="screen">$ /usr/sbin/matchpathcon -V /var/www/html/*
+ </div><pre class="screen">$ /usr/sbin/matchpathcon -V /var/www/html/*
/var/www/html/file1 has context unconfined_u:object_r:samba_share_t:s0, should be system_u:object_r:httpd_sys_content_t:s0
/var/www/html/file2 verified.
/var/www/html/file3 verified.
-</pre></li></ol></div><p>
+</pre></li></ol></div><div class="para">
The following output from the <code class="command">/usr/sbin/matchpathcon</code> command explains that <code class="filename">file1</code> is labeled with the <code class="computeroutput">samba_share_t</code> type, but should be labeled with the <code class="computeroutput">httpd_sys_content_t</code> type:
- </p><pre class="screen">/var/www/html/file1 has context unconfined_u:object_r:samba_share_t:s0, should be system_u:object_r:httpd_sys_content_t:s0
-</pre><p>
+ </div><pre class="screen">/var/www/html/file1 has context unconfined_u:object_r:samba_share_t:s0, should be system_u:object_r:httpd_sys_content_t:s0
+</pre><div class="para">
To resolve the label problem and allow the Apache HTTP Server access to <code class="filename">file1</code>, as the Linux root user, run the <code class="command">/sbin/restorecon -v /var/www/html/file1</code> command:
- </p><pre class="screen"># /sbin/restorecon -v /var/www/html/file1
+ </div><pre class="screen"># /sbin/restorecon -v /var/www/html/file1
restorecon reset /var/www/html/file1 context unconfined_u:object_r:samba_share_t:s0->system_u:object_r:httpd_sys_content_t:s0
-</pre><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e4322" href="#d0e4322" class="para">13</a>] </sup>
+</pre><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e4331" href="#d0e4331">13</a>] </sup>
The <span class="citerefentry"><span class="refentrytitle">matchpathcon</span>(8)</span> manual page, as shipped with the <span class="package">libselinux-utils</span> package in Fedora, is written by Daniel Walsh. Any edits or changes in this version were done by Murray McAllister.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html"><strong>Prev</strong>5.10.2. Moving Files and Directories</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Archiving_Files_with_tar.html"><strong>Next</strong>5.10.4. Archiving Files with tar</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,25 +1,25 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.2. Moving Files and Directories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html" title="5.10.3. Checking the Default SELinux Context"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.10.2. Moving Files and Directories</strong></a></p><ul class="do
cnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories">5.10.2. Moving Files and Directories</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10.2. Moving Files and Directories</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html" title="5.10.3. Checking the Default SELinux Context"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="P
roduct Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories">5.10.2. Moving Files and Directories</h3></div></div></div><div class="para">
File and directories keep their current SELinux context when they are moved. In many cases, this is incorrect for the location they are being moved to. The following example demonstrates moving a file from a user's home directory to <code class="filename">/var/www/html/</code>, which is used by the Apache HTTP Server. Since the file is moved, it does not inherit the correct SELinux context:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
Run the <code class="command">cd</code> command without any arguments to change into your home directory. Once in your home directory, run the <code class="command">touch file1</code> command to create a file. This file is labeled with the <code class="computeroutput">user_home_t</code> type:
- </p><pre class="screen">$ ls -Z file1
+ </div><pre class="screen">$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-</pre></li><li><p>
+</pre></li><li><div class="para">
Run the <code class="command">ls -dZ /var/www/html/</code> command to view the SELinux context of the <code class="filename">/var/www/html/</code> directory:
- </p><pre class="screen">$ ls -dZ /var/www/html/
+ </div><pre class="screen">$ ls -dZ /var/www/html/
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t:s0 /var/www/html/
-</pre><p>
+</pre><div class="para">
By default, the <code class="filename">/var/www/html/</code> directory is labeled with the <code class="computeroutput">httpd_sys_content_t</code> type. Files and directories created under the <code class="filename">/var/www/html/</code> directory inherit this type, and as such, they are labeled with this type.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">mv file1 /var/www/html/</code> command to move <code class="filename">file1</code> to the <code class="filename">/var/www/html/</code> directory. Since this file is moved, it keeps its current <code class="computeroutput">user_home_t</code> type:
- </p><pre class="screen"># mv file1 /var/www/html/
+ </div><pre class="screen"># mv file1 /var/www/html/
# ls -Z /var/www/html/file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 /var/www/html/file1
-</pre></li></ol></div><p>
+</pre></li></ol></div><div class="para">
By default, the Apache HTTP Server can not read files that are labeled with the <code class="computeroutput">user_home_t</code> type. If all files comprising a web page are labeled with the <code class="computeroutput">user_home_t</code> type, or another type that the Apache HTTP Server can not read, permission is denied when attempting to access them via Firefox or text-based Web browsers.
- </p><div class="important"><h2>Important</h2><p>
+ </div><div class="important"><h2>Important</h2><div class="para">
Moving files and directories with the <code class="command">mv</code> command may result in the wrong SELinux context, preventing processes, such as the Apache HTTP Server and Samba, from accessing such files and directories.
- </p></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Prev</strong>5.10. Maintaining SELinux Labels </a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Next</strong>5.10.3. Checking the Default SELinux Context</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Prev</strong>5.10. Maintaining SELinux Labels </a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html"><strong>Next</strong>5.10.3. Checking the Default SELinux Context</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.2. Changing the Default Context</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html" title="5.9.3. Mounting an NFS File System"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.9.2. Changing the Default Context</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
ect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context">5.9.2. Changing the Default Context</h3></div></div></div><p>
- As mentioned in <a class="xref" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html" title="5.8. The file_t and default_t Types">Section 5.8, “The file_t and default_t Types”</a>, on file systems that support extended attributes, when a file that lacks an SELinux context on disk is accessed, it is treated as if it had a default context as defined by SELinux policy. In common policies, this default context uses the <code class="computeroutput">file_t</code> type. If it is desirable to use a different default context, mount the file system with the <code class="option">defcontext</code> option.
- </p><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.2. Changing the Default Context</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html" title="5.9.3. Mounting an NFS File System"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://do
cs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context">5.9.2. Changing the Default Context</h3></div></div></div><div class="para">
+ As mentioned in <a href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html" title="5.8. The file_t and default_t Types">Section 5.8, “The file_t and default_t Types”</a>, on file systems that support extended attributes, when a file that lacks an SELinux context on disk is accessed, it is treated as if it had a default context as defined by SELinux policy. In common policies, this default context uses the <code class="computeroutput">file_t</code> type. If it is desirable to use a different default context, mount the file system with the <code class="option">defcontext</code> option.
+ </div><div class="para">
The following example mounts a newly-created file system (on <code class="filename">/dev/sda2</code>) to the newly-created <code class="filename">/test/</code> directory. It assumes that there are no rules in <code class="filename">/etc/selinux/targeted/contexts/files/</code> that define a context for the <code class="filename">/test/</code> directory:
- </p><pre class="screen">
+ </div><pre class="screen">
# mount /dev/sda2 /test/ -o defcontext="system_u:object_r:samba_share_t:s0"
-</pre><p>
+</pre><div class="para">
In this example:
- </p><div class="itemizedlist"><ul><li><p>
- the <code class="option">defcontext</code> option defines that <code class="computeroutput">system_u:object_r:samba_share_t:s0</code> is "the default security context for unlabeled files"<sup>[<a id="d0e3871" href="#ftn.d0e3871" class="footnote">12</a>]</sup>.
- </p></li><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
+ the <code class="option">defcontext</code> option defines that <code class="computeroutput">system_u:object_r:samba_share_t:s0</code> is "the default security context for unlabeled files"<sup>[<a id="d0e3880" href="#ftn.d0e3880">12</a>]</sup>.
+ </div></li><li><div class="para">
when mounted, the root directory (<code class="filename">/test/</code>) of the file system is treated as if it is labeled with the context specified by <code class="option">defcontext</code> (this label is not stored on disk). This affects the labeling for files created under <code class="filename">/test/</code>: new files inherit the <code class="computeroutput">samba_share_t</code> type, and these labels are stored on disk.
- </p></li><li><p>
+ </div></li><li><div class="para">
files created under <code class="filename">/test/</code> while the file system was mounted with a <code class="option">defcontext</code> option retain their labels.
- </p></li></ul></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e3871" href="#d0e3871" class="para">12</a>] </sup>
+ </div></li></ul></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e3880" href="#d0e3880">12</a>] </sup>
Morris, James. "Filesystem Labeling in SELinux". Published 1 October 2004. Accessed 14 October 2008: <a href="http://www.linuxjournal.com/article/7426">http://www.linuxjournal.com/article/7426</a>.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html"><strong>Prev</strong>5.9. Mounting File Systems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html"><strong>Next</strong>5.9.3. Mounting an NFS File System</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.5. Making Context Mounts Persistent</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html" title="5.9.4. Multiple NFS Mounts"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.9.5. Making Context Mounts Persistent</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent">5.9.5. Making Context Mounts Persistent</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.5. Making Context Mounts Persistent</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html" title="5.9.4. Multiple NFS Mounts"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html" title="5.10. Maintaining SELinux Labels"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://do
cs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent">5.9.5. Making Context Mounts Persistent</h3></div></div></div><div class="para">
To make context mounts persistent across remounting and reboots, add entries for the file systems in <code class="filename">/etc/fstab</code> or an automounter map, and use the desired context as a mount option. The following example adds an entry to <code class="filename">/etc/fstab</code> for an NFS context mount:
- </p><pre class="screen">
+ </div><pre class="screen">
server:/export /local/mount/ nfs context="system_u:object_r:httpd_sys_content_t:s0" 0 0
-</pre><p>
+</pre><div class="para">
Refer to the <a href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deploy...">Red Hat Enterprise Linux 5 Deployment Guide, Section 19.2. "NFS Client Configuration"</a> for information about mounting NFS file systems.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Prev</strong>5.9.4. Multiple NFS Mounts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Next</strong>5.10. Maintaining SELinux Labels </a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Prev</strong>5.9.4. Multiple NFS Mounts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html"><strong>Next</strong>5.10. Maintaining SELinux Labels </a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.3. Mounting an NFS File System</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html" title="5.9.2. Changing the Default Context"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html" title="5.9.4. Multiple NFS Mounts"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.9.3. Mounting an NFS File System</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="se
ct-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System">5.9.3. Mounting an NFS File System</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.3. Mounting an NFS File System</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html" title="5.9.2. Changing the Default Context"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html" title="5.9.4. Multiple NFS Mounts"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://do
cs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System">5.9.3. Mounting an NFS File System</h3></div></div></div><div class="para">
By default, NFS mounts on the client side are labeled with a default context defined by policy for NFS file systems. In common policies, this default context uses the <code class="computeroutput">nfs_t</code> type. Depending on policy configuration, services, such as Apache HTTP Server and MySQL, may not be able to read files labeled with the <code class="computeroutput">nfs_t</code> type. This may prevent file systems labeled with this type from being mounted and then read or exported by other services.
- </p><p>
+ </div><div class="para">
If you would like to mount an NFS file system and read or export that file system with another service, use the <code class="option">context</code> option when mounting to override the <code class="computeroutput">nfs_t</code> type. Use the following context option to mount NFS file systems so that they can be shared via the Apache HTTP Server:
- </p><pre class="screen">mount server:/export /local/mount/point -o\
+ </div><pre class="screen">mount server:/export /local/mount/point -o\
context="system_u:object_r:httpd_sys_content_t:s0"
-</pre><p>
+</pre><div class="para">
Since context changes are not written to disk for these situations, the context specified with the <code class="option">context</code> option is only retained if the <code class="option">context</code> option is used on the next mount, and if the same context is specified.
- </p><p>
- As an alternative to mounting file systems with <code class="option">context</code> options, Booleans can be turned on to allow services access to file systems labeled with the <code class="computeroutput">nfs_t</code> type. Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html" title="5.6.3. Examples: Booleans for NFS and CIFS">Section 5.6.3, “Examples: Booleans for NFS and CIFS”</a> for instructions on configuring Booleans to allow services access to the <code class="computeroutput">nfs_t</code> type.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Prev</strong>5.9.2. Changing the Default Context</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Next</strong>5.9.4. Multiple NFS Mounts</a></li></ul></body></html>
\ No newline at end of file
+ </div><div class="para">
+ As an alternative to mounting file systems with <code class="option">context</code> options, Booleans can be turned on to allow services access to file systems labeled with the <code class="computeroutput">nfs_t</code> type. Refer to <a href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html" title="5.6.3. Booleans for NFS and CIFS">Section 5.6.3, “Booleans for NFS and CIFS”</a> for instructions on configuring Booleans to allow services access to the <code class="computeroutput">nfs_t</code> type.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Prev</strong>5.9.2. Changing the Default Context</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html"><strong>Next</strong>5.9.4. Multiple NFS Mounts</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,28 +1,28 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.4. Multiple NFS Mounts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html" title="5.9.3. Mounting an NFS File System"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html" title="5.9.5. Making Context Mounts Persistent"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.9.4. Multiple NFS Mounts</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p"
href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts">5.9.4. Multiple NFS Mounts</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9.4. Multiple NFS Mounts</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html" title="5.9.3. Mounting an NFS File System"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html" title="5.9.5. Making Context Mounts Persistent"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Multiple_NFS_Mounts">5.9.4. Multiple NFS Mounts</h3></div></div></div><div class="para">
When mounting multiple mounts from the same NFS export, attempting to override the SELinux context of each mount with a different context, results in subsequent mount commands failing. In the following example, the NFS server has a single export, <code class="filename">/export</code>, which has two subdirectories, <code class="filename">web/</code> and <code class="filename">database/</code>. The following commands attempt two mounts from a single NFS export, and try to override the context for each one:
- </p><pre class="screen">
+ </div><pre class="screen">
# mount server:/export/web /local/web -o\
context="system_u:object_r:httpd_sys_content_t:s0"
# mount server:/export/database /local/database -o\
context="system_u:object_r:mysqld_db_t:s0"
-</pre><p>
+</pre><div class="para">
The second mount command fails, and the following is logged to <code class="filename">/var/log/messages</code>:
- </p><pre class="screen">
+ </div><pre class="screen">
kernel: SELinux: mount invalid. Same superblock, different security settings for (dev 0:15, type nfs)
-</pre><p>
+</pre><div class="para">
To mount multiple mounts from a single NFS export, with each mount having a different context, use the <code class="option">-o nosharecache,context</code> options. The following example mounts multiple mounts from a single NFS export, with a different context for each mount (allowing a single service access to each one):
- </p><pre class="screen">
+ </div><pre class="screen">
# mount server:/export/web /local/web -o\
nosharecache,context="system_u:object_r:httpd_sys_content_t:s0"
# mount server:/export/database /local/database -o\
nosharecache,context="system_u:object_r:mysqld_db_t:s0"
-</pre><p>
+</pre><div class="para">
In this example, <code class="computeroutput">server:/export/web</code> is mounted locally to <code class="filename">/local/web/</code>, with all files being labeled with the <code class="computeroutput">httpd_sys_content_t</code> type, allowing Apache HTTP Server access. <code class="computeroutput">server:/export/database</code> is mounted locally to <code class="filename">/local/database</code>, with all files being labeled with the <code class="computeroutput">mysqld_db_t</code> type, allowing MySQL access. These type changes are not written to disk.
- </p><div class="important"><h2>Important</h2><p>
+ </div><div class="important"><h2>Important</h2><div class="para">
The <code class="option">nosharecache</code> options allows you to mount the same subdirectory of an export multiple times with different contexts (for example, mounting <code class="filename">/export/web</code> multiple times). Do not mount the same subdirectory from an export multiple times with different contexts, as this creates an overlapping mount, where files are accessible under two different contexts.
- </p></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html"><strong>Prev</strong>5.9.3. Mounting an NFS File System</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Next</strong>5.9.5. Making Context Mounts Persistent</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html"><strong>Prev</strong>5.9.3. Mounting an NFS File System</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Next</strong>5.9.5. Making Context Mounts Persistent</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains.html 24 Jan 2009 03:48:02 -0000 1.2
@@ -1,20 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.4.2. Denials for Permissive Domains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html" title="7.3.4. Permissive Domains"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html" title="7.3.4. Permissive Domains"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html" title="7.3.5. Searching For and Viewing Denials"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3.4.2. Denials for Permissive Domains</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-
Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains">7.3.4.2. Denials for Permissive Domains</h4></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3.4.2. Denials for Permissive Domains</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html" title="7.3.4. Permissive Domains"/><link rel="prev" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html" title="7.3.4. Permissive Domains"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html" title="7.3.5. Searching For and Viewing Denials"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedor
aproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security-Enhanced_Linux-Permissive_Domains-Denials_for_Permissive_Domains">7.3.4.2. Denials for Permissive Domains</h4></div></div></div><div class="para">
The <code class="computeroutput">SYSCALL</code> message is different for permissive domains. The following is an example AVC denial (and the associated system call) from the Apache HTTP Server:
- </p><pre class="screen">
+ </div><pre class="screen">
type=AVC msg=audit(1226882736.442:86): avc: denied { getattr } for pid=2427 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=284133 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file
type=SYSCALL msg=audit(1226882736.442:86): arch=40000003 syscall=196 success=no exit=-13 a0=b9a1e198 a1=bfc2921c a2=54dff4 a3=2008171 items=0 ppid=2425 pid=2427 auid=502 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
-</pre><p>
+</pre><div class="para">
By default, the <code class="computeroutput">httpd_t</code> domain is not permissive, and as such, the action is denied, and the <code class="computeroutput">SYSCALL</code> message contains <code class="computeroutput">success=no</code>. The following is an example AVC denial for the same situation, except the <code class="command">semanage permissive -a httpd_t</code> command has been run to make the <code class="computeroutput">httpd_t</code> domain permissive:
- </p><pre class="screen">
+ </div><pre class="screen">
type=AVC msg=audit(1226882925.714:136): avc: denied { read } for pid=2512 comm="httpd" name="file1" dev=dm-0 ino=284133 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file
type=SYSCALL msg=audit(1226882925.714:136): arch=40000003 syscall=5 success=yes exit=11 a0=b962a1e8 a1=8000 a2=0 a3=8000 items=0 ppid=2511 pid=2512 auid=502 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
-</pre><p>
+</pre><div class="para">
In this case, although an AVC denial was logged, access was not denied, as shown by <code class="computeroutput">success=yes</code> in the <code class="computeroutput">SYSCALL</code> message.
- </p><p>
+ </div><div class="para">
Refer to Dan Walsh's <a href="http://danwalsh.livejournal.com/24537.html">"Permissive Domains"</a> blog entry for further information about permissive domains.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Prev</strong>7.3.4. Permissive Domains</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html"><strong>Next</strong>7.3.5. Searching For and Viewing Denials</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Fixing_Problems-Permissive_Domains.html"><strong>Prev</strong>7.3.4. Permissive Domains</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Searching_For_and_Viewing_Denials.html"><strong>Next</strong>7.3.5. Searching For and Viewing Denials</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,28 +1,28 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.2. SELinux Contexts for Processes</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts"/><link rel="prev" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts"/><link rel="next" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html" title="3.3. SELinux Contexts for Users"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>3.2. SELinux Contexts for Processes</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html"><stron
g>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes">3.2. SELinux Contexts for Processes</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.2. SELinux Contexts for Processes</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts"/><link rel="prev" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts"/><link rel="next" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html" title="3.3. SELinux Contexts for Users"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/ima
ge_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes">3.2. SELinux Contexts for Processes</h2></div></div></div><div class="para">
Use the <code class="command">ps -eZ</code> command to view the SELinux context for processes. For example:
- </p><div class="orderedlist"><ol><li><p>
- Open a terminal, such as <span class="guimenu"><strong>Applications</strong></span> → <span class="guisubmenu"><strong>System Tools</strong></span> → <span class="guimenuitem"><strong>Terminal</strong></span>.
- </p></li><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
+ Open a terminal, such as <span><strong class="guimenu">Applications</strong></span> → <span><strong class="guisubmenu">System Tools</strong></span> → <span><strong class="guimenuitem">Terminal</strong></span>.
+ </div></li><li><div class="para">
Run the <code class="command">/usr/bin/passwd</code> command. Do not enter a new password.
- </p></li><li><p>
+ </div></li><li><div class="para">
Open a new tab, or another terminal, and run the <code class="command">ps -eZ | grep passwd</code> command. The output is similar to the following:
- </p><pre class="screen">unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 13212 pts/1 00:00:00 passwd
-</pre></li><li><p>
- In the first tab, press <strong class="userinput"><code>Ctrl+C</code></strong> to cancel the <span class="application"><strong>passwd</strong></span> application.
- </p></li></ol></div><p>
+ </div><pre class="screen">unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 13212 pts/1 00:00:00 passwd
+</pre></li><li><div class="para">
+ In the first tab, press <strong class="userinput"><code>Ctrl+C</code></strong> to cancel the <span><strong class="application">passwd</strong></span> application.
+ </div></li></ol></div><div class="para">
In this example, when the <code class="filename">/usr/bin/passwd</code> application (labeled with the <code class="computeroutput">passwd_exec_t</code> type) is executed, the user's shell process transitions to the <code class="computeroutput">passwd_t</code> domain. Remember: the type defines a domain for processes, and a type for files.
- </p><p>
- Use the <code class="command">ps -eZ</code> command to view the SELinux contexts for running processes. The following is a limited example of the <code class="command">ps -eZ</code> output, and may differ on your system:
- </p><pre class="screen">system_u:system_r:setroubleshootd_t:s0 1866 ? 00:00:08 setroubleshootd
+ </div><div class="para">
+ Use the <code class="command">ps -eZ</code> command to view the SELinux contexts for running processes. The following is a limited example of the output, and may differ on your system:
+ </div><pre class="screen">system_u:system_r:setroubleshootd_t:s0 1866 ? 00:00:08 setroubleshootd
system_u:system_r:dhcpc_t:s0 1869 ? 00:00:00 dhclient
system_u:system_r:sshd_t:s0-s0:c0.c1023 1882 ? 00:00:00 sshd
system_u:system_r:gpm_t:s0 1964 ? 00:00:00 gpm
system_u:system_r:crond_t:s0-s0:c0.c1023 1973 ? 00:00:00 crond
system_u:system_r:kerneloops_t:s0 1983 ? 00:00:05 kerneloops
system_u:system_r:crond_t:s0-s0:c0.c1023 1991 ? 00:00:00 atd
-</pre><p>
+</pre><div class="para">
The <code class="computeroutput">system_r</code> role is used for system processes, such as daemons. Type Enforcement then separates each domain.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html"><strong>Prev</strong>Chapter 3. SELinux Contexts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html"><strong>Next</strong>3.3. SELinux Contexts for Users</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html"><strong>Prev</strong>Chapter 3. SELinux Contexts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html"><strong>Next</strong>3.3. SELinux Contexts for Users</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.3. SELinux Contexts for Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts"/><link rel="prev" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html" title="3.2. SELinux Contexts for Processes"/><link rel="next" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>3.3. SELinux Contexts for Users</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contex
ts_for_Processes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Targeted_Policy.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users">3.3. SELinux Contexts for Users</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>3.3. SELinux Contexts for Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts"/><link rel="prev" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html" title="3.2. SELinux Contexts for Processes"/><link rel="next" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/i
mage_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Targeted_Policy.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Users">3.3. SELinux Contexts for Users</h2></div></div></div><div class="para">
Use the <code class="command">id -Z</code> command to view the SELinux context associated with your Linux user:
- </p><pre class="screen">unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-</pre><p>
+ </div><pre class="screen">unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+</pre><div class="para">
In Fedora 10, Linux users run unconfined by default. This SELinux context shows that the Linux user is mapped to the SELinux <code class="computeroutput">unconfined_u</code> user, running as the <code class="computeroutput">unconfined_r</code> role, and is running in the <code class="computeroutput">unconfined_t</code> domain. <code class="computeroutput">s0-s0</code> is an MLS range, which in this case, is the same as just <code class="computeroutput">s0</code>. The categories the user has access to is defined by <code class="computeroutput">c0.c1023</code>, which is all categories (<code class="computeroutput">c0</code> through to <code class="computeroutput">c1023</code>).
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html"><strong>Prev</strong>3.2. SELinux Contexts for Processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Targeted_Policy.html"><strong>Next</strong>Chapter 4. Targeted Policy</a></li></ul></body></html>
\ No newline at end of file
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts-SELinux_Contexts_for_Processes.html"><strong>Prev</strong>3.2. SELinux Contexts for Processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Targeted_Policy.html"><strong>Next</strong>Chapter 4. Targeted Policy</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,114 +1,114 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.7.2. Persistent Changes: semanage fcontext</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html" title="5.7. SELinux Contexts - Labeling Files"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html" title="5.7. SELinux Contexts - Labeling Files"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html" title="5.8. The file_t and default_t Types"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.7.2. Persistent Changes: semanage fcontext</strong></a></p
><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext">5.7.2. Persistent Changes: semanage fcontext</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.7.2. Persistent Changes: semanage fcontext</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html" title="5.7. SELinux Contexts - Labeling Files"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html" title="5.7. SELinux Contexts - Labeling Files"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html" title="5.8. The file_t and default_t Types"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png"
alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext">5.7.2. Persistent Changes: semanage fcontext</h3></div></div></div><div class="para">
The <code class="command">/usr/sbin/semanage fcontext</code> command changes the SELinux context for files. When using targeted policy, changes made with this command are added to the <code class="filename">/etc/selinux/targeted/contexts/files/file_contexts</code> file if the changes are to files that exists in <code class="filename">file_contexts</code>, or are added to <code class="filename">file_contexts.local</code> for new files and directories, such as creating a <code class="filename">/web/</code> directory. <code class="command">setfiles</code>, which is used when a file system is relabeled, and <code class="command">/sbin/restorecon</code>, which restores the default SELinux contexts, read these files. This means that changes made by <code class="command">/usr/sbin/semanage fcontext</code> are persistent, even if the file system is relabeled. SELinux policy controls whether users are able to modify the SELinux context for any given file.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Quick_Reference">Quick Reference</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Quick_Reference">Quick Reference</h5>
To make SELinux context changes that survive a file system relabel:
- <div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
Run the <code class="command">/usr/sbin/semanage fcontext -a <em class="replaceable"><code>options</code></em> <em class="replaceable"><code>file-name</code></em>|<em class="replaceable"><code>directory-name</code></em></code> command, remembering to use the full path to the file or directory.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">/sbin/restorecon -v <em class="replaceable"><code>file-name</code></em>|<em class="replaceable"><code>directory-name</code></em></code> command to apply the context changes.
- </p></li></ol></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Changing_a_Files_Type">Changing a File's Type</h5>
+ </div></li></ol></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Changing_a_Files_Type">Changing a File's Type</h5>
The following example demonstrates changing a file's type, and no other attributes of the SELinux context:
- <div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">touch /etc/file1</code> command to create a new file. By default, newly-created files in the <code class="filename">/etc/</code> directory are labeled with the <code class="computeroutput">etc_t</code> type:
- </p><pre class="screen"># ls -Z /etc/file1
+ </div><pre class="screen"># ls -Z /etc/file1
-rw-r--r-- root root unconfined_u:object_r:etc_t:s0 /etc/file1
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -a -t samba_share_t /etc/file1</code> command to change the <code class="filename">file1</code> type to <code class="computeroutput">samba_share_t</code>. The <code class="option">-a</code> option adds a new record, and the <code class="option">-t</code> option defines a type (<code class="computeroutput">samba_share_t</code>). Note: running this command does not directly change the type - <code class="filename">file1</code> is still labeled with the <code class="computeroutput">etc_t</code> type:
- </p><pre class="screen"># /usr/sbin/semanage fcontext -a -t samba_share_t /etc/file1
+ </div><pre class="screen"># /usr/sbin/semanage fcontext -a -t samba_share_t /etc/file1
# ls -Z /etc/file1
-rw-r--r-- root root unconfined_u:object_r:etc_t:s0 /etc/file1
-</pre><p>
+</pre><div class="para">
The <code class="command">/usr/sbin/semanage fcontext -a -t samba_share_t /etc/file1</code> command adds the following entry to <code class="filename">/etc/selinux/targeted/contexts/files/file_contexts.local</code>:
- </p><pre class="screen">/etc/file1 unconfined_u:object_r:samba_share_t:s0
-</pre></li><li><p>
+ </div><pre class="screen">/etc/file1 unconfined_u:object_r:samba_share_t:s0
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/sbin/restorecon -v /etc/file1</code> command to change the type. Since the <code class="command">semanage</code> command added an entry to <code class="filename">file.contexts.local</code> for <code class="filename">/etc/file1</code>, the <code class="command">/sbin/restorecon</code> command changes the type to <code class="computeroutput">samba_share_t</code>:
- </p><pre class="screen"># /sbin/restorecon -v /etc/file1
+ </div><pre class="screen"># /sbin/restorecon -v /etc/file1
restorecon reset /etc/file1 context unconfined_u:object_r:etc_t:s0->system_u:object_r:samba_share_t:s0
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">rm -i /etc/file1</code> command to remove <code class="filename">file1</code>.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -d /etc/file1</code> command to remove the context added for <code class="filename">/etc/file1</code>. When the context is removed, running <code class="command">restorecon</code> changes the type to <code class="computeroutput">etc_t</code>, rather than <code class="computeroutput">samba_share_t</code>.
- </p></li></ol></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Changing_a_Directorys_Type">Changing a Directory's Type</h5>
+ </div></li></ol></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Changing_a_Directorys_Type">Changing a Directory's Type</h5>
The following example demonstrates creating a new directory and changing that directory's file type, to a type used by Apache HTTP Server:
- <div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">mkdir /web</code> command to create a new directory. This directory is labeled with the <code class="computeroutput">default_t</code> type:
- </p><pre class="screen"># ls -dZ /web
+ </div><pre class="screen"># ls -dZ /web
drwxr-xr-x root root unconfined_u:object_r:default_t:s0 /web
-</pre><p>
+</pre><div class="para">
The <code class="command">ls</code> <code class="option">-d</code> option makes <code class="command">ls</code> list information about a directory, rather than its contents, and the <code class="option">-Z</code> option makes <code class="command">ls</code> display the SELinux context (in this example, <code class="computeroutput">unconfined_u:object_r:default_t:s0</code>).
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -a -t httpd_sys_content_t /web</code> command to change the <code class="filename">/web/</code> type to <code class="computeroutput">httpd_sys_content_t</code>. The <code class="option">-a</code> option adds a new record, and the <code class="option">-t</code> option defines a type (<code class="computeroutput">httpd_sys_content_t</code>). Note: running this command does not directly change the type - <code class="filename">/web/</code> is still labeled with the <code class="computeroutput">default_t</code> type:
- </p><pre class="screen"># /usr/sbin/semanage fcontext -a -t httpd_sys_content_t /web
+ </div><pre class="screen"># /usr/sbin/semanage fcontext -a -t httpd_sys_content_t /web
# ls -dZ /web
drwxr-xr-x root root unconfined_u:object_r:default_t:s0 /web
-</pre><p>
+</pre><div class="para">
The <code class="command">/usr/sbin/semanage fcontext -a -t httpd_sys_content_t /web</code> command adds the following entry to <code class="command">/etc/selinux/targeted/contexts/files/file_contexts.local</code>:
- </p><pre class="screen">/web unconfined_u:object_r:httpd_sys_content_t:s0
-</pre></li><li><p>
+ </div><pre class="screen">/web unconfined_u:object_r:httpd_sys_content_t:s0
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/sbin/restorecon -v /web</code> command to change the type. Since the <code class="command">semanage</code> command added an entry to <code class="filename">file.contexts.local</code> for <code class="filename">/web</code>, the <code class="command">/sbin/restorecon</code> command changes the type to <code class="computeroutput">httpd_sys_content_t</code>:
- </p><pre class="screen"># /sbin/restorecon -v /web
+ </div><pre class="screen"># /sbin/restorecon -v /web
restorecon reset /web context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
-</pre><p>
+</pre><div class="para">
By default, newly-created files and directories inherit the SELinux type of their parent folders. When using this example, and before removing the SELinux context added for <code class="filename">/web/</code>, files and directories created in the <code class="filename">/web/</code> directory are labeled with the <code class="computeroutput">httpd_sys_content_t</code> type.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -d /web</code> command to remove the context added for <code class="filename">/web/</code>.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">/sbin/restorecon -v /web</code> command to restore the default SELinux context.
- </p></li></ol></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Changing_a_Directory_and_its_Contents_Types">Changing a Directory and its Contents Types</h5>
+ </div></li></ol></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Changing_a_Directory_and_its_Contents_Types">Changing a Directory and its Contents Types</h5>
The following example demonstrates creating a new directory, and changing the directory's file type (along with its contents) to a type used by Apache HTTP Server. The configuration in this example is used if you want Apache HTTP Server to use a different document root (instead of <code class="filename">/var/www/html/</code>):
- <div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">mkdir /web</code> command to create a new directory, and then the <code class="command">touch /web/file{1,2,3}</code> command to create 3 empty files (<code class="filename">file1</code>, <code class="filename">file2</code>, and <code class="filename">file3</code>). The <code class="filename">/web/</code> directory and files in it are labeled with the <code class="computeroutput">default_t</code> type:
- </p><pre class="screen"># ls -dZ /web
+ </div><pre class="screen"># ls -dZ /web
drwxr-xr-x root root unconfined_u:object_r:default_t:s0 /web
# ls -lZ /web
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file1
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file2
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file3
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"</code> command to change the type of the <code class="filename">/web/</code> directory and the files in it, to <code class="computeroutput">httpd_sys_content_t</code>. The <code class="option">-a</code> option adds a new record, and the <code class="option">-t</code> option defines a type (httpd_sys_content_t). The <code class="computeroutput">"/web(/.*)?"</code> regular expression causes the <code class="command">semanage</code> command to apply changes to the <code class="filename">/web/</code> directory, as well as the files in it. Note: running this command does not directly change the type - <code class="filename">/web/</code> and files in it are still labeled with the <code class="computeroutput">default_t</code> type:
- </p><pre class="screen"># ls -dZ /web
+ </div><pre class="screen"># ls -dZ /web
drwxr-xr-x root root unconfined_u:object_r:default_t:s0 /web
# ls -lZ /web
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file1
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file2
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file3
-</pre><p>
- The <code class="command">/usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"</code> adds the following entry to <code class="filename">/etc/selinux/targeted/contexts/files/file_contexts.local</code>:
- </p><pre class="screen">/web(/.*)? system_u:object_r:httpd_sys_content_t:s0
-</pre></li><li><p>
+</pre><div class="para">
+ The <code class="command">/usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"</code> command adds the following entry to <code class="filename">/etc/selinux/targeted/contexts/files/file_contexts.local</code>:
+ </div><pre class="screen">/web(/.*)? system_u:object_r:httpd_sys_content_t:s0
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/sbin/restorecon -R -v /web</code> command to change the type of the <code class="filename">/web/</code> directory, as well as all files in it. The <code class="option">-R</code> is for recursive, which means all files and directories under the <code class="filename">/web/</code> directory are labeled with the <code class="computeroutput">httpd_sys_content_t</code> type. Since the <code class="command">semanage</code> command added an entry to <code class="filename">file.contexts.local</code> for <code class="computeroutput">/web(/.*)?</code>, the <code class="command">/sbin/restorecon</code> command changes the types to <code class="computeroutput">httpd_sys_content_t</code>:
- </p><pre class="screen"># /sbin/restorecon -R -v /web
+ </div><pre class="screen"># /sbin/restorecon -R -v /web
restorecon reset /web context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/file2 context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/file3 context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/file1 context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
-</pre><p>
+</pre><div class="para">
By default, newly-created files and directories inherit the SELinux type of their parents. In this example, files and directories created in the <code class="filename">/web/</code> directory will be labeled with the <code class="computeroutput">httpd_sys_content_t</code> type.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -d "/web(/.*)?"</code> command to remove the context added for <code class="computeroutput">"/web(/.*)?"</code>.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">/sbin/restorecon -R -v /web</code> command to restore the default SELinux contexts.
- </p></li></ol></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Deleting_an_added_Context">Deleting an added Context</h5>
+ </div></li></ol></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Persistent_Changes_semanage_fcontext-Deleting_an_added_Context">Deleting an added Context</h5>
The following example demonstrates adding and removing an SELinux context:
- <div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -a -t httpd_sys_content_t /test</code> command. The <code class="filename">/test/</code> directory does not have to exist. This command adds the following context to <code class="filename">/etc/selinux/targeted/contexts/files/file_contexts.local</code>:
- </p><pre class="screen">/test system_u:object_r:httpd_sys_content_t:s0
-</pre></li><li><p>
+ </div><pre class="screen">/test system_u:object_r:httpd_sys_content_t:s0
+</pre></li><li><div class="para">
To remove the context, as the Linux root user, run the <code class="command">/usr/sbin/semanage fcontext -d <em class="replaceable"><code>file-name</code></em>|<em class="replaceable"><code>directory-name</code></em></code> command, where <em class="replaceable"><code>file-name</code></em>|<em class="replaceable"><code>directory-name</code></em> is the first part in <code class="filename">file_contexts.local</code>. The following is an example of a context in <code class="filename">file_contexts.local</code>:
- </p><pre class="screen">/test system_u:object_r:httpd_sys_content_t:s0
-</pre><p>
+ </div><pre class="screen">/test system_u:object_r:httpd_sys_content_t:s0
+</pre><div class="para">
With the first part being <code class="computeroutput">/test</code>. To prevent the <code class="filename">/test/</code> directory from being labeled with the <code class="computeroutput">httpd_sys_content_t</code> after running <code class="command">/sbin/restorecon</code>, or after a file system relabel, run the following command as the Linux root user to delete the context from <code class="filename">file_contexts.local</code>:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semanage fcontext -d /test</code>
- </p></li></ol></div><p>
+ </div></li></ol></div><div class="para">
If the context is part of a regular expression, for example, <code class="computeroutput">/web(/.*)?</code>, use quotation marks around the regular expression:
- </p><p>
+ </div><div class="para">
<code class="command">/usr/sbin/semanage fcontext -d "/web(/.*)?"</code>
- </p><p>
+ </div><div class="para">
Refer to the <span class="citerefentry"><span class="refentrytitle">semanage</span>(8)</span> manual page for further information about <code class="command">/usr/sbin/semanage</code>.
- </p><div class="important"><h2>Important</h2><p>
+ </div><div class="important"><h2>Important</h2><div class="para">
When changing the SELinux context with <code class="command">/usr/sbin/semanage fcontext -a</code>, use the full path to the file or directory to avoid files being mislabeled after a file system relabel, or after the <code class="command">/sbin/restorecon</code> command is run.
- </p></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html"><strong>Prev</strong>5.7. SELinux Contexts - Labeling Files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Next</strong>5.8. The file_t and default_t Types</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html"><strong>Prev</strong>5.7. SELinux Contexts - Labeling Files</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Next</strong>5.8. The file_t and default_t Types</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,40 +1,40 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>4.3. Confined and Unconfined Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/><link rel="prev" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html" title="4.2. Unconfined Processes"/><link rel="next" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>4.3. Confined and Unconfined Users</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.h
tml"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users">4.3. Confined and Unconfined Users</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>4.3. Confined and Unconfined Users</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/><link rel="prev" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html" title="4.2. Unconfined Processes"/><link rel="next" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right
.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users">4.3. Confined and Unconfined Users</h2></div></div></div><div class="para">
Each Linux user is mapped to an SELinux user via SELinux policy. This allows Linux users to inherit the restrictions on SELinux users. This Linux user mapping is seen by running the <code class="command">semanage login -l</code> command as the Linux root user:
- </p><pre class="screen"># /usr/sbin/semanage login -l
+ </div><pre class="screen"># /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
-</pre><p>
+</pre><div class="para">
In Fedora 10, Linux users are mapped to the SELinux <code class="computeroutput">__default__</code> login by default (which is mapped to the SELinux <code class="computeroutput">unconfined_u</code> user). The following defines the default-mapping:
- </p><pre class="screen">__default__ unconfined_u s0-s0:c0.c1023
-</pre><p>
- The following example demonstrates adding a new Linux user, and that Linux user being mapped to the SELinux unconfined_u user. It assumes that the Linux root user is running unconfined, as it does by default in Fedora 10:
- </p><div class="orderedlist"><ol><li><p>
+ </div><pre class="screen">__default__ unconfined_u s0-s0:c0.c1023
+</pre><div class="para">
+ The following example demonstrates adding a new Linux user, and that Linux user being mapped to the SELinux <code class="computeroutput">unconfined_u</code> user. It assumes that the Linux root user is running unconfined, as it does by default in Fedora 10:
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/useradd newuser</code> command to create a new Linux user named newuser.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">passwd newuser</code> command to assign a password to the Linux newuser user:
- </p><pre class="screen"># passwd newuser
+ </div><pre class="screen"># passwd newuser
Changing password for user newuser.
New UNIX password: <em class="replaceable"><code>Enter a password</code></em>
Retype new UNIX password: <em class="replaceable"><code>Enter the same password again</code></em>
passwd: all authentication tokens updated successfully.
-</pre></li><li><p>
- Log out of your current session, and log in as the Linux newuser user. When you log in, pam_selinux maps the Linux user to an SELinux user (in this case, unconfined_u), and sets up the resulting SELinux context. The Linux user's shell is then launched with this context. Run the <code class="command">id -Z</code> command to view the context for a Linux user:
- </p><pre class="screen">[newuser@localhost ~]$ id -Z
+</pre></li><li><div class="para">
+ Log out of your current session, and log in as the Linux newuser user. When you log in, pam_selinux maps the Linux user to an SELinux user (in this case, unconfined_u), and sets up the resulting SELinux context. The Linux user's shell is then launched with this context. Run the <code class="command">id -Z</code> command to view the context of a Linux user:
+ </div><pre class="screen">[newuser@localhost ~]$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
-</pre></li><li><p>
- Log out of the Linux newuser's session, and log in with your account. If you do not want the Linux newuser user, as the Linux root user, run the <code class="command">/usr/sbin/userdel -r newuser</code> command to remove it, along with the Linux newuser's home directory.
- </p></li></ol></div><p>
+</pre></li><li><div class="para">
+ Log out of the Linux newuser's session, and log in with your account. If you do not want the Linux newuser user, run the <code class="command">/usr/sbin/userdel -r newuser</code> command as the Linux root user to remove it, along with the Linux newuser's home directory.
+ </div></li></ol></div><div class="para">
Confined and unconfined Linux users are subject to executable and writeable memory checks, and are also restricted by MCS (and MLS, if the MLS policy is used). If unconfined Linux users execute an application that SELinux policy defines can transition from the <code class="computeroutput">unconfined_t</code> domain to its own confined domain, unconfined Linux users are still subject to the restrictions of that confined domain. The security benefit of this is that, even though a Linux user is running unconfined, the application remains confined, and therefore, the exploitation of a flaw in the application can be limited by policy. Note: this does not protect the system from the user. Instead, the user and the system are being protected from possible damage caused by a flaw in the application.
- </p><p>
+ </div><div class="para">
The following confined SELinux users are available in Fedora 10:
- </p><div class="table" id="tabl-Security-Enhanced_Linux-Confined_and_Unconfined_Users-SELinux_User_Capabilities"><div class="table-contents"><table summary="SELinux User Capabilities" border="1"><colgroup><col/><col/><col/><col/><col/><col/></colgroup><thead><tr><th>
+ </div><div class="table" id="tabl-Security-Enhanced_Linux-Confined_and_Unconfined_Users-SELinux_User_Capabilities"><div class="table-contents"><table summary="SELinux User Capabilities" border="1"><colgroup><col/><col/><col/><col/><col/><col/></colgroup><thead><tr><th>
User
</th><th>
Domain
@@ -55,7 +55,7 @@
</td><td align="center">
no
</td><td align="center">
- no
+ optional
</td><td align="center">
no
</td></tr><tr><td>
@@ -67,9 +67,9 @@
</td><td align="center">
no
</td><td align="center">
- no
+ optional
</td><td align="center">
- only <span class="application"><strong>Firefox</strong></span>
+ only <span><strong class="application">Firefox</strong></span>
</td></tr><tr><td>
user_u
</td><td>
@@ -79,7 +79,7 @@
</td><td align="center">
no
</td><td align="center">
- no
+ optional
</td><td align="center">
yes
</td></tr><tr><td>
@@ -91,19 +91,21 @@
</td><td align="center">
only <code class="command">sudo</code>
</td><td align="center">
- yes
+ optional
</td><td align="center">
yes
- </td></tr></tbody></table></div><h6>Table 4.1. SELinux User Capabilities</h6></div><br class="table-break"/><div class="itemizedlist"><ul><li><p>
+ </td></tr></tbody></table></div><h6>Table 4.1. SELinux User Capabilities</h6></div><br class="table-break"/><div class="itemizedlist"><ul><li><div class="para">
Linux users in the <code class="computeroutput">guest_t</code>, <code class="computeroutput">xguest_t</code>, and <code class="computeroutput">user_t</code> domains can only run set user ID (setuid) applications if SELinux policy permits it (such as <code class="command">passwd</code>). They can not run the <code class="command">su</code> and <code class="command">/usr/bin/sudo</code> setuid applications, and therefore, can not use these applications to become the Linux root user.
- </p></li><li><p>
+ </div></li><li><div class="para">
Linux users in the <code class="computeroutput">guest_t</code> domain have no network access, and can only log in via a terminal (including <code class="systemitem">ssh</code>; they can log in via <code class="systemitem">ssh</code>, but can not use <code class="systemitem">ssh</code> to connect to another system).
- </p></li><li><p>
- The only network access Linux users in the <code class="computeroutput">xguest_t</code> domain have is <span class="application"><strong>Firefox</strong></span> connecting to web pages.
- </p></li><li><p>
- By default, Linux users in the <code class="computeroutput">guest_t</code>, <code class="computeroutput">xguest_t</code>, and <code class="computeroutput">user_t</code> domains can not execute applications in their home directories or <code class="filename">/tmp/</code>, preventing them from executing applications (which inherit users' permissions) in directories that they have write access to. This prevents flawed or malicious applications from modifying files users' own.
- </p></li><li><p>
+ </div></li><li><div class="para">
+ The only network access Linux users in the <code class="computeroutput">xguest_t</code> domain have is <span><strong class="application">Firefox</strong></span> connecting to web pages.
+ </div></li><li><div class="para">
Linux users in the <code class="computeroutput">xguest_t</code>, <code class="computeroutput">user_t</code> and <code class="computeroutput">staff_t</code> domains can log in via the X Window System and a terminal.
- </p></li><li><p>
+ </div></li><li><div class="para">
By default, Linux users in the <code class="computeroutput">staff_t</code> domain do not have permissions to execute applications with <code class="command">/usr/bin/sudo</code>. These permissions must be configured by an administrator.
- </p></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html"><strong>Prev</strong>4.2. Unconfined Processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html"><strong>Next</strong>Chapter 5. Working with SELinux</a></li></ul></body></html>
\ No newline at end of file
+ </div></li></ul></div><div class="para">
+ By default, Linux users in the <code class="computeroutput">guest_t</code> and <code class="computeroutput">xguest_t</code> domains can not execute applications in their home directories or <code class="filename">/tmp/</code>, preventing them from executing applications (which inherit users' permissions) in directories they have write access to. This helps prevent flawed or malicious applications from modifying files users' own.
+ </div><div class="para">
+ By default, Linux users in the <code class="computeroutput">user_t</code> and <code class="computeroutput">staff_t</code> domains can execute applications in their home directories and <code class="filename">/tmp/</code>. Refer to <a href="sect-Security-Enhanced_Linux-Confining_Users-Booleans_for_Users_Executing_Applications.html" title="6.6. Booleans for Users Executing Applications">Section 6.6, “Booleans for Users Executing Applications”</a> for information about allowing and preventing users from executing applications in their home directories and <code class="filename">/tmp/</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html"><strong>Prev</strong>4.2. Unconfined Processes</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html"><strong>Next</strong>Chapter 5. Working with SELinux</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,56 +1,58 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>4.2. Unconfined Processes</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/><link rel="prev" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/><link rel="next" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html" title="4.3. Confined and Unconfined Users"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>4.2. Unconfined Processes</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Targeted_Policy.html"><strong>Prev</strong></a><
/li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes">4.2. Unconfined Processes</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>4.2. Unconfined Processes</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/><link rel="prev" href="chap-Security-Enhanced_Linux-Targeted_Policy.html" title="Chapter 4. Targeted Policy"/><link rel="next" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html" title="4.3. Confined and Unconfined Users"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.
png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Targeted_Policy.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes">4.2. Unconfined Processes</h2></div></div></div><div class="para">
Unconfined processes run in unconfined domains, for example, init programs run in the unconfined <code class="computeroutput">initrc_t</code> domain, unconfined kernel processes run in the <code class="computeroutput">kernel_t</code> domain, and unconfined Linux users run in the <code class="computeroutput">unconfined_t</code> domain. For unconfined processes, SELinux policy rules are applied, but policy rules exist that allow processes running in unconfined domains almost all access. Processes running in unconfined domains fall back to using DAC rules exclusively. If an unconfined process is compromised, SELinux does not prevent an attacker from gaining access to system resources and data, but of course, DAC rules are still used. SELinux is a security enhancement on top of DAC rules - it does not replace them.
- </p><p>
+ </div><div class="para">
The following example demonstrates how the Apache HTTP Server (<code class="systemitem">httpd</code>) can access data intended for use by Samba, when running unconfined. Note: in Fedora 10, the <code class="systemitem">httpd</code> process runs in the confined <code class="computeroutput">httpd_t</code> domain by default. This is an example, and should not be used in production. It assumes that the <span class="package">httpd</span>, <span class="package">wget</span>, <span class="package">setroubleshoot-server</span>, and <span class="package">audit</span> packages are installed, that the SELinux targeted policy is used, and that SELinux is running in enforcing mode:
- </p><div class="orderedlist"><ol><li><p>
- Run the <code class="command">/usr/sbin/sestatus</code> command to confirm that SELinux is enabled, is running in enforcing mode, and that targeted policy is being used:
- </p><pre class="screen">SELinux status: enabled
+ </div><div class="orderedlist"><ol><li><div class="para">
+ Run the <code class="command">sestatus</code> command to confirm that SELinux is enabled, is running in enforcing mode, and that targeted policy is being used:
+ </div><pre class="screen">
+$ /usr/sbin/sestatus
+SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 23
Policy from config file: targeted
-</pre><p>
+</pre><div class="para">
<code class="computeroutput">SELinux status: enabled</code> is returned when SELinux is enabled. <code class="computeroutput">Current mode: enforcing</code> is returned when SELinux is running in enforcing mode. <code class="computeroutput">Policy from config file: targeted</code> is returned when the SELinux targeted policy is used.
- </p></li><li><p>
+ </div></li><li><div class="para">
As the Linux root user, run the <code class="command">touch /var/www/html/test2file</code> command to create a file.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">ls -Z /var/www/html/test2file</code> command to view the SELinux context:
- </p><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/test2file
-</pre><p>
- By default, Linux users run unconfined in Fedora 10, which is why the <code class="filename">test2file</code> file is labeled with the SELinux <code class="computeroutput">unconfined_u</code> user. RBAC is used for processes, not files. Roles do not have a meaning for files - the <code class="computeroutput">object_r</code> role is a generic role used for files (on persistent storage and network file systems). Under the <code class="filename">/proc/</code> directory, files related to processes may use the <code class="computeroutput">system_r</code> role.<sup>[<a id="d0e1469" href="#ftn.d0e1469" class="footnote">7</a>]</sup> The <code class="computeroutput">httpd_sys_content_t</code> type allows the <code class="systemitem">httpd</code> process to access this file.
- </p></li><li><p>
- The <code class="command">/usr/bin/chcon</code> command relabels files; however, such label changes do not survive when the file system is relabeled. For permanent changes that survive a file system relabel, use the <code class="command">semanage</code> command, which is discussed later. As the Linux root user, run the following command to change the type to a type used by Samba:
- </p><p>
- <code class="command">/usr/bin/chcon -t samba_share_t /var/www/html/test2file</code>
- </p><p>
+ </div><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/test2file
+</pre><div class="para">
+ By default, Linux users run unconfined in Fedora 10, which is why the <code class="filename">test2file</code> file is labeled with the SELinux <code class="computeroutput">unconfined_u</code> user. RBAC is used for processes, not files. Roles do not have a meaning for files - the <code class="computeroutput">object_r</code> role is a generic role used for files (on persistent storage and network file systems). Under the <code class="filename">/proc/</code> directory, files related to processes may use the <code class="computeroutput">system_r</code> role.<sup>[<a id="d0e1463" href="#ftn.d0e1463">7</a>]</sup> The <code class="computeroutput">httpd_sys_content_t</code> type allows the <code class="systemitem">httpd</code> process to access this file.
+ </div></li><li><div class="para">
+ The <code class="command">chcon</code> command relabels files; however, such label changes do not survive when the file system is relabeled. For permanent changes that survive a file system relabel, use the <code class="command">semanage</code> command, which is discussed later. As the Linux root user, run the following command to change the type to a type used by Samba:
+ </div><div class="para">
+ <code class="command">chcon -t samba_share_t /var/www/html/test2file</code>
+ </div><div class="para">
Run the <code class="command">ls -Z /var/www/html/test2file</code> command to view the changes:
- </p><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:samba_share_t:s0 /var/www/html/test2file
-</pre></li><li><p>
- Run the <code class="command">/sbin/service httpd status</code> command to confirm that the <code class="systemitem">httpd</code> process is not running:
- </p><pre class="screen">$ /sbin/service httpd status
+ </div><pre class="screen">-rw-r--r-- root root unconfined_u:object_r:samba_share_t:s0 /var/www/html/test2file
+</pre></li><li><div class="para">
+ Run the <code class="command">service httpd status</code> command to confirm that the <code class="systemitem">httpd</code> process is not running:
+ </div><pre class="screen">$ /sbin/service httpd status
httpd is stopped
-</pre><p>
- If the output differs, run the <code class="command">/sbin/service httpd stop</code> command as the Linux root user to stop the <code class="systemitem">httpd</code> process:
- </p><pre class="screen"># /sbin/service httpd stop
+</pre><div class="para">
+ If the output differs, run the <code class="command">service httpd stop</code> command as the Linux root user to stop the <code class="systemitem">httpd</code> process:
+ </div><pre class="screen"># /sbin/service httpd stop
Stopping httpd: [ OK ]
-</pre></li><li><p>
+</pre></li><li><div class="para">
To make the <code class="systemitem">httpd</code> process run unconfined, run the following command as the Linux root user to change the type of <code class="filename">/usr/sbin/httpd</code>, to a type that does not transition to a confined domain:
- </p><p>
- <code class="command">/usr/bin/chcon -t unconfined_exec_t /usr/sbin/httpd</code>
- </p></li><li><p>
+ </div><div class="para">
+ <code class="command">chcon -t unconfined_exec_t /usr/sbin/httpd</code>
+ </div></li><li><div class="para">
Run the <code class="command">ls -Z /usr/sbin/httpd</code> command to confirm that <code class="filename">/usr/sbin/httpd</code> is labeled with the <code class="computeroutput">unconfined_exec_t</code> type:
- </p><pre class="screen">-rwxr-xr-x root root system_u:object_r:unconfined_exec_t /usr/sbin/httpd
-</pre></li><li><p>
- As the Linux root user, run the <code class="command">/sbin/service httpd start</code> command to start the <code class="systemitem">httpd</code> process. The output is as follows if <code class="systemitem">httpd</code> starts successfully:
- </p><pre class="screen"># /sbin/service httpd start
+ </div><pre class="screen">-rwxr-xr-x root root system_u:object_r:unconfined_exec_t /usr/sbin/httpd
+</pre></li><li><div class="para">
+ As the Linux root user, run the <code class="command">service httpd start</code> command to start the <code class="systemitem">httpd</code> process. The output is as follows if <code class="systemitem">httpd</code> starts successfully:
+ </div><pre class="screen"># /sbin/service httpd start
Starting httpd: [ OK ]
-</pre></li><li><p>
+</pre></li><li><div class="para">
Run the <code class="command">ps -eZ | grep httpd</code> command to view the <code class="systemitem">httpd</code> running in the <code class="computeroutput">unconfined_t</code> domain:
- </p><pre class="screen">$ ps -eZ | grep httpd
+ </div><pre class="screen">$ ps -eZ | grep httpd
unconfined_u:system_r:unconfined_t <em class="replaceable"><code>7721</code></em> ? 00:00:00 httpd
unconfined_u:system_r:unconfined_t <em class="replaceable"><code>7723</code></em> ? 00:00:00 httpd
unconfined_u:system_r:unconfined_t <em class="replaceable"><code>7724</code></em> ? 00:00:00 httpd
@@ -60,9 +62,9 @@
unconfined_u:system_r:unconfined_t <em class="replaceable"><code>7728</code></em> ? 00:00:00 httpd
unconfined_u:system_r:unconfined_t <em class="replaceable"><code>7729</code></em> ? 00:00:00 httpd
unconfined_u:system_r:unconfined_t <em class="replaceable"><code>7730</code></em> ? 00:00:00 httpd
-</pre></li><li><p>
- Change into a directory where your Linux user has write access to, and run the <code class="command">wget http://localhost/test2file</code> command. Unless there are any changes to the default configuration, this command succeeds:
- </p><pre class="screen">--2008-09-07 01:41:10-- http://localhost/test2file
+</pre></li><li><div class="para">
+ Change into a directory where your Linux user has write access to, and run the <code class="command">wget http://localhost/test2file</code> command. Unless there are changes to the default configuration, this command succeeds:
+ </div><pre class="screen">--2008-09-07 01:41:10-- http://localhost/test2file
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
@@ -72,19 +74,19 @@
[ <=> ]--.-K/s in 0s
2008-09-07 01:41:10 (0.00 B/s) - `test2file.1' saved [0/0]
-</pre><p>
+</pre><div class="para">
Although the <code class="systemitem">httpd</code> process does not have access to files labeled with the <code class="computeroutput">samba_share_t</code> type, <code class="systemitem">httpd</code> is running in the unconfined <code class="computeroutput">unconfined_t</code> domain, and falls back to using DAC rules, and as such, the <code class="command">wget</code> command succeeds. Had <code class="systemitem">httpd</code> been running in the confined <code class="computeroutput">httpd_t</code> domain, the <code class="command">wget</code> command would have failed.
- </p></li><li><p>
- The <code class="command">/sbin/restorecon</code> command restores the default SELinux context for files. As the Linux root user, run the <code class="command">restorecon -v /usr/sbin/httpd</code> command to restore the default SELinux context for <code class="filename">/usr/sbin/httpd</code>:
- </p><pre class="screen"># restorecon -v /usr/sbin/httpd
+ </div></li><li><div class="para">
+ The <code class="command">restorecon</code> command restores the default SELinux context for files. As the Linux root user, run the <code class="command">restorecon -v /usr/sbin/httpd</code> command to restore the default SELinux context for <code class="filename">/usr/sbin/httpd</code>:
+ </div><pre class="screen"># /sbin/restorecon -v /usr/sbin/httpd
restorecon reset /usr/sbin/httpd context system_u:object_r:unconfined_notrans_exec_t:s0->system_u:object_r:httpd_exec_t:s0
-</pre><p>
+</pre><div class="para">
Run the <code class="command">ls -Z /usr/sbin/httpd</code> command to confirm that <code class="filename">/usr/sbin/httpd</code> is labeled with the <code class="computeroutput">httpd_exec_t</code> type:
- </p><pre class="screen">$ ls -Z /usr/sbin/httpd
+ </div><pre class="screen">$ ls -Z /usr/sbin/httpd
-rwxr-xr-x root root system_u:object_r:httpd_exec_t /usr/sbin/httpd
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/sbin/service httpd restart</code> command to restart <code class="systemitem">httpd</code>. After restarting, run the <code class="command">ps -eZ | grep httpd</code> to confirm that <code class="systemitem">httpd</code> is running in the confined <code class="computeroutput">httpd_t</code> domain:
- </p><pre class="screen"># /sbin/service httpd restart
+ </div><pre class="screen"># /sbin/service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
# ps -eZ | grep httpd
@@ -97,14 +99,14 @@
unconfined_u:system_r:httpd_t 8887 ? 00:00:00 httpd
unconfined_u:system_r:httpd_t 8888 ? 00:00:00 httpd
unconfined_u:system_r:httpd_t 8889 ? 00:00:00 httpd
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">rm -i /var/www/html/test2file</code> command to remove <code class="filename">test2file</code>.
- </p></li><li><p>
- If you do not require <code class="systemitem">httpd</code> to be running, as the Linux root user, run the <code class="command">/sbin/service httpd stop</code> command to stop <code class="systemitem">httpd</code>:
- </p><pre class="screen"># /sbin/service httpd stop
+ </div></li><li><div class="para">
+ If you do not require <code class="systemitem">httpd</code> to be running, as the Linux root user, run the <code class="command">service httpd stop</code> command to stop <code class="systemitem">httpd</code>:
+ </div><pre class="screen"># /sbin/service httpd stop
Stopping httpd: [ OK ]
-</pre></li></ol></div><p>
+</pre></li></ol></div><div class="para">
The examples in these sections demonstrate how data can be protected from a compromised confined-process (protected by SELinux), as well as how data is more accessible to an attacker from a compromised unconfined-process (not protected by SELinux).
- </p><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e1469" href="#d0e1469" class="para">7</a>] </sup>
+ </div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e1463" href="#d0e1463">7</a>] </sup>
When using other policies, such as MLS, other roles may also be used, for example, <code class="computeroutput">secadm_r</code>.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Targeted_Policy.html"><strong>Prev</strong>Chapter 4. Targeted Policy</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html"><strong>Next</strong>4.3. Confined and Unconfined Users</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,17 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.2.3. Evolving Rules and Broken Applications</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html" title="7.2.2. How are Confined Services Running?"/><link rel="next" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.2.3. Evolving Rules and Broken Applications</strong></a></p><ul class="docnav"><li class="pr
evious"><a accesskey="p" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications">7.2.3. Evolving Rules and Broken Applications</h3></div></div></div><p>
- Applications may be broken, causing SELinux to deny access. Also, SELinux rules are evolving - SELinux may not have seen an application running in a certain way, possibly causing it to deny access, even though the application is working as expected. For example, if a new version of PostgreSQL is released, it may perform actions that the current policy has not seen before, causing access to be denied, even though access should be allowed.
- </p><p>
- For these situations, after access is denied, use <code class="command">audit2allow</code> to create a custom policy module to allow access. The following example searches for <code class="computeroutput">postgresql</code> entries in <code class="filename">audit.log</code>, and sends those entries through <code class="command">audit2allow</code> to create a custom module:
- </p><pre class="screen">
-# grep postgresql /var/log/audit/audit.log | audit2allow \
--R -M mypostgresql
-</pre><p>
- To install the module, run the <code class="command">semodule -i</code> command as the Linux root user:
- </p><pre class="screen">
-# /usr/sbin/semodule -i mypostgresql.pp
-</pre><p>
- The <code class="command">audit2allow</code> command may allow more access than desired. When access is denied, it is best to report the denial in <a href="https://bugzilla.redhat.com/">Red Hat Bugzilla</a>, (against the <span class="package">selinux-policy</span> package), or to a mailing list, such as <a href="http://www.redhat.com/mailman/listinfo/fedora-selinux-list">fedora-selinux-list</a>, allowing a more strict rule to be added, or to add your changes to the distribution's or upstream policy.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html"><strong>Prev</strong>7.2.2. How are Confined Services Running?</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html"><strong>Next</strong>7.3. Fixing Problems</a></li></ul></body></html>
\ No newline at end of file
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.2.3. Evolving Rules and Broken Applications</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html" title="7.2.2. How are Confined Services Running?"/><link rel="next" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html" title="7.3. Fixing Problems"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="
right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications">7.2.3. Evolving Rules and Broken Applications</h3></div></div></div><div class="para">
+ Applications may be broken, causing SELinux to deny access. Also, SELinux rules are evolving - SELinux may not have seen an application running in a certain way, possibly causing it to deny access, even though the application is working as expected. For example, if a new version of PostgreSQL is released, it may perform actions the current policy has not seen before, causing access to be denied, even though access should be allowed.
+ </div><div class="para">
+ For these situations, after access is denied, use <code class="command">audit2allow</code> to create a custom policy module to allow access. Refer to <a href="sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html" title="7.3.8. Allowing Access: audit2allow">Section 7.3.8, “Allowing Access: audit2allow”</a> for information about using <code class="command">audit2allow</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html"><strong>Prev</strong>7.2.2. How are Confined Services Running?</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html"><strong>Next</strong>7.3. Fixing Problems</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.2.2. How are Confined Services Running?</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/><link rel="next" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html" title="7.2.3. Evolving Rules and Broken Applications"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.2.2. How are Confined Services Running?</strong></a></p><ul c
lass="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running">7.2.2. How are Confined Services Running?</h3></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.2.2. How are Confined Services Running?</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/><link rel="prev" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html" title="7.2. Top Three Causes of Problems"/><link rel="next" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html" title="7.2.3. Evolving Rules and Broken Applications"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt
="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running">7.2.2. How are Confined Services Running?</h3></div></div></div><div class="para">
Services can be run in a variety of ways. To cater for this, you must tell SELinux how you are running services. This can be achieved via Booleans that allow parts of SELinux policy to be changed at runtime, without any knowledge of SELinux policy writing. This allows changes, such as allowing services access to NFS file systems, without reloading or recompiling SELinux policy. Also, running services on non-default port numbers requires policy configuration to be updated via the <code class="command">semanage</code> command.
- </p><p>
+ </div><div class="para">
For example, to allow the Apache HTTP Server to communicate with MySQL, turn the <code class="computeroutput">httpd_can_network_connect_db</code> Boolean on:
- </p><pre class="screen">
+ </div><pre class="screen">
# /usr/sbin/setsebool -P httpd_can_network_connect_db on
-</pre><p>
+</pre><div class="para">
If access is denied for a particular service, use the <code class="command">getsebool</code> and <code class="command">grep</code> commands to see if any Booleans are available to allow access. For example, use the <code class="command">getsebool -a | grep ftp</code> command to search for FTP related Booleans:
- </p><pre class="screen">
+ </div><pre class="screen">
$ /usr/sbin/getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
@@ -18,36 +18,36 @@
ftp_home_dir --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
-</pre><p>
- For a list of Booleans and whether they are on or off, run the <code class="command">/usr/sbin/getsebool -a</code> command. For a list of Booleans, an explanation of what each one is, and whether they are on or off, as the Linux root user, run the <code class="command">/usr/sbin/semanage boolean -l</code> command. Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans">Section 5.6, “Booleans”</a> for information about listing and configuring Booleans.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-How_are_Confined_Services_Running-Port_Numbers">Port Numbers</h5>
- Depending on policy configuration, services may only be allowed to run on certain port numbers. Attempting to change the port a service runs on without changing policy may result in the service failing to start. For example, run the <code class="command">semanage port -l | grep http</code> command to list <code class="systemitem">http</code> related ports:
- <pre class="screen">
+</pre><div class="para">
+ For a list of Booleans and whether they are on or off, run the <code class="command">/usr/sbin/getsebool -a</code> command. For a list of Booleans, an explanation of what each one is, and whether they are on or off, run the <code class="command">/usr/sbin/semanage boolean -l</code> command as the Linux root user. Refer to <a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans">Section 5.6, “Booleans”</a> for information about listing and configuring Booleans.
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-How_are_Confined_Services_Running-Port_Numbers">Port Numbers</h5>
+ Depending on policy configuration, services may only be allowed to run on certain port numbers. Attempting to change the port a service runs on without changing policy may result in the service failing to start. For example, run the <code class="command">semanage port -l | grep http</code> command as the Linux root user to list <code class="systemitem">http</code> related ports:
+ </div><pre class="screen">
# /usr/sbin/semanage port -l | grep http
http_cache_port_t tcp 3128, 8080, 8118
http_cache_port_t udp 3130
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
-</pre><p>
+</pre><div class="para">
The <code class="computeroutput">http_port_t</code> port type defines the ports Apache HTTP Server can listen on, which in this case, are TCP ports 80, 443, 488, 8008, 8009, and 8443. If an administrator configures <code class="filename">httpd.conf</code> so that <code class="systemitem">httpd</code> listens on port 9876 (<code class="option">Listen 9876</code>), but policy is not updated to reflect this, the <code class="command">service httpd start</code> command fails:
- </p><pre class="screen">
+ </div><pre class="screen">
# /sbin/service httpd start
Starting httpd: (13)Permission denied: make_sock: could not bind to address [::]:9876
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:9876
no listening sockets available, shutting down
Unable to open logs
[FAILED]
-</pre><p>
+</pre><div class="para">
An SELinux denial similar to the following is logged to <code class="filename">/var/log/audit/audit.log</code>:
- </p><pre class="screen">
+ </div><pre class="screen">
type=AVC msg=audit(1225948455.061:294): avc: denied { name_bind } for pid=4997 comm="httpd" src=9876 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
-</pre><p>
- To allow <code class="systemitem">httpd</code> to listen on a port that is not listed for the <code class="computeroutput">http_port_t</code> port type, run the <code class="command">semanage port</code> command to add a port to policy configuration<sup>[<a id="d0e5365" href="#ftn.d0e5365" class="footnote">15</a>]</sup>:
- </p><pre class="screen">
+</pre><div class="para">
+ To allow <code class="systemitem">httpd</code> to listen on a port that is not listed for the <code class="computeroutput">http_port_t</code> port type, run the <code class="command">semanage port</code> command to add a port to policy configuration<sup>[<a id="d0e5490" href="#ftn.d0e5490">15</a>]</sup>:
+ </div><pre class="screen">
# /usr/sbin/semanage port -a -t http_port_t -p tcp 9876
-</pre><p>
+</pre><div class="para">
The <code class="option">-a</code> option adds a new record; the <code class="option">-t</code> option defines a type; and the <code class="option">-p</code> option defines a protocol. The last argument is the port number to add.
- </p><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e5365" href="#d0e5365" class="para">15</a>] </sup>
+ </div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e5490" href="#d0e5490">15</a>] </sup>
The <code class="command">semanage port -a</code> command adds an entry to the <code class="filename">/etc/selinux/targeted/modules/active/ports.local</code> file. Note: by default, this file can only be viewed by the Linux root user.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html"><strong>Prev</strong>7.2. Top Three Causes of Problems</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html"><strong>Next</strong>7.2.3. Evolving Rules and Broken Applications</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,21 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3. Fixing Problems</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/><link rel="prev" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html" title="7.2.3. Evolving Rules and Broken Applications"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html" title="7.3.2. Possible Causes of Silent Denials"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.3. Fixing Problems</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Se
curity-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems">7.3. Fixing Problems</h2></div></div></div><p>
- The following sections help troubleshoot issues. They go over: checking Linux permissions, which are checked before SELinux rules; possible causes of SELinux denying access but no denials being logged; manual pages for services, which contain information about labeling and Booleans; permissive domains, for allowing one process to run permissive, rather than the whole system; how to search for and view denial messages; analyzing denials; and creating custom policy modules with <code class="command">audit2allow</code>.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Linux_Permissions">7.3.1. Linux Permissions</h3></div></div></div><p>
- When access is denied, check standard Linux permissions. As mentioned in <a class="xref" href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction">Chapter 2, <i>Introduction</i></a>, most operating systems use a Discretionary Access Control (DAC) system to control access, allowing users to control the permissions of files that they own. SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.
- </p><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.3. Fixing Problems</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/><link rel="prev" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html" title="7.2.3. Evolving Rules and Broken Applications"/><link rel="next" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html" title="7.3.2. Possible Causes of Silent Denials"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="
http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems">7.3. Fixing Problems</h2></div></div></div><div class="para">
+ The following sections help troubleshoot issues. They go over: checking Linux permissions, which are checked before SELinux rules; possible causes of SELinux denying access, but no denials being logged; manual pages for services, which contain information about labeling and Booleans; permissive domains, for allowing one process to run permissive, rather than the whole system; how to search for and view denial messages; analyzing denials; and creating custom policy modules with <code class="command">audit2allow</code>.
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Fixing_Problems-Linux_Permissions">7.3.1. Linux Permissions</h3></div></div></div><div class="para">
+ When access is denied, check standard Linux permissions. As mentioned in <a href="chap-Security-Enhanced_Linux-Introduction.html" title="Chapter 2. Introduction">Chapter 2, <i xmlns:xlink="http://www.w3.org/1999/xlink">Introduction</i></a>, most operating systems use a Discretionary Access Control (DAC) system to control access, allowing users to control the permissions of files that they own. SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.
+ </div><div class="para">
If access is denied and no SELinux denials are logged, use the <code class="command">ls -l</code> command to view the standard Linux permissions:
- </p><pre class="screen">
+ </div><pre class="screen">
$ ls -l /var/www/html/index.html
-rw-r----- 1 root root 0 2008-11-07 11:06 index.html
-</pre><p>
+</pre><div class="para">
In this example, <code class="filename">index.html</code> is owned by the root user and group. The root user has read and write permissions (<code class="computeroutput">-rw</code>), and members of the root group have read permissions (<code class="computeroutput">-r-</code>). Everyone else has no access (<code class="computeroutput">---</code>). By default, such permissions do not allow <code class="systemitem">httpd</code> to read this file. To resolve this issue, use the <code class="command">chown</code> command to change the owner and group. This command must be run as the Linux root user:
- </p><pre class="screen">
+ </div><pre class="screen">
# chown apache:apache /var/www/html/index.html
-</pre><p>
+</pre><div class="para">
This assumes the default configuration, in which <code class="systemitem">httpd</code> runs as the Linux apache user. If you run <code class="systemitem">httpd</code> with a different user, replace <code class="computeroutput">apache:apache</code> with that user.
- </p><p>
+ </div><div class="para">
Refer to the <a href="http://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/Permissions">Fedora Documentation Project "Permissions"</a> draft for information about managing Linux permissions.
- </p></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html"><strong>Prev</strong>7.2.3. Evolving Rules and Broken Applications</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Next</strong>7.3.2. Possible Causes of Silent Denials</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Evolving_Rules_and_Broken_Applications.html"><strong>Prev</strong>7.2.3. Evolving Rules and Broken Applications</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html"><strong>Next</strong>7.3.2. Possible Causes of Silent Denials</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,40 +1,40 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.2. Top Three Causes of Problems</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/><link rel="prev" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/><link rel="next" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html" title="7.2.2. How are Confined Services Running?"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>7.2. Top Three Causes of Problems</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Troubles
hooting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems">7.2. Top Three Causes of Problems</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>7.2. Top Three Causes of Problems</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/><link rel="prev" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting"/><link rel="next" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html" title="7.2.2. How are Confined Services Running?"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Co
mmon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Troubleshooting.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Troubleshooting-Top_Three_Causes_of_Problems">7.2. Top Three Causes of Problems</h2></div></div></div><div class="para">
The following sections describe the top three causes of problems: labeling problems, configuring Booleans and ports for services, and evolving SELinux rules.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems">7.2.1. Labeling Problems</h3></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems">7.2.1. Labeling Problems</h3></div></div></div><div class="para">
On systems running SELinux, all processes and files are labeled with a label that contains security-relevant information. This information is called the SELinux context. If these labels are wrong, access may be denied. If an application is labeled incorrectly, the process it transitions to may not have the correct label, possibly causing SELinux to deny access, and the process being able to create mislabeled files.
- </p><p>
- A common cause of labeling problems is when a non-standard directory is used for a service. For example, instead of using <code class="filename">/var/www/html/</code> for a website, an administrator wants to use <code class="filename">/srv/myweb/</code>. On Fedora 10, the <code class="filename">/srv/</code> directory is labeled with the <code class="computeroutput">var_t</code> type. Files and directories created and <code class="filename">/srv/</code> inherit this type. Also, newly-created top-level directories (such as <code class="filename">/myserver</code>) may be labeled with the <code class="computeroutput">default_t</code> type. SELinux prevents the Apache HTTP Server (<code class="systemitem">httpd</code>) from accessing both of these types. To allow access, SELinux must know that the files in <code class="filename">/srv/myweb/</code> are to be accessible to <code class="systemitem">httpd</code>:
- </p><pre class="screen">
+ </div><div class="para">
+ A common cause of labeling problems is when a non-standard directory is used for a service. For example, instead of using <code class="filename">/var/www/html/</code> for a website, an administrator wants to use <code class="filename">/srv/myweb/</code>. On Fedora 10, the <code class="filename">/srv/</code> directory is labeled with the <code class="computeroutput">var_t</code> type. Files and directories created and <code class="filename">/srv/</code> inherit this type. Also, newly-created top-level directories (such as <code class="filename">/myserver/</code>) may be labeled with the <code class="computeroutput">default_t</code> type. SELinux prevents the Apache HTTP Server (<code class="systemitem">httpd</code>) from accessing both of these types. To allow access, SELinux must know that the files in <code class="filename">/srv/myweb/</code> are to be accessible to <code class="systemitem">httpd</code>:
+ </div><pre class="screen">
# /usr/sbin/semanage fcontext -a -t httpd_sys_content_t \
"/srv/myweb(/.*)?"
-</pre><p>
- This <code class="command">semanage</code> command adds the context for the <code class="filename">/srv/myweb/</code> directory (and all files and directories under it) to the SELinux file-context configuration<sup>[<a id="d0e5203" href="#ftn.d0e5203" class="footnote">14</a>]</sup>. The <code class="command">semanage</code> command does not change the context. As the Linux root user, run the <code class="command">restorecon</code> command to apply the changes:
- </p><pre class="screen">
+</pre><div class="para">
+ This <code class="command">semanage</code> command adds the context for the <code class="filename">/srv/myweb/</code> directory (and all files and directories under it) to the SELinux file-context configuration<sup>[<a id="d0e5328" href="#ftn.d0e5328">14</a>]</sup>. The <code class="command">semanage</code> command does not change the context. As the Linux root user, run the <code class="command">restorecon</code> command to apply the changes:
+ </div><pre class="screen">
# /sbin/restorecon -R -v /srv/myweb
-</pre><p>
- Refer to <a class="xref" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext">Section 5.7.2, “Persistent Changes: semanage fcontext”</a> for further information about adding contexts to the file-context configuration.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security-Enhanced_Linux-Labeling_Problems-What_is_the_Correct_Context">7.2.1.1. What is the Correct Context?</h4></div></div></div><p>
+</pre><div class="para">
+ Refer to <a href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext">Section 5.7.2, “Persistent Changes: semanage fcontext”</a> for further information about adding contexts to the file-context configuration.
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security-Enhanced_Linux-Labeling_Problems-What_is_the_Correct_Context">7.2.1.1. What is the Correct Context?</h4></div></div></div><div class="para">
The <code class="command">matchpathcon</code> command checks the context of a file path and compares it to the default label for that path. The following example demonstrates using <code class="command">matchpathcon</code> on a directory that contains incorrectly labeled files:
- </p><pre class="screen">
-$ matchpathcon -V /var/www/html/*
+ </div><pre class="screen">
+$ /usr/sbin/matchpathcon -V /var/www/html/*
/var/www/html/index.html has context unconfined_u:object_r:user_home_t:s0, should be system_u:object_r:httpd_sys_content_t:s0
/var/www/html/page1.html has context unconfined_u:object_r:user_home_t:s0, should be system_u:object_r:httpd_sys_content_t:s0
-</pre><p>
+</pre><div class="para">
In this example, the <code class="filename">index.html</code> and <code class="filename">page1.html</code> files are labeled with the <code class="computeroutput">user_home_t</code> type. This type is used for files in user home directories. Using the <code class="command">mv</code> command to move files from your home directory may result in files being labeled with the <code class="computeroutput">user_home_t</code> type. This type should not exist outside of home directories. Use the <code class="command">restorecon</code> command to restore such files to their correct type:
- </p><pre class="screen">
-# restorecon -v /var/www/html/index.html
+ </div><pre class="screen">
+# /sbin/restorecon -v /var/www/html/index.html
restorecon reset /var/www/html/index.html context unconfined_u:object_r:user_home_t:s0->system_u:object_r:httpd_sys_content_t:s0
-</pre><p>
+</pre><div class="para">
To restore the context for all files under a directory, use the <code class="option">-R</code> option:
- </p><pre class="screen">
-# restorecon -R -v /var/www/html/
+ </div><pre class="screen">
+# /sbin/restorecon -R -v /var/www/html/
restorecon reset /var/www/html/page1.html context unconfined_u:object_r:samba_share_t:s0->system_u:object_r:httpd_sys_content_t:s0
restorecon reset /var/www/html/index.html context unconfined_u:object_r:samba_share_t:s0->system_u:object_r:httpd_sys_content_t:s0
-</pre><p>
- Refer to <a class="xref" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html" title="5.10.3. Checking the Default SELinux Context">Section 5.10.3, “Checking the Default SELinux Context”</a> for a more detailed example of <code class="command">matchpathcon</code>.
- </p></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e5203" href="#d0e5203" class="para">14</a>] </sup>
+</pre><div class="para">
+ Refer to <a href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Checking_the_Default_SELinux_Context.html" title="5.10.3. Checking the Default SELinux Context">Section 5.10.3, “Checking the Default SELinux Context”</a> for a more detailed example of <code class="command">matchpathcon</code>.
+ </div></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e5328" href="#d0e5328">14</a>] </sup>
Files in <code class="filename">/etc/selinux/targeted/contexts/files/</code> define contexts for files and directories. Files in this directory are read by <code class="command">restorecon</code> and <code class="command">setfiles</code> to restore files and directories to their default contexts.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Troubleshooting.html"><strong>Prev</strong>Chapter 7. Troubleshooting</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-How_are_Confined_Services_Running.html"><strong>Next</strong>7.2.2. How are Confined Services Running?</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html 24 Nov 2008 22:43:12 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,34 +1,34 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.6. Booleans</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html" title="5.5. SELinux Modes"/><link rel="next" href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html" title="5.6.2. Configuring Booleans"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.6. Booleans</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans">5.6. Booleans</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.6. Booleans</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html" title="5.5. SELinux Modes"/><link rel="next" href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html" title="5.6.2. Configuring Booleans"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Docum
entation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Booleans-Configuring_Booleans.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans">5.6. Booleans</h2></div></div></div><div class="para">
Booleans allow parts of SELinux policy to be changed at runtime, without any knowledge of SELinux policy writing. This allows changes, such as allowing services access to NFS file systems, without reloading or recompiling SELinux policy.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Booleans-Listing_Booleans">5.6.1. Listing Booleans</h3></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Booleans-Listing_Booleans">5.6.1. Listing Booleans</h3></div></div></div><div class="para">
For a list of Booleans, an explanation of what each one is, and whether they are on or off, run the <code class="command">semanage boolean -l</code> command as the Linux root user. The following example does not list all Booleans:
- </p><pre class="screen"># /usr/sbin/semanage boolean -l
+ </div><pre class="screen"># /usr/sbin/semanage boolean -l
SELinux boolean Description
ftp_home_dir -> off Allow ftp to read and write files in the user home directories
xen_use_nfs -> off Allow xen to manage nfs files
xguest_connect_network -> on Allow xguest to configure Network Manager
-</pre><p>
+</pre><div class="para">
The <code class="computeroutput">SELinux boolean</code> column lists Boolean names. The <code class="computeroutput">Description</code> column lists whether the Booleans are on or off, and what they do.
- </p><p>
+ </div><div class="para">
In the following example, the <code class="computeroutput">ftp_home_dir</code> Boolean is off, preventing the FTP daemon (<code class="systemitem">vsftpd</code>) from reading and writing to files in user home directories:
- </p><pre class="screen">ftp_home_dir -> off Allow ftp to read and write files in the user home directories
-</pre><p>
+ </div><pre class="screen">ftp_home_dir -> off Allow ftp to read and write files in the user home directories
+</pre><div class="para">
The <code class="command">getsebool -a</code> command lists Booleans, whether they are on or off, but does not give a description of each one. The following example does not list all Booleans:
- </p><pre class="screen">$ /usr/sbin/getsebool -a
+ </div><pre class="screen">$ /usr/sbin/getsebool -a
allow_console_login --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
-</pre><p>
+</pre><div class="para">
Run the <code class="command">getsebool <em class="replaceable"><code>boolean-name</code></em></code> command to only list the status of the <em class="replaceable"><code>boolean-name</code></em> Boolean:
- </p><pre class="screen">$ /usr/sbin/getsebool allow_console_login
+ </div><pre class="screen">$ /usr/sbin/getsebool allow_console_login
allow_console_login --> off
-</pre><p>
+</pre><div class="para">
Use a space-separated list to list multiple Booleans:
- </p><pre class="screen">$ /usr/sbin/getsebool allow_console_login allow_cvs_read_shadow allow_daemons_dump_core
+ </div><pre class="screen">$ /usr/sbin/getsebool allow_console_login allow_cvs_read_shadow allow_daemons_dump_core
allow_console_login --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,26 +1,26 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.4. Enabling and Disabling SELinux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html" title="5.3. Main Configuration File"/><link rel="next" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html" title="5.4.2. Disabling SELinux"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.4. Enabling and Disabling SELinux</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_L
inux-Working_with_SELinux-Main_Configuration_File.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux">5.4. Enabling and Disabling SELinux</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.4. Enabling and Disabling SELinux</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html" title="5.3. Main Configuration File"/><link rel="next" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html" title="5.4.2. Disabling SELinux"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><
img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux">5.4. Enabling and Disabling SELinux</h2></div></div></div><div class="para">
Use the <code class="command">/usr/sbin/getenforce</code> or <code class="command">/usr/sbin/sestatus</code> commands to check the status of SELinux. The <code class="command">getenforce</code> command returns <code class="computeroutput">Enforcing</code>, <code class="computeroutput">Permissive</code>, or <code class="computeroutput">Disabled</code>. The <code class="command">getenforce</code> command returns <code class="computeroutput">Enforcing</code> when SELinux is enabled (SELinux policy rules are enforced):
- </p><pre class="screen">$ /usr/sbin/getenforce
+ </div><pre class="screen">$ /usr/sbin/getenforce
Enforcing
-</pre><p>
+</pre><div class="para">
The <code class="command">getenforce</code> command returns <code class="computeroutput">Permissive</code> when SELinux is enabled, but SELinux policy rules are not enforced, and only DAC rules are used. The <code class="command">getenforce</code> command returns <code class="computeroutput">Disabled</code> if SELinux is disabled.
- </p><p>
+ </div><div class="para">
The <code class="command">sestatus</code> command returns the SELinux status and the SELinux policy being used:
- </p><pre class="screen">$ /usr/sbin/sestatus
+ </div><pre class="screen">$ /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 23
Policy from config file: targeted
-</pre><p>
+</pre><div class="para">
<code class="computeroutput">SELinux status: enabled</code> is returned when SELinux is enabled. <code class="computeroutput">Current mode: enforcing</code> is returned when SELinux is running in enforcing mode. <code class="computeroutput">Policy from config file: targeted</code> is returned when the SELinux targeted policy is used.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Enabling_SELinux">5.4.1. Enabling SELinux</h3></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Enabling_SELinux">5.4.1. Enabling SELinux</h3></div></div></div><div class="para">
On systems with SELinux disabled, the <code class="computeroutput">SELINUX=disabled</code> option is configured in <code class="filename">/etc/selinux/config</code>:
- </p><pre class="screen"># This file controls the state of SELinux on the system.
+ </div><pre class="screen"># This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
@@ -30,23 +30,23 @@
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-</pre><p>
+</pre><div class="para">
Also, the <code class="command">getenforce</code> command returns <code class="computeroutput">Disabled</code>:
- </p><pre class="screen">$ /usr/sbin/getenforce
+ </div><pre class="screen">$ /usr/sbin/getenforce
Disabled
-</pre><p>
+</pre><div class="para">
To enable SELinux:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
Use the <code class="command">rpm -qa | grep selinux</code>, <code class="command">rpm -q policycoreutils</code>, and <code class="command">rpm -qa | grep setroubleshoot</code> commands to confirm that the SELinux packages are installed. This guide assumes the following packages are installed: <span class="package">selinux-policy-targeted</span>, <span class="package">selinux-policy</span>, <span class="package">libselinux</span>, <span class="package">libselinux-python</span>, <span class="package">libselinux-utils</span>, <span class="package">policycoreutils</span>, <span class="package">setroubleshoot</span>, <span class="package">setroubleshoot-server</span>, <span class="package">setroubleshoot-plugins</span>. If these packages are not installed, as the Linux root user, install them via the <code class="command">yum install <em class="replaceable"><code>package-name</code></em></code> command. The following packages are optional: <span class="package">policycoreu
tils-gui</span>, <span class="package">setroubleshoot</span>, <span class="package">selinux-policy-devel</span>, and <span class="package">mcstrans</span>.
- </p><p>
- After installing the <span class="package">setroubleshoot-server</span> package, use the <code class="command">/sbin/chkconfig --list setroubleshoot</code> command to confirm that <code class="systemitem">setroubleshootd</code> starts when the system is running in runlevel<sup>[<a id="d0e2475" href="#ftn.d0e2475" class="footnote">10</a>]</sup> 3, 4, and 5:
- </p><pre class="screen">$ /sbin/chkconfig --list setroubleshoot
+ </div><div class="para">
+ After installing the <span class="package">setroubleshoot-server</span> package, use the <code class="command">/sbin/chkconfig --list setroubleshoot</code> command to confirm that <code class="systemitem">setroubleshootd</code> starts when the system is running in runlevel<sup>[<a id="d0e2484" href="#ftn.d0e2484">10</a>]</sup> 3, 4, and 5:
+ </div><pre class="screen">$ /sbin/chkconfig --list setroubleshoot
setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
-</pre><p>
+</pre><div class="para">
If the output differs, as the Linux root user, run the <code class="command">/sbin/chkconfig --levels 345 setroubleshoot on</code> command. This makes <code class="systemitem">setroubleshootd</code> automatically start when the system is in runlevel 3, 4, and 5.
- </p></li><li><p>
+ </div></li><li><div class="para">
Before SELinux is enabled, each file on the file system must be labeled with an SELinux context. Before this happens, confined domains may be denied access, preventing your system from booting correctly. To prevent this, configure <code class="computeroutput">SELINUX=permissive</code> in <code class="filename">/etc/selinux/config</code>:
- </p><pre class="screen"># This file controls the state of SELinux on the system.
+ </div><pre class="screen"># This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
@@ -56,19 +56,19 @@
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">reboot</code> command to restart the system. During the next boot, file systems are labeled. The label process labels all files with an SELinux context:
- </p><pre class="screen">*** Warning -- SELinux targeted policy relabel is required.
+ </div><pre class="screen">*** Warning -- SELinux targeted policy relabel is required.
*** Relabeling could take a very long time, depending on file
*** system size and speed of hard drives.
****
-</pre><p>
+</pre><div class="para">
Each <code class="computeroutput">*</code> character on the bottom line represents 1000 files that have been labeled. In the above example, four <code class="computeroutput">*</code> characters represent 4000 files have been labeled. The time it takes to label all files depends upon the number of files on the system, and the speed of the hard disk drives. On modern systems, this process can take as little as 10 minutes.
- </p></li><li><p>
- In permissive mode, SELinux policy is not enforced, but denials are still logged for actions that would have been denied if running in enforcing mode. Before changing to enforcing mode, as the Linux root user, run the <code class="command">grep "SELinux is preventing" /var/log/messages</code> command as the Linux root user to confirm that SELinux did not deny actions during the last boot. If SELinux did not deny actions during the last boot, this command does not return any output. Refer to <a class="xref" href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting">Chapter 7, <i>Troubleshooting</i></a> for troubleshooting information if SELinux denied access during boot.
- </p></li><li><p>
+ </div></li><li><div class="para">
+ In permissive mode, SELinux policy is not enforced, but denials are still logged for actions that would have been denied if running in enforcing mode. Before changing to enforcing mode, as the Linux root user, run the <code class="command">grep "SELinux is preventing" /var/log/messages</code> command as the Linux root user to confirm that SELinux did not deny actions during the last boot. If SELinux did not deny actions during the last boot, this command does not return any output. Refer to <a href="chap-Security-Enhanced_Linux-Troubleshooting.html" title="Chapter 7. Troubleshooting">Chapter 7, <i xmlns:xlink="http://www.w3.org/1999/xlink">Troubleshooting</i></a> for troubleshooting information if SELinux denied access during boot.
+ </div></li><li><div class="para">
If there were no denial messages in <code class="filename">/var/log/messages</code>, configure <code class="computeroutput">SELINUX=enforcing</code> in <code class="filename">/etc/selinux/config</code>:
- </p><pre class="screen"># This file controls the state of SELinux on the system.
+ </div><pre class="screen"># This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
@@ -78,41 +78,41 @@
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-</pre></li><li><p>
+</pre></li><li><div class="para">
Reboot your system. After reboot, confirm that the <code class="command">getenforce</code> command returns <code class="computeroutput">Enforcing</code>:
- </p><pre class="screen">$ /usr/sbin/getenforce
+ </div><pre class="screen">$ /usr/sbin/getenforce
Enforcing
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/usr/sbin/semanage login -l</code> command to view the mapping between SELinux and Linux users. The output should be as follows:
- </p><pre class="screen">Login Name SELinux User MLS/MCS Range
+ </div><pre class="screen">Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
-</pre></li></ol></div><p>
+</pre></li></ol></div><div class="para">
If this is not the case, run the following commands as the Linux root user to fix the user mappings. It is safe to ignore the <code class="computeroutput">SELinux-user<em class="replaceable"><code> username</code></em> is already defined</code> warnings if they occur, where <em class="replaceable"><code>username</code></em> can be <code class="computeroutput">unconfined_u</code>, <code class="computeroutput">guest_u</code>, or <code class="computeroutput">xguest_u</code>:
- </p><div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
<pre class="screen">/usr/sbin/semanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u
</pre>
- </p></li><li><p>
+ </div></li><li><div class="para">
<pre class="screen">/usr/sbin/semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 __default__
</pre>
- </p></li><li><p>
+ </div></li><li><div class="para">
<pre class="screen">/usr/sbin/semanage login -m -S targeted -s "unconfined_u" -r s0-s0:c0.c1023 root
</pre>
- </p></li><li><p>
+ </div></li><li><div class="para">
<pre class="screen">/usr/sbin/semanage user -a -S targeted -P user -R guest_r guest_u
</pre>
- </p></li><li><p>
+ </div></li><li><div class="para">
<pre class="screen">/usr/sbin/semanage user -a -S targeted -P user -R xguest_r xguest_u
</pre>
- </p></li></ol></div><div class="important"><h2>Important</h2><p>
+ </div></li></ol></div><div class="important"><h2>Important</h2><div class="para">
When systems run with SELinux in permissive or disabled mode, users have permission to label files incorrectly. Also, files created while SELinux is disabled are not labeled. This causes problems when changing to enforcing mode. To prevent incorrectly labeled and unlabeled files from causing problems, file systems are automatically relabeled when changing from disabled mode to permissive or enforcing mode.
- </p></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e2475" href="#d0e2475" class="para">10</a>] </sup>
+ </div></div></div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e2484" href="#d0e2484">10</a>] </sup>
Refer to <a href="http://en.wikipedia.org/wiki/Runlevel">http://en.wikipedia.org/wiki/Runlevel</a> for information about runlevels.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html"><strong>Prev</strong>5.3. Main Configuration File</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html"><strong>Next</strong>5.4.2. Disabling SELinux</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.3. Main Configuration File</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.3. Main Configuration File</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Lin
ux-Working_with_SELinux-Which_Log_File_is_Used.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File">5.3. Main Configuration File</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.3. Main Configuration File</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html" title="5.2. Which Log File is Used"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.o
rg"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File">5.3. Main Configuration File</h2></div></div></div><div class="para">
The <code class="filename">/etc/selinux/config</code> file is the main SELinux configuration file. It controls the SELinux mode and the SELinux policy to use:
- </p><pre class="screen"># This file controls the state of SELinux on the system.
+ </div><pre class="screen"># This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
@@ -13,10 +13,10 @@
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
-</pre><div class="variablelist"><dl><dt><span class="term"><code class="computeroutput">SELINUX=enforcing</code></span></dt><dd><p>
+</pre><div class="variablelist"><dl><dt><span class="term"><code class="computeroutput">SELINUX=enforcing</code></span></dt><dd><div class="para">
The <code class="option">SELINUX</code> option sets the mode SELinux runs in. SELinux has three modes: enforcing, permissive, and disabled. When using enforcing mode, SELinux policy is enforced, and SELinux denies access based on SELinux policy rules. Denial messages are logged. When using permissive mode, SELinux policy is not enforced. SELinux does not deny access, but denials are logged for actions that would have been denied if running SELinux in enforcing mode. When using disabled mode, SELinux is disabled (the SELinux module is not registered with the Linux kernel), and only DAC rules are used.
- </p></dd><dt><span class="term"><code class="computeroutput">SELINUXTYPE=targeted</code></span></dt><dd><p>
+ </div></dd><dt><span class="term"><code class="computeroutput">SELINUXTYPE=targeted</code></span></dt><dd><div class="para">
The <code class="option">SELINUXTYPE</code> option sets the SELinux policy to use. Targeted policy is the default policy. Only change this option if you want to use the MLS policy. To use the MLS policy, install the <span class="package">selinux-policy-mls</span> package; configure <code class="option">SELINUXTYPE=mls</code> in <code class="filename">/etc/selinux/config</code>; and reboot your system.
- </p></dd></dl></div><div class="important"><h2>Important</h2><p>
+ </div></dd></dl></div><div class="important"><h2>Important</h2><div class="para">
When systems run with SELinux in permissive or disabled mode, users have permission to label files incorrectly. Also, files created while SELinux is disabled are not labeled. This causes problems when changing to enforcing mode. To prevent incorrectly labeled and unlabeled files from causing problems, file systems are automatically relabeled when changing from disabled mode to permissive or enforcing mode.
- </p></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html"><strong>Prev</strong>5.2. Which Log File is Used</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html"><strong>Next</strong>5.4. Enabling and Disabling SELinux</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html"><strong>Prev</strong>5.2. Which Log File is Used</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html"><strong>Next</strong>5.4. Enabling and Disabling SELinux</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,29 +1,29 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10. Maintaining SELinux Labels</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html" title="5.9.5. Making Context Mounts Persistent"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html" title="5.10.2. Moving Files and Directories"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.10. Maintaining SELinux Labels </strong></a></p><ul class="docnav"><li class="previous"><a accesske
y="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_">5.10. Maintaining SELinux Labels </h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.10. Maintaining SELinux Labels</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html" title="5.9.5. Making Context Mounts Persistent"/><link rel="next" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html" title="5.10.2. Moving Files and Directories"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right"
href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Maintaining_SELinux_Labels_">5.10. Maintaining SELinux Labels </h2></div></div></div><div class="para">
These sections describe what happens to SELinux contexts when copying, moving, and archiving files and directories. Also, it explains how to preserve contexts when copying and archiving.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Copying_Files_and_Directories">5.10.1. Copying Files and Directories</h3></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Copying_Files_and_Directories">5.10.1. Copying Files and Directories</h3></div></div></div><div class="para">
When a file or directory is copied, a new file or directory is created if it does not exist. That new file or directory's context is based on default-labeling rules, not the original file or directory's context (unless options were used to preserve the original context). For example, files created in user home directories are labeled with the <code class="computeroutput">user_home_t</code> type:
- </p><pre class="screen">
+ </div><pre class="screen">
$ touch file1
$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-</pre><p>
+</pre><div class="para">
If such a file is copied to another directory, such as <code class="filename">/etc/</code>, the new file is created in accordance to default-labeling rules for the <code class="filename">/etc/</code> directory. Copying a file (without additional options) may not preserve the original context:
- </p><pre class="screen">
+ </div><pre class="screen">
$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
# cp file1 /etc/
$ ls -Z /etc/file1
-rw-r--r-- root root unconfined_u:object_r:etc_t:s0 /etc/file1
-</pre><p>
+</pre><div class="para">
When <code class="filename">file1</code> is copied to <code class="filename">/etc/</code>, if <code class="filename">/etc/file1</code> does not exist, <code class="filename">/etc/file1</code> is created as a new file. As shown in the example above, <code class="filename">/etc/file1</code> is labeled with the <code class="computeroutput">etc_t</code> type, in accordance to default-labeling rules.
- </p><p>
+ </div><div class="para">
When a file is copied over an existing file, the existing file's context is preserved, unless the user specified <code class="command">cp</code> options to preserve the context of the original file, such as <code class="option">--preserve=context</code>. SELinux policy may prevent contexts from being preserved during copies.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Copying_Without_Preserving_SELinux_Contexts">Copying Without Preserving SELinux Contexts</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Copying_Without_Preserving_SELinux_Contexts">Copying Without Preserving SELinux Contexts</h5>
When copying a file with the <code class="command">cp</code> command, if no options are given, the type is inherited from the targeted, parent directory:
- <pre class="screen">
+ </div><pre class="screen">
$ touch file1
$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
@@ -32,11 +32,11 @@
# cp file1 /var/www/html/
$ ls -Z /var/www/html/file1
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html/file1
-</pre><p>
+</pre><div class="para">
In this example, <code class="filename">file1</code> is created in a user's home directory, and is labeled with the <code class="computeroutput">user_home_t</code> type. The <code class="filename">/var/www/html/</code> directory is labeled with the <code class="computeroutput">httpd_sys_content_t</code> type, as shown with the <code class="command">ls -dZ /var/www/html/</code> command. When <code class="filename">file1</code> is copied to <code class="filename">/var/www/html/</code>, it inherits the <code class="computeroutput">httpd_sys_content_t</code> type, as shown with the <code class="command">ls -Z /var/www/html/file1</code> command.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Preserving_SELinux_Contexts_When_Copying">Preserving SELinux Contexts When Copying</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Preserving_SELinux_Contexts_When_Copying">Preserving SELinux Contexts When Copying</h5>
Use the <code class="command">cp --preserve=context</code> command to preserve contexts when copying:
- <pre class="screen">
+ </div><pre class="screen">
$ touch file1
$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
@@ -45,22 +45,22 @@
# cp --preserve=context file1 /var/www/html/
$ ls -Z /var/www/html/file1
-rw-r--r-- root root unconfined_u:object_r:user_home_t:s0 /var/www/html/file1
-</pre><p>
+</pre><div class="para">
In this example, <code class="filename">file1</code> is created in a user's home directory, and is labeled with the <code class="computeroutput">user_home_t</code> type. The <code class="filename">/var/www/html/</code> directory is labeled with the <code class="computeroutput">httpd_sys_content_t</code> type, as shown with the <code class="command">ls -dZ /var/www/html/</code> command. Using the <code class="option">--preserve=context</code> option preserves SELinux contexts during copy operations. As shown with the <code class="command">ls -Z /var/www/html/file1</code> command, the <code class="filename">file1</code> <code class="computeroutput">user_home_t</code> type was preserved when the file was copied to <code class="filename">/var/www/html/</code>.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Copying_and_Changing_the_Context">Copying and Changing the Context</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Copying_and_Changing_the_Context">Copying and Changing the Context</h5>
Use the <code class="command">cp -Z</code> command to change the destination copy's context. The following example was performed in the user's home directory:
- <pre class="screen">
+ </div><pre class="screen">
$ touch file1
$ cp -Z system_u:object_r:samba_share_t:s0 file1 file2
$ ls -Z file1 file2
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-rw-rw-r-- user1 group1 system_u:object_r:samba_share_t:s0 file2
$ rm file1 file2
-</pre><p>
+</pre><div class="para">
In this example, the context is defined with the <code class="option">-Z</code> option. Without the <code class="option">-Z</code> option, <code class="filename">file2</code> would be labeled with the <code class="computeroutput">unconfined_u:object_r:user_home_t</code> context.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Copying_a_File_Over_an_Existing_File">Copying a File Over an Existing File</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Copying_Files_and_Directories-Copying_a_File_Over_an_Existing_File">Copying a File Over an Existing File</h5>
When a file is copied over an existing file, the existing file's context is preserved (unless an option is used to preserve contexts). For example:
- <pre class="screen">
+ </div><pre class="screen">
# touch /etc/file1
# ls -Z /etc/file1
-rw-r--r-- root root unconfined_u:object_r:etc_t:s0 /etc/file1
@@ -70,8 +70,8 @@
# cp /tmp/file2 /etc/file1
# ls -Z /etc/file1
-rw-r--r-- root root unconfined_u:object_r:etc_t:s0 /etc/file1
-</pre><p>
+</pre><div class="para">
In this example, two files are created: <code class="filename">/etc/file1</code>, labeled with the <code class="computeroutput">etc_t</code> type, and <code class="filename">/tmp/file2</code>, labeled with the <code class="computeroutput">user_tmp_t</code> type. The <code class="command">cp /tmp/file2 /etc/file1</code> command overwrites <code class="filename">file1</code> with <code class="filename">file2</code>. After copying, the <code class="command">ls -Z /etc/file1</code> command shows <code class="filename">file1</code> labeled with the <code class="computeroutput">etc_t</code> type, not the <code class="computeroutput">user_tmp_t</code> type from <code class="filename">/tmp/file2</code> that replaced <code class="filename">/etc/file1</code>.
- </p><div class="important"><h2>Important</h2><p>
+ </div><div class="important"><h2>Important</h2><div class="para">
Copy files and directories, rather than moving them. This helps ensure they are labeled with the correct SELinux contexts. Incorrect SELinux contexts can prevent processes from accessing such files and directories.
- </p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Prev</strong>5.9.5. Making Context Mounts Persistent</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html"><strong>Next</strong>5.10.2. Moving Files and Directories</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Making_Context_Mounts_Persistent.html"><strong>Prev</strong>5.9.5. Making Context Mounts Persistent</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Maintaining_SELinux_Labels_-Moving_Files_and_Directories.html"><strong>Next</strong>5.10.2. Moving Files and Directories</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,23 +1,23 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9. Mounting File Systems</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html" title="5.8. The file_t and default_t Types"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html" title="5.9.2. Changing the Default Context"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.9. Mounting File Systems</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-E
nhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems">5.9. Mounting File Systems</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.9. Mounting File Systems</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html" title="5.8. The file_t and default_t Types"/><link rel="next" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html" title="5.9.2. Changing the Default Context"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fe
doraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems">5.9. Mounting File Systems</h2></div></div></div><div class="para">
By default, when a file system that supports extended attributes is mounted, the security context for each file is obtained from the <span class="emphasis"><em>security.selinux</em></span> extended attribute of the file. Files in file systems that do not support extended attributes are assigned a single, default security context from the policy configuration, based on file system type.
- </p><p>
+ </div><div class="para">
Use the <code class="command">mount -o context</code> command to override existing extended attributes, or to specify a different, default context for file systems that do not support extended attributes. This is useful if you do not trust a file system to supply the correct attributes, for example, removable media used in multiple systems. The <code class="command">mount -o context</code> command can also be used to support labeling for file systems that do not support extended attributes, such as File Allocation Table (FAT) or NFS file systems. The context specified with the <code class="option">context</code> is not written to disk: the original contexts are preserved, and are seen when mounting without a <code class="option">context</code> option (if the file system had extended attributes in the first place).
- </p><p>
+ </div><div class="para">
For further information about file system labeling, refer to James Morris's "Filesystem Labeling in SELinux" article: <a href="http://www.linuxjournal.com/article/7426">http://www.linuxjournal.com/article/7426</a>.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Context_Mounts">5.9.1. Context Mounts</h3></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-Mounting_File_Systems-Context_Mounts">5.9.1. Context Mounts</h3></div></div></div><div class="para">
To mount a file system with the specified context, overriding existing contexts if they exist, or to specify a different, default context for a file system that does not support extended attributes, as the Linux root user, use the <code class="command">mount -o context=<em class="replaceable"><code>SELinux_user:role:type:level</code></em></code> command when mounting the desired file system. Context changes are not written to disk. By default, NFS mounts on the client side are labeled with a default context defined by policy for NFS file systems. In common policies, this default context uses the <code class="computeroutput">nfs_t</code> type. Without additional mount options, this may prevent sharing NFS file systems via other services, such as the Apache HTTP Server. The following example mounts an NFS file system so that it can be shared via the Apache HTTP Server:
- </p><p>
+ </div><div class="para">
<pre class="screen"># mount server:/export /local/mount/point -o\
context="system_u:object_r:httpd_sys_content_t:s0"
</pre>
- </p><p>
+ </div><div class="para">
Newly-created files and directories on this file system appear to have the SELinux context specified with <code class="option">-o context</code>; however, since context changes are not written to disk for these situations, the context specified with the <code class="option">context</code> option is only retained if the <code class="option">context</code> option is used on the next mount, and if the same context is specified.
- </p><p>
+ </div><div class="para">
Type Enforcement is the main permission control used in SELinux targeted policy. For the most part, SELinux users and roles can be ignored, so, when overriding the SELinux context with <code class="option">-o context</code>, use the SELinux <code class="computeroutput">system_u</code> user and <code class="computeroutput">object_r</code> role, and concentrate on the type. If you are not using the MLS policy or multi-category security, use the <code class="computeroutput">s0</code> level.
- </p><div class="note"><h2>Note</h2><p>
+ </div><div class="note"><h2>Note</h2><div class="para">
When a file system is mounted with a <code class="option">context</code> option, context changes (by users and processes) are prohibited. For example, running <code class="command">chcon</code> on a file system mounted with a <code class="option">context</code> option results in a <code class="computeroutput">Operation not supported</code> error.
- </p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Prev</strong>5.8. The file_t and default_t Types</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Next</strong>5.9.2. Changing the Default Context</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html"><strong>Prev</strong>5.8. The file_t and default_t Types</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Mounting_File_Systems-Changing_the_Default_Context.html"><strong>Next</strong>5.9.2. Changing the Default Context</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,72 +1,72 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.7. SELinux Contexts - Labeling Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html" title="5.6.3. Examples: Booleans for NFS and CIFS"/><link rel="next" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.7. SELinux Contexts - Labeling Files</strong></a></p><ul class="docnav"><li class
="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files">5.7. SELinux Contexts - Labeling Files</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.7. SELinux Contexts - Labeling Files</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html" title="5.6.3. Booleans for NFS and CIFS"/><link rel="next" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" h
ref="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files">5.7. SELinux Contexts - Labeling Files</h2></div></div></div><div class="para">
On systems running SELinux, all processes and files are labeled with a label that contains security-relevant information. This information is called the SELinux context. For files, this is viewed using the <code class="command">ls -Z</code> command:
- </p><pre class="screen">$ ls -Z file1
+ </div><pre class="screen">$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-</pre><p>
+</pre><div class="para">
In this example, SELinux provides a user (<code class="computeroutput">unconfined_u</code>), a role (<code class="computeroutput">object_r</code>), a type (<code class="computeroutput">user_home_t</code>), and a level (<code class="computeroutput">s0</code>). This information is used to make access control decisions. On DAC systems, access is controlled based on Linux user and group IDs. SELinux policy rules are checked after DAC rules. SELinux policy rules are not used if DAC rules deny access first.
- </p><p>
+ </div><div class="para">
There are multiple commands for managing the SELinux context for files, such as <code class="command">chcon</code>, <code class="command">semanage fcontext</code>, and <code class="command">restorecon</code>.
- </p><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon">5.7.1. Temporary Changes: chcon</h3></div></div></div><p>
+ </div><div class="section" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Temporary_Changes_chcon">5.7.1. Temporary Changes: chcon</h3></div></div></div><div class="para">
The <code class="command">chcon</code> command changes the SELinux context for files. These changes do not survive a file system relabel, or the <code class="command">/sbin/restorecon</code> command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using <code class="command">chcon</code>, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Temporary_Changes_chcon-Quick_Reference">Quick Reference</h5>
- <div class="itemizedlist"><ul><li><p>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Temporary_Changes_chcon-Quick_Reference">Quick Reference</h5>
+ <div class="itemizedlist"><ul><li><div class="para">
Run the <code class="command">chcon -t <em class="replaceable"><code>type</code></em> <em class="replaceable"><code>file-name</code></em></code> command to change the file type, where <em class="replaceable"><code>type</code></em> is a type, such as <code class="computeroutput">httpd_sys_content_t</code>, and <em class="replaceable"><code>file-name</code></em> is a file or directory name.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">chcon -R -t <em class="replaceable"><code>type</code></em> <em class="replaceable"><code>directory-name</code></em></code> command to change the type of the directory and its contents, where <em class="replaceable"><code>type</code></em> is a type, such as <code class="computeroutput">httpd_sys_content_t</code>, and <em class="replaceable"><code>directory-name</code></em> is a directory name.
- </p></li></ul></div>
- <h5 class="formalpara" id="form-Security-Enhanced_Linux-Temporary_Changes_chcon-Changing_a_Files_or_Directorys_Type">Changing a File's or Directory's Type</h5>
+ </div></li></ul></div>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Temporary_Changes_chcon-Changing_a_Files_or_Directorys_Type">Changing a File's or Directory's Type</h5>
The following example demonstrates changing the type, and no other attributes of the SELinux context:
- <div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
Run the <code class="command">cd</code> command without arguments to change into your home directory.
- </p></li><li><p>
+ </div></li><li><div class="para">
Run the <code class="command">touch file1</code> command to create a new file. Use the <code class="command">ls -Z file1</code> command to view the SELinux context for <code class="filename">file1</code>:
- </p><pre class="screen">$ ls -Z file1
+ </div><pre class="screen">$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-</pre><p>
- In this example, the SELinux context for <code class="filename">file1</code> includes the SELinux <code class="computeroutput">unconfined_u</code> user, <code class="computeroutput">object_r</code> role, <code class="computeroutput">user_home_t</code> type, and the <code class="computeroutput">s0</code> level. For a description of each part of the SELinux context, refer to <a class="xref" href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts">Chapter 3, <i>SELinux Contexts</i></a>.
- </p></li><li><p>
+</pre><div class="para">
+ In this example, the SELinux context for <code class="filename">file1</code> includes the SELinux <code class="computeroutput">unconfined_u</code> user, <code class="computeroutput">object_r</code> role, <code class="computeroutput">user_home_t</code> type, and the <code class="computeroutput">s0</code> level. For a description of each part of the SELinux context, refer to <a href="chap-Security-Enhanced_Linux-SELinux_Contexts.html" title="Chapter 3. SELinux Contexts">Chapter 3, <i xmlns:xlink="http://www.w3.org/1999/xlink">SELinux Contexts</i></a>.
+ </div></li><li><div class="para">
Run the <code class="command">chcon -t samba_share_t file1</code> command to change the type to <code class="computeroutput">samba_share_t</code>. The <code class="option">-t</code> option only changes the type. View the change with <code class="command">ls -Z file1</code>:
- </p><pre class="screen">$ ls -Z file1
+ </div><pre class="screen">$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:samba_share_t:s0 file1
-</pre></li><li><p>
+</pre></li><li><div class="para">
Use the <code class="command">/sbin/restorecon -v file1</code> command to restore the SELinux context for the <code class="filename">file1</code> file. Use the <code class="option">-v</code> option to view what changes:
- </p><pre class="screen">$ /sbin/restorecon -v file1
+ </div><pre class="screen">$ /sbin/restorecon -v file1
restorecon reset file1 context unconfined_u:object_r:samba_share_t:s0->system_u:object_r:user_home_t:s0
-</pre><p>
+</pre><div class="para">
In this example, the previous type, <code class="computeroutput">samba_share_t</code>, is restored to the correct, <code class="computeroutput">user_home_t</code> type. When using targeted policy (the default SELinux policy in Fedora 10), the <code class="command">/sbin/restorecon</code> command reads the files in the <code class="filename">/etc/selinux/targeted/contexts/files/</code> directory, to see which SELinux context files should have.
- </p></li></ol></div><p>
+ </div></li></ol></div><div class="para">
The example in this section works the same for directories, for example, if <code class="filename">file1</code> was a directory.
- </p><h5 class="formalpara" id="form-Security-Enhanced_Linux-Temporary_Changes_chcon-Changing_a_Directory_and_its_Contents_Types">Changing a Directory and its Contents Types</h5>
+ </div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Temporary_Changes_chcon-Changing_a_Directory_and_its_Contents_Types">Changing a Directory and its Contents Types</h5>
The following example demonstrates creating a new directory, and changing the directory's file type (along with its contents) to a type used by the Apache HTTP Server. The configuration in this example is used if you want Apache HTTP Server to use a different document root (instead of <code class="filename">/var/www/html/</code>):
- <div class="orderedlist"><ol><li><p>
+ </div><div class="orderedlist"><ol><li><div class="para">
As the Linux root user, run the <code class="command">mkdir /web</code> command to create a new directory, and then the <code class="command">touch /web/file{1,2,3}</code> command to create 3 empty files (<code class="filename">file1</code>, <code class="filename">file2</code>, and <code class="filename">file3</code>). The <code class="filename">/web/</code> directory and files in it are labeled with the <code class="computeroutput">default_t</code> type:
- </p><pre class="screen"># ls -dZ /web
+ </div><pre class="screen"># ls -dZ /web
drwxr-xr-x root root unconfined_u:object_r:default_t:s0 /web
# ls -lZ /web
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file1
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file2
-rw-r--r-- root root unconfined_u:object_r:default_t:s0 file3
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">chcon -R -t httpd_sys_content_t /web/</code> command to change the type of the <code class="filename">/web/</code> directory (and its contents) to <code class="computeroutput">httpd_sys_content_t</code>:
- </p><pre class="screen"># chcon -R -t httpd_sys_content_t /web/
+ </div><pre class="screen"># chcon -R -t httpd_sys_content_t /web/
# ls -dZ /web/
drwxr-xr-x root root unconfined_u:object_r:httpd_sys_content_t:s0 /web/
# ls -lZ /web/
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2
-rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
-</pre></li><li><p>
+</pre></li><li><div class="para">
As the Linux root user, run the <code class="command">/sbin/restorecon -R -v /web/</code> command to restore the default SELinux contexts:
- </p><pre class="screen"># /sbin/restorecon -R -v /web/
+ </div><pre class="screen"># /sbin/restorecon -R -v /web/
restorecon reset /web context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:default_t:s0
restorecon reset /web/file2 context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:default_t:s0
restorecon reset /web/file3 context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:default_t:s0
restorecon reset /web/file1 context unconfined_u:object_r:httpd_sys_content_t:s0->system_u:object_r:default_t:s0
-</pre></li></ol></div><p>
+</pre></li></ol></div><div class="para">
Refer to the <span class="citerefentry"><span class="refentrytitle">chcon</span>(1)</span> manual page for further information about <code class="command">chcon</code>.
- </p><div class="note"><h2>Note</h2><p>
+ </div><div class="note"><h2>Note</h2><div class="para">
Type Enforcement is the main permission control used in SELinux targeted policy. For the most part, SELinux users and roles can be ignored.
- </p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Booleans-Examples_Booleans_for_NFS_and_CIFS.html"><strong>Prev</strong>5.6.3. Examples: Booleans for NFS and CIFS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html"><strong>Next</strong>5.7.2. Persistent Changes: semanage fcontext</a></li></ul></body></html>
\ No newline at end of file
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html"><strong>Prev</strong>5.6.3. Booleans for NFS and CIFS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html"><strong>Next</strong>5.7.2. Persistent Changes: semanage fcontext</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.5. SELinux Modes</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html" title="5.4.2. Disabling SELinux"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.5. SELinux Modes</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html"><str
ong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes">5.5. SELinux Modes</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.5. SELinux Modes</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html" title="5.4.2. Disabling SELinux"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html" title="5.6. Booleans"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Modes">5.5. SELinux Modes</h2></div></div></div><div class="para">
SELinux has three modes:
- </p><div class="itemizedlist"><ul><li><p>
+ </div><div class="itemizedlist"><ul><li><div class="para">
Enforcing: SELinux policy is enforced. SELinux denies access based on SELinux policy rules.
- </p></li><li><p>
+ </div></li><li><div class="para">
Permissive: SELinux policy is not enforced. SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode.
- </p></li><li><p>
+ </div></li><li><div class="para">
Disabled: SELinux is disabled. Only DAC rules are used.
- </p></li></ul></div><p>
+ </div></li></ul></div><div class="para">
Use the <code class="command">/usr/sbin/setenforce</code> command to change between enforcing and permissive mode. Changes made with <code class="command">/usr/sbin/setenforce</code> do not persist across reboots. To change to enforcing mode, as the Linux root user, run the <code class="command">/usr/sbin/setenforce 1</code> command. To change to permissive mode, run the <code class="command">/usr/sbin/setenforce 0</code> command. Use the <code class="command">/usr/sbin/getenforce</code> command to view the current SELinux mode.
- </p><p>
- Persistent mode changes are covered in <a class="xref" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux">Section 5.4, “Enabling and Disabling SELinux”</a>.
- </p></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html"><strong>Prev</strong>5.4.2. Disabling SELinux</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><strong>Next</strong>5.6. Booleans</a></li></ul></body></html>
\ No newline at end of file
+ </div><div class="para">
+ Persistent mode changes are covered in <a href="sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html" title="5.4. Enabling and Disabling SELinux">Section 5.4, “Enabling and Disabling SELinux”</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-Enabling_and_Disabling_SELinux-Disabling_SELinux.html"><strong>Prev</strong>5.4.2. Disabling SELinux</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Booleans.html"><strong>Next</strong>5.6. Booleans</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.8. The file_t and default_t Types</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.8. The file_t and default_t Types</strong></a></p><ul class="docnav"><li class="previous"><a accesske
y="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types">5.8. The file_t and default_t Types</h2></div></div></div><p>
- On file systems that support extended attributes, when a file that lacks an SELinux context on disk is accessed, it is treated as if it had a default context as defined by SELinux policy. In common policies, this default context uses the <code class="computeroutput">file_t</code> type. This should be the only use of this type, so that files without a context on disk can be distinguished in policy, and generally kept inaccessible to confined domains. The <code class="computeroutput">file_t</code> type should not exist on correctly-labeled file systems, because all files on a system running SELinux should have an SELinux context, and the <code class="computeroutput">file_t</code> type is never used in file-context configuration<sup>[<a id="d0e3720" href="#ftn.d0e3720" class="footnote">11</a>]</sup>.
- </p><p>
- The <code class="computeroutput">default_t</code> type is used on files that do not match any other pattern in file-context configuration, so that such files can be distinguished from files that do not have a context on disk, and generally kept inaccessible to confined domains. If you create a new top-level directory, such as <code class="filename">/mydirectory/</code>, this directory may be labeled with the <code class="computeroutput">default_t</code> type. If services need access to such a directory, update the file-contexts configuration for this location. Refer to <a class="xref" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext">Section 5.7.2, “Persistent Changes: semanage fcontext”</a> for details on adding a context to the file-context configuration.
- </p><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e3720" href="#d0e3720" class="para">11</a>] </sup>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.8. The file_t and default_t Types</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html" title="5.9. Mounting File Systems"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" hr
ef="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-The_file_t_and_default_t_Types">5.8. The file_t and default_t Types</h2></div></div></div><div class="para">
+ On file systems that support extended attributes, when a file that lacks an SELinux context on disk is accessed, it is treated as if it had a default context as defined by SELinux policy. In common policies, this default context uses the <code class="computeroutput">file_t</code> type. This should be the only use of this type, so that files without a context on disk can be distinguished in policy, and generally kept inaccessible to confined domains. The <code class="computeroutput">file_t</code> type should not exist on correctly-labeled file systems, because all files on a system running SELinux should have an SELinux context, and the <code class="computeroutput">file_t</code> type is never used in file-context configuration<sup>[<a id="d0e3729" href="#ftn.d0e3729">11</a>]</sup>.
+ </div><div class="para">
+ The <code class="computeroutput">default_t</code> type is used on files that do not match any other pattern in file-context configuration, so that such files can be distinguished from files that do not have a context on disk, and generally kept inaccessible to confined domains. If you create a new top-level directory, such as <code class="filename">/mydirectory/</code>, this directory may be labeled with the <code class="computeroutput">default_t</code> type. If services need access to such a directory, update the file-contexts configuration for this location. Refer to <a href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html" title="5.7.2. Persistent Changes: semanage fcontext">Section 5.7.2, “Persistent Changes: semanage fcontext”</a> for details on adding a context to the file-context configuration.
+ </div><div class="footnotes"><br/><hr/><div class="footnote"><p><sup>[<a id="ftn.d0e3729" href="#d0e3729">11</a>] </sup>
Files in <code class="filename">/etc/selinux/targeted/contexts/files/</code> define contexts for files and directories. Files in this directory are read by <code class="command">restorecon</code> and <code class="command">setfiles</code> to restore files and directories to their default contexts.
</p></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html"><strong>Prev</strong>5.7.2. Persistent Changes: semanage fcontext</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Mounting_File_Systems.html"><strong>Next</strong>5.9. Mounting File Systems</a></li></ul></body></html>
\ No newline at end of file
Index: sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html 24 Nov 2008 22:43:13 -0000 1.1
+++ sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used.html 24 Jan 2009 03:48:03 -0000 1.2
@@ -1,29 +1,29 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.2. Which Log File is Used</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.0-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html" title="5.3. Main Configuration File"/></head><body><p id="title"><a href="http://docs.fedoraproject.org"><strong>5.2. Which Log File is Used</strong></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html"><str
ong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used">5.2. Which Log File is Used</h2></div></div></div><p>
+<html xmlns="http://www.w3.org/1999/xhtml"><head><title>5.2. Which Log File is Used</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="Fedora-Security-Enhanced_Linux-10-en-US-1.1-1"/><link rel="start" href="index.html" title="Security-Enhanced Linux"/><link rel="up" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="prev" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html" title="Chapter 5. Working with SELinux"/><link rel="next" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html" title="5.3. Main Configuration File"/></head><body class=""><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/imag
es/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="sect-Security-Enhanced_Linux-Working_with_SELinux-Which_Log_File_is_Used">5.2. Which Log File is Used</h2></div></div></div><div class="para">
In Fedora 10, the <span class="package">setroubleshoot-server</span> and <span class="package">audit</span> packages are installed if packages are not removed from the default package selection. These packages include the <code class="systemitem">setroubleshootd</code> and <code class="systemitem">auditd</code> daemons respectively. These daemons run by default.
- </p><p>
+ </div><div class="para">
SELinux denial messages, such as the following, are written to <code class="filename">/var/log/audit/audit.log</code> by default:
- </p><pre class="screen">type=AVC msg=audit(1223024155.684:49): avc: denied { getattr } for pid=2000 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=399185 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:samba_share_t:s0 tclass=file
-</pre><p>
- Also, if <code class="systemitem">setroubleshootd</code> is running, which is it by default, denial messages from <code class="filename">/var/log/audit/audit.log</code> are translated to an easier-to-read form and sent to <code class="filename">/var/log/messages</code>:
- </p><pre class="screen">Oct 3 18:55:56 localhost setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l de7e30d6-5488-466d-a606-92c9f40d316d
-</pre><p>
+ </div><pre class="screen">type=AVC msg=audit(1223024155.684:49): avc: denied { getattr } for pid=2000 comm="httpd" path="/var/www/html/file1" dev=dm-0 ino=399185 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:samba_share_t:s0 tclass=file
+</pre><div class="para">
+ Also, if <code class="systemitem">setroubleshootd</code> is running, which it is by default, denial messages from <code class="filename">/var/log/audit/audit.log</code> are translated to an easier-to-read form and sent to <code class="filename">/var/log/messages</code>:
+ </div><pre class="screen">Oct 3 18:55:56 localhost setroubleshoot: SELinux is preventing httpd (httpd_t) "getattr" to /var/www/html/file1 (samba_share_t). For complete SELinux messages. run sealert -l de7e30d6-5488-466d-a606-92c9f40d316d
+</pre><div class="para">
Denial messages are sent to a different location, depending on which daemons are running:
- </p><div class="segmentedlist"><table border="0"><thead><tr class="segtitle"><th>Daemon</th><th>Log Location</th></tr></thead><tbody><tr class="seglistitem"><td class="seg">auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code></td></tr><tr class="seglistitem"><td class="seg">auditd off; rsyslogd on</td><td class="seg"><code class="filename">/var/log/messages</code></td></tr><tr class="seglistitem"><td class="seg">setroubleshootd, rsyslogd, and auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code>. Easier-to-read denial messages also sent to <code class="filename">/var/log/messages</code></td></tr></tbody></table></div><h5 class="formalpara" id="form-Security-Enhanced_Linux-Which_Log_File_is_Used-Starting_Daemons_Automatically">Starting Daemons Automatically</h5>
+ </div><div class="segmentedlist"><table border="0"><thead><tr class="segtitle"><th>Daemon</th><th>Log Location</th></tr></thead><tbody><tr class="seglistitem"><td class="seg">auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code></td></tr><tr class="seglistitem"><td class="seg">auditd off; rsyslogd on</td><td class="seg"><code class="filename">/var/log/messages</code></td></tr><tr class="seglistitem"><td class="seg">setroubleshootd, rsyslogd, and auditd on</td><td class="seg"><code class="filename">/var/log/audit/audit.log</code>. Easier-to-read denial messages also sent to <code class="filename">/var/log/messages</code></td></tr></tbody></table></div><div class="formalpara"><h5 class="formalpara" id="form-Security-Enhanced_Linux-Which_Log_File_is_Used-Starting_Daemons_Automatically">Starting Daemons Automatically</h5>
To configure the <code class="systemitem">auditd</code>, <code class="systemitem">rsyslogd</code>, and <code class="systemitem">setroubleshootd</code> daemons to automatically start at boot, run the following commands as the Linux root user:
- <pre class="screen">/sbin/chkconfig --levels 2345 auditd on
+ </div><pre class="screen">/sbin/chkconfig --levels 2345 auditd on
</pre><pre class="screen">/sbin/chkconfig --levels 2345 rsyslog on
</pre><pre class="screen">/sbin/chkconfig --levels 345 setroubleshoot on
-</pre><p>
+</pre><div class="para">
Use the <code class="command">service <em class="replaceable"><code>service-name</code></em> status</code> command to check if these services are running, for example:
- </p><pre class="screen">
+ </div><pre class="screen">
$ /sbin/service auditd status
auditd (pid <em class="replaceable"><code>1318</code></em>) is running...
-</pre><p>
+</pre><div class="para">
If the above services are not running (<code class="computeroutput"><em class="replaceable"><code>service-name</code></em> is stopped</code>), use the <code class="command">service <em class="replaceable"><code>service-name</code></em> start</code> command as the Linux root user to start them. For example:
- </p><pre class="screen">
+ </div><pre class="screen">
# /sbin/service setroubleshoot start
Starting setroubleshootd: [ OK ]
</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Security-Enhanced_Linux-Working_with_SELinux.html"><strong>Prev</strong>Chapter 5. Working with SELinux</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security-Enhanced_Linux-Working_with_SELinux-Main_Configuration_File.html"><strong>Next</strong>5.3. Main Configuration File</a></li></ul></body></html>
\ No newline at end of file
15 years, 1 month
web/html/docs/selinux-user-guide/f10/en-US/Common_Content/css common.css, 1.1, 1.2
by Murray McAllister
Author: mdious
Update of /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/Common_Content/css
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23851/selinux-user-guide/f10/en-US/Common_Content/css
Modified Files:
common.css
Log Message:
- updating content for multi-page HTML.
- adding single-page HTML content.
- adding PDF.
- updating index.php to reflect above mentioned changes.
Index: common.css
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/f10/en-US/Common_Content/css/common.css,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- common.css 24 Nov 2008 22:43:13 -0000 1.1
+++ common.css 24 Jan 2009 03:48:03 -0000 1.2
@@ -31,7 +31,7 @@
/* desktop styles */
body.desktop {
- margin-left: 24em;
+ margin-left: 26em;
}
body.desktop .book > .toc {
@@ -44,14 +44,13 @@
left:0px;
padding-left:1em;
background-color:#EEEEEE;
- font-size: 0.8em;
}
.toc {
line-height:1.35em;
}
-.toc .chapter {
+.toc .chapter, .toc .appendix, .toc .glossary {
margin-top:1em;
}
@@ -60,6 +59,11 @@
display:block;
}
+span.appendix, span.glossary {
+ display:block;
+ margin-top:0.5em;
+}
+
div {
padding-top:0px;
}
@@ -68,7 +72,7 @@
padding-top:1em;
}
-p {
+p, div.para, div.formalpara {
padding-top:0px;
margin-top:0.3em;
padding-bottom:0px;
@@ -93,7 +97,7 @@
color:#999;
}
-.toc a {
+.toc a, .qandaset a {
font-weight:normal;
}
@@ -226,7 +230,7 @@
text-decoration: none;
}
-.languages li p {
+.languages li p, .languages li div.para {
display:inline;
}
@@ -248,14 +252,13 @@
/*unique to the webpage only*/
.article ul {
- margin:0em;
padding-left:2em;
+ list-style: disc;
}
.article li {
margin:0em;
padding-left:0em;
- list-style: disc;
}
.books {
@@ -375,7 +378,7 @@
text-align:left;
}
-.revhistory tr td p {
+.revhistory tr td p, .revhistory tr td div.para {
text-align:left;
font-weight:bold;
display:block;
@@ -410,17 +413,23 @@
padding: 0em;
margin: 0em;
padding-top: 1em;
+ margin-top: 1em;
}
.author,
.editor,
.translator,
-.othercredit {
- display:block;
+.othercredit,
+.contrib {
+ display: block;
+}
+
+.revhistory .author {
+ display: inline;
}
.othercredit h3 {
- padding-top:1em;
+ padding-top: 1em;
}
@@ -436,9 +445,10 @@
.copyright {
margin-top: 1em;
}
+
/* qanda sets */
.answer {
- padding-bottom:1em;
+ margin-bottom:1em;
border-bottom:1px dotted #ccc;
}
@@ -464,20 +474,23 @@
}
/* inline syntax highlighting */
+
+/* inline syntax highlighting */
.hl-keyword {
color: #002F5D;
}
.hl-string {
- color: #00774B;
+ color: #5C3566;
}
.hl-comment {
- color: #DAD9AD;
+ color: #FF00FF;
}
.hl-tag {
- color: #002F5D;
+ color: #A62C2C;
+ font-weight:bold;
}
.hl-attribute {
@@ -485,11 +498,11 @@
}
.hl-value {
- color: #4E376B;
+ color: #5C3566;
}
.hl-html {
- color:#002F5D;
+ color: #002F5D;
}
.hl-xslt {
@@ -500,7 +513,30 @@
color: #00774B;
}
+.hl-directive {
+ color: #4E9A06;
+
+}
+
+.hl-doctype {
+ color: #CE5C00;
+
+}
+
+.hl-annotation {
+ color: #CE5C00;
+}
+
+.hl-number {
+ color: #CE5C00;
+
+}
+
+.hl-doccomment {
+ color: #CE5C00;
+
+}
/*Lists*/
ul {
@@ -519,6 +555,22 @@
list-style-type: decimal;
}
+ol.loweralpha {
+ list-style-type: lower-alpha;
+}
+
+ol.lowerroman {
+ list-style-type: lower-roman;
+}
+
+ol.upperalpha {
+ list-style-type: upper-alpha;
+}
+
+ol.upperroman {
+ list-style-type: upper-roman;
+}
+
dt {
font-weight:bold;
margin-bottom:0em;
@@ -529,6 +581,7 @@
margin:0em;
margin-left:2em;
padding-top:0em;
+ padding-bottom: 1em;
}
li {
@@ -538,7 +591,7 @@
margin-bottom:0.4em;
}
-li p {
+li p, li div.para {
padding-top:0px;
margin-top:0em;
padding-bottom:0px;
@@ -661,8 +714,9 @@
}
div.note pre, div.important pre, div.warning pre {
- background-color:#333;
- color:white;
+ background-color: #333;
+ color: white;
+ margin-left: 4.5em;
}
@@ -732,33 +786,43 @@
}
/*notification icons*/
-div.note h2, div.note p, div.warning h2, div.warning p, div.important h2, .important p {
+div.note h2, div.note p, div.note div.para, div.warning h2, div.warning p, div.warning div.para, div.important h2, .important p, .important div.para {
padding:0em;
margin:0em;
padding-left:56px;
}
/*Page Title*/
-#title strong {
- display:none;
+#title {
+ display:block;
+ height:45px;
+ padding-bottom:1em;
+ margin:0em;
}
-#title a {
+#title a.left{
+ display:inline;
border:none;
- display:block;
- height:45px;
- width:110px;
padding-left:200px;
- background:transparent url(../images/image_left.png) top left no-repeat;
}
-#title {
- display:block;
- height:45px;
- background:transparent url(../images/image_right.png) top right no-repeat;
+#title a.left img{
+ border:none;
+ float:left;
+ margin:0em;
+ margin-top:.7em;
+}
+
+#title a.right {
padding-bottom:1em;
}
+#title a.right img {
+ border:none;
+ float:right;
+ margin:0em;
+}
+
/*Table*/
table {
border:1px solid #6c614b;
@@ -781,7 +845,8 @@
background-color:#f5f5f5;
}
-table th p:first-child, table td p:first-child, table li p:first-child {
+table th p:first-child, table td p:first-child, table li p:first-child,
+table th div.para:first-child, table td div.para:first-child, table li div.para:first-child {
margin-top:0em;
padding-top:0em;
display:inline;
@@ -980,7 +1045,7 @@
text-decoration:none;
}
-.footnote p {
+.footnote p,.footnote div.para {
padding-left:5em;
}
@@ -1012,17 +1077,7 @@
color:white;
}
-.authorgroup h4 {
- padding:0em;
- margin:0em;
- margin-top:1em;
-}
-
-.author, .editor, .translator, .othercredit {
- display:block;
-}
-
-ul li p:last-child {
+ul li p:last-child, ul li div.para:last-child {
margin-bottom:0em;
padding-bottom:0em;
}
@@ -1077,8 +1132,8 @@
}
.docnav li.previous strong, .docnav li.next strong {
- display:block;
height:22px;
+ display:block;
}
.docnav {
@@ -1089,6 +1144,7 @@
.docnav li.next a strong {
background: url(../images/stock-go-forward.png) top right no-repeat;
padding-top:3px;
+ padding-bottom:4px;
padding-right:28px;
font-size:1.2em;
}
@@ -1096,7 +1152,9 @@
.docnav li.previous a strong {
background: url(../images/stock-go-back.png) top left no-repeat;
padding-top:3px;
+ padding-bottom:4px;
padding-left:28px;
+ padding-right:0.5em;
font-size:1.2em;
}
@@ -1140,77 +1198,61 @@
margin-bottom: 1em;
}
/* Reports */
-.reports ul.locale {
- list-style:none;
-}
-
.reports ul {
- padding:0em;
+ list-style:none;
margin:0em;
+ padding:0em;
}
-.reports ul.locale li {
- color:#000;
- display:block;
- border:1px solid #eee;
- float:left;
- padding-right:2em;
- margin-right:1em;
- margin-bottom:1em;
-}
-
-.reports ul.locale li a {
- display:block;
- padding-top:.1em;
- padding-bottom:.5em;
-}
-
-.reports ul.locale strong {
- display:block;
+.reports li{
margin:0em;
padding:0em;
- margin-bottom:-2.2em;
}
-.reports ul.locale span.value {
- display:block;
- position:relative;
- text-align:right;
- margin-right:-1.5em;
- color:#444;
-}
-
-.reports ul.locale li {
- width:12em;
- display:block;
- float:left;
+.reports li.odd {
+ background-color: #eeeeee;
margin:0em;
- clear:none;
+ padding:0em;
}
-.reports ul.locale li div.progress {
- width:13.2em;
- position:relative;
- left: 0em;
- top:0em;
- margin-bottom:0em;
+.reports dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ float:right;
+ margin-right: 17em;
+ margin-top:-1.3em;
}
-.reports h2 {
+.reports dt {
+ display:inline;
margin:0em;
+ padding:0em;
}
-.reports li {
+.reports dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
}
-.reports li:hover {
- background-color:#666;
- border-color:#444;
- color:white;
+.reports h2, .reports h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
}
-.reports li:hover strong, .reports li:hover h2, .reports li:hover a, .reports li:hover span.value {
- color:white;
+.reports div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
}
/*uniform*/
@@ -1244,143 +1286,63 @@
/*Results*/
-.results ul.locale {
+.results ul {
list-style:none;
- padding:0em;
margin:0em;
-}
-
-.results .pofile {
padding:0em;
- margin:0em;
}
-.results ul.locale li {
- border-top:1px solid #eee;
- padding:0em;
+.results li{
margin:0em;
- padding-left:32px;
-}
-
-.results ul.locale .pofile {
- display:block;
- width:100%;
- color:#444;
padding:0em;
- margin:0em;
-}
-
-.results span.value {
- color:#888;
-}
-
-.results strong {
- font-weight: normal;
-}
-
-.results .home a {
- display:block;
- margin:0 auto;
- width:5em;
- background: url(../images/stock-home.png) top left no-repeat;
- padding:5px;
- padding-left:28px;
-}
-
-.results ul.locale li:hover, .results ul.locale li:hover span.pofile , .results ul.locale li:hover strong, .results ul.locale li:hover span.value {
- background-color:#666;
- color:white;
-}
-
-ul.locale {
- list-style:none;
-}
-
-ul.locale li.total {
- color:#777;
- width:31em;
- display:block;
- float:left;
- margin-right:2em;
- clear:none;
-}
-
-ul.locale li {
- clear:both;
- color:#777;
- display:block;
-}
-
-ul.locale strong, span.value {
- font-weight:normal;
- color:#888;
-}
-
-ul.locale li a {
- display:block;
- padding-top:.2em;
}
-ul.locale li.total div.progress {
- position:relative;
- left:0em;
- top:0em;
- margin-bottom:0em;
-}
-
-ul.locale li {
- width:100%;
-}
-
-ul.locale li div.progress {
- float:left;
- position:relative;
- left:30.5em;
- top:-2em;
+.results li.odd {
+ background-color: #eeeeee;
margin:0em;
- margin-bottom:-3em;
-}
-
-li.total {
padding:0em;
}
-li.total {
+.results dl {
+ display:inline;
+ margin:0em;
+ padding:0em;
float:right;
- max-width:16em;
- padding:.5em;
- margin:0 auto;
- padding-top: .5em;
- background-color:#f7f2d0;
- font-size: 1.3em;
- color:#ccc;
- margin-bottom:1em;
- min-height:9.5em;
+ margin-right: 17em;
+ margin-top:-1.3em;
}
-li.total .value {
- color:#444;
+.results dt {
+ display:inline;
+ margin:0em;
+ padding:0em;
}
-li.total strong {
- display:block;
- color:black;
- font-weight:bold;
+.results dd {
+ display:inline;
+ margin:0em;
+ padding:0em;
+ padding-right:.5em;
}
-li.total span.value {
- position:relative;
- display:block;
- top:-1.25em;
- text-align:right;
+.results h2, .results h3{
+ display:inline;
+ padding-right:.5em;
+ font-size:10pt;
+ font-weight:normal;
}
-
-.pofile {
- position:relative;
+.results div.progress {
+ display:inline;
+ float:right;
+ width:16em;
+ background:#c00 url(../images/shine.png) top left repeat-x;
+ margin:0em;
+ margin-top:-1.3em;
+ padding:0em;
+ border:none;
}
-
/* Dirty EVIL Mozilla hack for round corners */
pre {
-moz-border-radius:11px;
@@ -1408,6 +1370,56 @@
text-align: center;
}
-span.remark{
- background-color: #ffff00;
+span.remark {
+ background-color: #ff00ff;
+}
+
+.draft {
+ background-image: url(../images/watermark-draft.png);
+ background-repeat: repeat-y;
+ background-position: center;
+}
+
+.foreignphrase {
+ font-style: inherit;
+}
+
+dt {
+ clear:both;
+}
+
+dt img {
+ border-style: none;
+ max-width: 112px;
+}
+
+dt object {
+ max-width: 112px;
+}
+
+dt .inlinemediaobject, dt object {
+ display: inline;
+ float: left;
+ margin-bottom: 1em;
+ padding-right: 1em;
+ width: 112px;
+}
+
+dl:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+.toc dd {
+ padding-bottom: 0em;
+ margin-bottom: 1em;
+ padding-left: 1.3em;
+ margin-left: 0em;
+}
+
+div.toc > dl > dt {
+ padding-bottom: 0em;
+ margin-bottom: 0em;
+ margin-top: 1em;
}
15 years, 1 month
web/html/docs/selinux-user-guide index.php,1.1,1.2
by Murray McAllister
Author: mdious
Update of /cvs/fedora/web/html/docs/selinux-user-guide
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23851/selinux-user-guide
Modified Files:
index.php
Log Message:
- updating content for multi-page HTML.
- adding single-page HTML content.
- adding PDF.
- updating index.php to reflect above mentioned changes.
Index: index.php
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-user-guide/index.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- index.php 24 Nov 2008 22:43:08 -0000 1.1
+++ index.php 24 Jan 2009 03:48:01 -0000 1.2
@@ -19,7 +19,13 @@
</tr>
<tr><td colspan="2" align="left" valign="top">
<p>
- <a href="f10/en-US">Fedora 10 SELinux User Guide - (US English)</a> now available.
+ <a href="f10/en-US">Fedora 10 SELinux User Guide - (US English)</a> multi-page HTML
+</p>
+<p>
+ <a href="f10/html-single">Fedora 10 SELinux User Guide - (US English)</a> single-page HTML
+</p>
+<p>
+ <a href="f10/pdf/Security-Enhanced_Linux.pdf">Fedora 10 SELinux User Guide - (US English)</a> PDF
</p>
</td></tr>
<!--<tr><td colspan="2" align="left" valign="top">
15 years, 1 month