r671 - community/f14/en-US

sparks at fedoraproject.org sparks at fedoraproject.org
Thu Oct 7 03:55:28 UTC 2010


Author: sparks
Date: 2010-10-07 03:55:28 +0000 (Thu, 07 Oct 2010)
New Revision: 671

Modified:
   community/f14/en-US/Exploits.xml
   community/f14/en-US/Firewall.xml
   community/f14/en-US/IP_Tables.xml
   community/f14/en-US/Kerberos.xml
   community/f14/en-US/Pam.xml
   community/f14/en-US/References.xml
   community/f14/en-US/Revision_History.xml
   community/f14/en-US/SSO_Overview.xml
   community/f14/en-US/Security_Guide.ent
   community/f14/en-US/Tcp_Wrappers.xml
   community/f14/en-US/VPN.xml
   community/f14/en-US/Wstation.xml
Log:
Removed variables

Modified: community/f14/en-US/Exploits.xml
===================================================================
--- community/f14/en-US/Exploits.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Exploits.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -109,7 +109,7 @@
 					<entry>
 						<simplelist>
 							<member> Workstations and desktops are more prone to exploitation as workers do not have the expertise or experience to prevent or detect a compromise; it is imperative to inform individuals of the risks they are taking when they install unauthorized software or open unsolicited email attachments. </member>
-							<member> Safeguards can be implemented such that email client software does not automatically open or execute attachments. Additionally, the automatic update of workstation software via &RHN; or other system management services can alleviate the burdens of multi-seat security deployments. </member>
+							<member> Safeguards can be implemented such that email client software does not automatically open or execute attachments. Additionally, the automatic update of workstation software via Red Hat Network or other system management services can alleviate the burdens of multi-seat security deployments. </member>
 						</simplelist>
 					</entry>
 				</row>

Modified: community/f14/en-US/Firewall.xml
===================================================================
--- community/f14/en-US/Firewall.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Firewall.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -5,7 +5,7 @@
 <section id="sect-Security_Guide-Firewalls">
 	<title>Firewalls</title>
 	<para>
-		Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. &PROD; includes several tools to assist administrators and security engineers with network-level access control issues.
+		Information security is commonly thought of as a process and not a product. However, standard security implementations usually employ some form of dedicated mechanism to control access privileges and restrict network resources to users who are authorized, identifiable, and traceable. Fedora includes several tools to assist administrators and security engineers with network-level access control issues.
 	</para>
 	<para>
 		Firewalls are one of the core components of a network security implementation. Several vendors market firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data center solutions safeguarding vital enterprise information. Firewalls can be stand-alone hardware solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint, McAfee, and Symantec have also developed proprietary software firewall solutions for home and business markets.
@@ -130,22 +130,22 @@
 			Just as a firewall in a building attempts to prevent a fire from spreading, a computer firewall attempts to prevent malicious software from spreading to your computer. It also helps to prevent unauthorized users from accessing your computer.
 		</para>
 		<para>
-			In a default &PROD; installation, a firewall exists between your computer or network and any untrusted networks, for example the Internet. It determines which services on your computer remote users can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any &PROD; system with an Internet connection.
+			In a default Fedora installation, a firewall exists between your computer or network and any untrusted networks, for example the Internet. It determines which services on your computer remote users can access. A properly configured firewall can greatly increase the security of your system. It is recommended that you configure a firewall for any Fedora system with an Internet connection.
 		</para>
 		<section id="sect-Security_Guide-Basic_Firewall_Configuration-RHSECLEVELTOOL">
-			<title><application>&RHSECLEVELTOOL;</application></title>
+			<title><application>Firewall Administration Tool</application></title>
 			<para>
-				During the <guilabel>Firewall Configuration</guilabel> screen of the &PROD; installation, you were given the option to enable a basic firewall as well as to allow specific devices, incoming services, and ports.
+				During the <guilabel>Firewall Configuration</guilabel> screen of the Fedora installation, you were given the option to enable a basic firewall as well as to allow specific devices, incoming services, and ports.
 			</para>
 			<para>
-				After installation, you can change this preference by using the <application>&RHSECLEVELTOOL;</application>.
+				After installation, you can change this preference by using the <application>Firewall Administration Tool</application>.
 			</para>
 			<para>
 				To start this application, use the following command:
 			</para>
 <screen>[root at myServer ~] # system-config-firewall</screen>
 			<figure float="0" id="figu-Security_Guide-RHSECLEVELTOOL-RHSECLEVELTOOL">
-				<title><application>&RHSECLEVELTOOL;</application></title>
+				<title><application>Firewall Administration Tool</application></title>
 				<mediaobject>
 					<imageobject>
 						<imagedata fileref="images/fed-firewall_config.png" format="PNG" />
@@ -160,7 +160,7 @@
 			<note>
 				<title>Note</title>
 				<para>
-					The <application>&RHSECLEVELTOOL;</application> only configures a basic firewall. If the system needs more complex rules, refer to <xref linkend="sect-Security_Guide-IPTables" /> for details on configuring specific <command>iptables</command> rules.
+					The <application>Firewall Administration Tool</application> only configures a basic firewall. If the system needs more complex rules, refer to <xref linkend="sect-Security_Guide-IPTables" /> for details on configuring specific <command>iptables</command> rules.
 				</para>
 			</note>
 		</section>
@@ -264,7 +264,7 @@
 		<section id="sect-Security_Guide-Basic_Firewall_Configuration-Other_Ports">
 			<title>Other Ports</title>
 			<para>
-				The <application>&RHSECLEVELTOOL;</application> includes an <guilabel>Other ports</guilabel> section for specifying custom IP ports as being trusted by <command>iptables</command>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <guilabel>Other ports</guilabel> section:
+				The <application>Firewall Administration Tool</application> includes an <guilabel>Other ports</guilabel> section for specifying custom IP ports as being trusted by <command>iptables</command>. For example, to allow IRC and Internet printing protocol (IPP) to pass through the firewall, add the following to the <guilabel>Other ports</guilabel> section:
 			</para>
 			<para>
 				<computeroutput>194:tcp,631:tcp</computeroutput>
@@ -457,7 +457,7 @@
 		<note>
 			<title>Note</title>
 			<para>
-				By default, the IPv4 policy in &PROD; kernels disables support for IP forwarding. This prevents machines that run &PROD; from functioning as dedicated edge routers. To enable IP forwarding, use the following command:
+				By default, the IPv4 policy in Fedora kernels disables support for IP forwarding. This prevents machines that run Fedora from functioning as dedicated edge routers. To enable IP forwarding, use the following command:
 			</para>
 <screen>[root at myServer ~ ] # sysctl -w net.ipv4.ip_forward=1</screen>
 			<para>
@@ -618,7 +618,7 @@
 			The introduction of the next-generation Internet Protocol, called IPv6, expands beyond the 32-bit address limit of IPv4 (or IP). IPv6 supports 128-bit addresses, and carrier networks that are IPv6 aware are therefore able to address a larger number of routable addresses than IPv4.
 		</para>
 		<para>
-			&PROD; supports IPv6 firewall rules using the Netfilter 6 subsystem and the <command>ip6tables</command> command. In Fedora 12, both IPv4 and IPv6 services are enabled by default.
+			Fedora supports IPv6 firewall rules using the Netfilter 6 subsystem and the <command>ip6tables</command> command. In Fedora 12, both IPv4 and IPv6 services are enabled by default.
 		</para>
 		<para>
 			The <command>ip6tables</command> command syntax is identical to <command>iptables</command> in every aspect except that it supports 128-bit addresses. For example, use the following command to enable SSH connections on an IPv6-aware network server:

Modified: community/f14/en-US/IP_Tables.xml
===================================================================
--- community/f14/en-US/IP_Tables.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/IP_Tables.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -862,7 +862,7 @@
 		<itemizedlist>
 			<listitem>
 				<para>
-					<application>&RHSECLEVELTOOL;</application> (<command>system-config-securitylevel</command>) &mdash; A graphical interface for creating, activating, and saving basic firewall rules. Refer to <xref linkend="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration" /> for more information.
+					<application>Firewall Administration Tool</application> (<command>system-config-securitylevel</command>) &mdash; A graphical interface for creating, activating, and saving basic firewall rules. Refer to <xref linkend="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration" /> for more information.
 				</para>
 			</listitem>
 			<listitem>

Modified: community/f14/en-US/Kerberos.xml
===================================================================
--- community/f14/en-US/Kerberos.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Kerberos.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -54,7 +54,7 @@
 				</listitem>
 				<listitem>
 					<para>
-						Kerberos has only partial compatibility with the Pluggable Authentication Modules (PAM) system used by most &PROD; servers. Refer to <xref linkend="sect-Security_Guide-Kerberos-Kerberos_and_PAM" /> for more information about this issue.
+						Kerberos has only partial compatibility with the Pluggable Authentication Modules (PAM) system used by most Fedora servers. Refer to <xref linkend="sect-Security_Guide-Kerberos-Kerberos_and_PAM" /> for more information about this issue.
 					</para>
 				</listitem>
 				<listitem>
@@ -328,7 +328,7 @@
 					Ensure that time synchronization and DNS are functioning correctly on all client and server machines before configuring Kerberos. Pay particular attention to time synchronization between the Kerberos server and its clients. If the time difference between the server and client is greater than five minutes (this is configurable in Kerberos 5), Kerberos clients can not authenticate to the server. This time synchronization is necessary to prevent an attacker from using an old Kerberos ticket to masquerade as a valid user.
 				</para>
 				<para>
-					It is advisable to set up a Network Time Protocol (NTP) compatible client/server network even if Kerberos is not being used. &PROD; includes the <filename>ntp</filename> package for this purpose. Refer to <filename>/usr/share/doc/ntp-<replaceable>&lt;version-number&gt;</replaceable>/index.html</filename> (where <replaceable>&lt;version-number&gt;</replaceable> is the version number of the <filename>ntp</filename> package installed on your system) for details about how to set up Network Time Protocol servers, and <ulink url="http://www.ntp.org">http://www.ntp.org</ulink> for more information about NTP.
+					It is advisable to set up a Network Time Protocol (NTP) compatible client/server network even if Kerberos is not being used. Fedora includes the <filename>ntp</filename> package for this purpose. Refer to <filename>/usr/share/doc/ntp-<replaceable>&lt;version-number&gt;</replaceable>/index.html</filename> (where <replaceable>&lt;version-number&gt;</replaceable> is the version number of the <filename>ntp</filename> package installed on your system) for details about how to set up Network Time Protocol servers, and <ulink url="http://www.ntp.org">http://www.ntp.org</ulink> for more information about NTP.
 				</para>
 			</step>
 			<step>
@@ -462,7 +462,7 @@
 							IMAP &mdash; To use a kerberized IMAP server, the <filename>cyrus-imap</filename> package uses Kerberos 5 if it also has the <filename>cyrus-sasl-gssapi</filename> package installed. The <filename>cyrus-sasl-gssapi</filename> package contains the Cyrus SASL plugins which support GSS-API authentication. Cyrus IMAP should function properly with Kerberos as long as the <command>cyrus</command> user is able to find the proper key in <filename>/etc/krb5.keytab</filename>, and the root for the principal is set to <command>imap</command> (created with <command>kadmin</command>).
 						</para>
 						<para>
-							An alternative to <filename>cyrus-imap</filename> can be found in the <command>dovecot</command> package, which is also included in &PROD;. This package contains an IMAP server but does not, to date, support GSS-API and Kerberos.
+							An alternative to <filename>cyrus-imap</filename> can be found in the <command>dovecot</command> package, which is also included in Fedora. This package contains an IMAP server but does not, to date, support GSS-API and Kerberos.
 						</para>
 					</listitem>
 					<listitem>

Modified: community/f14/en-US/Pam.xml
===================================================================
--- community/f14/en-US/Pam.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Pam.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -8,7 +8,7 @@
 		Programs that grant users access to a system use <firstterm>authentication</firstterm> to verify each other&#39;s identity (that is, to establish that a user is who they say they are).
 	</para>
 	<para>
-		Historically, each program had its own way of authenticating users. In &PROD;, many programs are configured to use a centralized authentication mechanism called <firstterm>Pluggable Authentication Modules</firstterm> (<acronym>PAM</acronym>).
+		Historically, each program had its own way of authenticating users. In Fedora, many programs are configured to use a centralized authentication mechanism called <firstterm>Pluggable Authentication Modules</firstterm> (<acronym>PAM</acronym>).
 	</para>
 	<para>
 		PAM uses a pluggable, modular architecture, which affords the system administrator a great deal of flexibility in setting authentication policies for the system.
@@ -198,7 +198,7 @@
 		<section id="sect-Security_Guide-PAM_Configuration_File_Format-Module_Name">
 			<title>Module Name</title>
 			<para>
-				The module name provides PAM with the name of the pluggable module containing the specified module interface. In older versions of &PROD;, the full path to the module was provided in the PAM configuration file. However, since the advent of <firstterm>multilib</firstterm> systems, which store 64-bit PAM modules in the <filename>/lib64/security/</filename> directory, the directory name is omitted because the application is linked to the appropriate version of <filename>libpam</filename>, which can locate the correct version of the module.
+				The module name provides PAM with the name of the pluggable module containing the specified module interface. In older versions of Fedora, the full path to the module was provided in the PAM configuration file. However, since the advent of <firstterm>multilib</firstterm> systems, which store 64-bit PAM modules in the <filename>/lib64/security/</filename> directory, the directory name is omitted because the application is linked to the appropriate version of <filename>libpam</filename>, which can locate the correct version of the module.
 			</para>
 		</section>
 		
@@ -338,7 +338,7 @@
 	<section id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Administrative_Credential_Caching">
 		<title>PAM and Administrative Credential Caching</title>
 		<para>
-			A number of graphical administrative tools in &PROD; provide users with elevated privileges for up to five minutes using the <filename>pam_timestamp.so</filename> module. It is important to understand how this mechanism works, because a user who walks away from a terminal while <filename>pam_timestamp.so</filename> is in effect leaves the machine open to manipulation by anyone with physical access to the console.
+			A number of graphical administrative tools in Fedora provide users with elevated privileges for up to five minutes using the <filename>pam_timestamp.so</filename> module. It is important to understand how this mechanism works, because a user who walks away from a terminal while <filename>pam_timestamp.so</filename> is in effect leaves the machine open to manipulation by anyone with physical access to the console.
 		</para>
 		<para>
 			In the PAM timestamp scheme, the graphical administrative application prompts the user for the root password when it is launched. When the user has been authenticated, the <filename>pam_timestamp.so</filename> module creates a timestamp file. By default, this is created in the <filename>/var/run/sudo/</filename> directory. If the timestamp file already exists, graphical administrative programs do not prompt for a password. Instead, the <filename>pam_timestamp.so</filename> module freshens the timestamp file, reserving an extra five minutes of unchallenged administrative access for the user.
@@ -441,12 +441,12 @@
 	<section id="sect-Security_Guide-Pluggable_Authentication_Modules_PAM-PAM_and_Device_Ownership">
 		<title>PAM and Device Ownership</title>
 		<para>
-			In &PROD;, the first user who logs in at the physical console of the machine can manipulate certain devices and perform certain tasks normally reserved for the root user. This is controlled by a PAM module called <filename>pam_console.so</filename>.
+			In Fedora, the first user who logs in at the physical console of the machine can manipulate certain devices and perform certain tasks normally reserved for the root user. This is controlled by a PAM module called <filename>pam_console.so</filename>.
 		</para>
 		<section id="sect-Security_Guide-PAM_and_Device_Ownership-Device_Ownership">
 			<title>Device Ownership</title>
 			<para>
-				When a user logs in to a &PROD; system, the <filename>pam_console.so</filename> module is called by <command>login</command> or the graphical login programs, <application>gdm</application>, <application>kdm</application>, and <application>xdm</application>. If this user is the first user to log in at the physical console &mdash; referred to as the <firstterm>console user</firstterm> &mdash; the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. After this user has logged out, ownership of the devices reverts back to the root user.
+				When a user logs in to a Fedora system, the <filename>pam_console.so</filename> module is called by <command>login</command> or the graphical login programs, <application>gdm</application>, <application>kdm</application>, and <application>xdm</application>. If this user is the first user to log in at the physical console &mdash; referred to as the <firstterm>console user</firstterm> &mdash; the module grants the user ownership of a variety of devices normally owned by root. The console user owns these devices until the last local session for that user ends. After this user has logged out, ownership of the devices reverts back to the root user.
 			</para>
 			<para>
 				The devices affected include, but are not limited to, sound cards, diskette drives, and CD-ROM drives.
@@ -552,7 +552,7 @@
 											<command>pam</command> &mdash; Good introductory information on PAM, including the structure and purpose of the PAM configuration files.
 										</para>
 										<para>
-											Note that this man page discusses both <filename>/etc/pam.conf</filename> and individual configuration files in the <filename>/etc/pam.d/</filename> directory. By default, &PROD; uses the individual configuration files in the <filename>/etc/pam.d/</filename> directory, ignoring <filename>/etc/pam.conf</filename> even if it exists.
+											Note that this man page discusses both <filename>/etc/pam.conf</filename> and individual configuration files in the <filename>/etc/pam.d/</filename> directory. By default, Fedora uses the individual configuration files in the <filename>/etc/pam.d/</filename> directory, ignoring <filename>/etc/pam.conf</filename> even if it exists.
 										</para>
 									</listitem>
 									<listitem>
@@ -603,7 +603,7 @@
 					<note>
 						<title>Note</title>
 						<para>
-							The documentation in the above website is for the last released upstream version of PAM and might not be 100% accurate for the PAM version included in &PROD;.
+							The documentation in the above website is for the last released upstream version of PAM and might not be 100% accurate for the PAM version included in Fedora.
 						</para>
 					</note>
 				</listitem>

Modified: community/f14/en-US/References.xml
===================================================================
--- community/f14/en-US/References.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/References.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -5,7 +5,7 @@
 <chapter id="chap-Security_Guide-References">
 	<title>References</title>
 	<para>
-		The following references are pointers to additional information that is relevant to &SEL; and &PROD; but beyond the scope of this guide. Note that due to the rapid development of &SEL;, some of this material may only apply to specific releases of &PROD;.
+		The following references are pointers to additional information that is relevant to SELinux and Fedora but beyond the scope of this guide. Note that due to the rapid development of SELinux, some of this material may only apply to specific releases of Fedora.
 	</para>
 	<variablelist id="vari-Security_Guide-References-Books">
 		<title>Books</title>

Modified: community/f14/en-US/Revision_History.xml
===================================================================
--- community/f14/en-US/Revision_History.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Revision_History.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -7,6 +7,20 @@
 <simpara>
 <revhistory>
         <revision>
+                <revnumber>14.2-0</revnumber>
+                <date>Fri Oct 6 2010</date>
+                <author>
+                        <firstname>Eric</firstname>
+                        <surname>Christensen</surname>
+                        <email>sparks at fedoraproject.org</email>
+                </author>
+                <revdescription>
+                        <simplelist>
+                                <member>Removed all variables in the document source.</member>
+                        </simplelist>
+                </revdescription>
+        </revision>
+        <revision>
                 <revnumber>14.1-2</revnumber>
                 <date>Fri Oct 1 2010</date>
                 <author>

Modified: community/f14/en-US/SSO_Overview.xml
===================================================================
--- community/f14/en-US/SSO_Overview.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/SSO_Overview.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -7,7 +7,7 @@
 	<section id="sect-Security_Guide-Single_Sign_on_SSO-Introduction">
 		<title>Introduction</title>
 		<para>
-			The &PROD; SSO functionality reduces the number of times &PROD; desktop users have to enter their passwords. Several major applications leverage the same underlying authentication and authorization mechanisms so that users can log in to &PROD; from the log-in screen, and then not need to re-enter their passwords. These applications are detailed below.
+			The Fedora SSO functionality reduces the number of times Fedora desktop users have to enter their passwords. Several major applications leverage the same underlying authentication and authorization mechanisms so that users can log in to Fedora from the log-in screen, and then not need to re-enter their passwords. These applications are detailed below.
 		</para>
 		<para>
 			In addition, users can log in to their machines even when there is no network (<firstterm>offline mode</firstterm>) or where network connectivity is unreliable, for example, wireless access. In the latter case, services will degrade gracefully.
@@ -15,7 +15,7 @@
 		<section id="sect-Security_Guide-Introduction-Supported_Applications">
 			<title>Supported Applications</title>
 			<para>
-				The following applications are currently supported by the unified log-in scheme in &PROD;:
+				The following applications are currently supported by the unified log-in scheme in Fedora:
 			</para>
 			<itemizedlist>
 				<listitem>
@@ -39,7 +39,7 @@
 		<section id="sect-Security_Guide-Introduction-Supported_Authentication_Mechanisms">
 			<title>Supported Authentication Mechanisms</title>
 			<para>
-				&PROD; currently supports the following authentication mechanisms:
+				Fedora currently supports the following authentication mechanisms:
 			</para>
 			<itemizedlist>
 				<listitem>
@@ -58,23 +58,23 @@
 		<section id="sect-Security_Guide-Introduction-Supported_Smart_Cards">
 			<title>Supported Smart Cards</title>
 			<para>
-				&PROD; has been tested with the Cyberflex e-gate card and reader, but any card that complies with both Java card 2.1.1 and Global Platform 2.0.1 specifications should operate correctly, as should any reader that is supported by PCSC-lite.
+				Fedora has been tested with the Cyberflex e-gate card and reader, but any card that complies with both Java card 2.1.1 and Global Platform 2.0.1 specifications should operate correctly, as should any reader that is supported by PCSC-lite.
 			</para>
 			<para>
-				&PROD; has also been tested with Common Access Cards (CAC). The supported reader for CAC is the SCM SCR 331 USB Reader.
+				Fedora has also been tested with Common Access Cards (CAC). The supported reader for CAC is the SCM SCR 331 USB Reader.
 			</para>
 			<para>
-				As of &PROD; 5.2, Gemalto smart cards (Cyberflex Access 64k v2, standard with DER SHA1 value configured as in PKCSI v2.1) are now supported. These smart cards now use readers compliant with Chip/Smart Card Interface Devices (CCID).
+				As of Fedora 5.2, Gemalto smart cards (Cyberflex Access 64k v2, standard with DER SHA1 value configured as in PKCSI v2.1) are now supported. These smart cards now use readers compliant with Chip/Smart Card Interface Devices (CCID).
 			</para>
 		</section>
 		
 		<section id="sect-Security_Guide-Introduction-Advantages_of_PROD_Single_Sign_on">
-			<title>Advantages of &PROD; Single Sign-on</title>
+			<title>Advantages of Fedora Single Sign-on</title>
 			<para>
-				Numerous security mechanisms currently exist that utilize a large number of protocols and credential stores. Examples include SSL, SSH, IPsec, and Kerberos. &PROD; SSO aims to unify these schemes to support the requirements listed above. This does not mean replacing Kerberos with X.509v3 certificates, but rather uniting them to reduce the burden on both system users and the administrators who manage them.
+				Numerous security mechanisms currently exist that utilize a large number of protocols and credential stores. Examples include SSL, SSH, IPsec, and Kerberos. Fedora SSO aims to unify these schemes to support the requirements listed above. This does not mean replacing Kerberos with X.509v3 certificates, but rather uniting them to reduce the burden on both system users and the administrators who manage them.
 			</para>
 			<para>
-				To achieve this goal, &PROD;:
+				To achieve this goal, Fedora:
 			</para>
 			<itemizedlist>
 				<listitem>
@@ -84,7 +84,7 @@
 				</listitem>
 				<listitem>
 					<para>
-						Ships the Certificate System&#39;s Enterprise Security Client (ESC) with the base operating system. The ESC application monitors smart card insertion events. If it detects that the user has inserted a smart card that was designed to be used with the &PROD; Certificate System server product, it displays a user interface instructing the user how to enroll that smart card.
+						Ships the Certificate System&#39;s Enterprise Security Client (ESC) with the base operating system. The ESC application monitors smart card insertion events. If it detects that the user has inserted a smart card that was designed to be used with the Fedora Certificate System server product, it displays a user interface instructing the user how to enroll that smart card.
 					</para>
 				</listitem>
 				<listitem>

Modified: community/f14/en-US/Security_Guide.ent
===================================================================
--- community/f14/en-US/Security_Guide.ent	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Security_Guide.ent	2010-10-07 03:55:28 UTC (rev 671)
@@ -1,21 +1,5 @@
 <!ENTITY PRODUCT "Fedora">
-<!ENTITY BOOKID "Security_Guide">
-
-
-
-
-<!ENTITY PROD "Fedora">
-<!ENTITY RHELVER "10">
-<!ENTITY SEL "SELinux">
-<!ENTITY FORMAL-RHI "Fedora Core">
-
-<!ENTITY RH "Red Hat">
-<!ENTITY RHSELINUXTOOL "&SEL; Administration Tool">
-<!ENTITY CURRENTVER "10">
-<!ENTITY HOLDER "Red Hat, Inc">
+<!ENTITY BOOKID "security-guide">
+<!ENTITY HOLDER "Red Hat, Inc and others">
 <!ENTITY YEAR "2010">
 
-
-
-<!ENTITY RHSECLEVELTOOL "Firewall Configuration Tool">
-<!ENTITY RHN "Red Hat Network">

Modified: community/f14/en-US/Tcp_Wrappers.xml
===================================================================
--- community/f14/en-US/Tcp_Wrappers.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Tcp_Wrappers.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -5,7 +5,7 @@
 <section id="sect-Security_Guide-TCP_Wrappers_and_xinetd">
 	<title>TCP Wrappers and xinetd</title>
 	<para>
-		Controlling access to network services is one of the most important security tasks facing a server administrator. &PROD; provides several tools for this purpose. For example, an <command>iptables</command>-based firewall filters out unwelcome network packets within the kernel&#39;s network stack. For network services that utilize it, <firstterm>TCP Wrappers</firstterm> add an additional layer of protection by defining which hosts are or are not allowed to connect to "<emphasis>wrapped</emphasis>" network services. One such wrapped network service is the <systemitem class="daemon">xinetd</systemitem> <emphasis>super server</emphasis>. This service is called a super server because it controls connections to a subset of network services and further refines access control.
+		Controlling access to network services is one of the most important security tasks facing a server administrator. Fedora provides several tools for this purpose. For example, an <command>iptables</command>-based firewall filters out unwelcome network packets within the kernel&#39;s network stack. For network services that utilize it, <firstterm>TCP Wrappers</firstterm> add an additional layer of protection by defining which hosts are or are not allowed to connect to "<emphasis>wrapped</emphasis>" network services. One such wrapped network service is the <systemitem class="daemon">xinetd</systemitem> <emphasis>super server</emphasis>. This service is called a super server because it controls connections to a subset of network services and further refines access control.
 	</para>
 	<para>
 		<xref linkend="figu-Security_Guide-TCP_Wrappers_and_xinetd-Access_Control_to_Network_Services" /> is a basic illustration of how these tools work together to protect network services.
@@ -41,7 +41,7 @@
 			In addition to access control and logging, TCP Wrappers can execute commands to interact with the client before denying or releasing control of the connection to the requested network service.
 		</para>
 		<para>
-			Because TCP Wrappers are a valuable addition to any server administrator&#39;s arsenal of security tools, most network services within &PROD; are linked to the <filename>libwrap.a</filename> library. Some such applications include <systemitem class="daemon">/usr/sbin/sshd</systemitem>, <command>/usr/sbin/sendmail</command>, and <systemitem class="daemon">/usr/sbin/xinetd</systemitem>.
+			Because TCP Wrappers are a valuable addition to any server administrator&#39;s arsenal of security tools, most network services within Fedora are linked to the <filename>libwrap.a</filename> library. Some such applications include <systemitem class="daemon">/usr/sbin/sshd</systemitem>, <command>/usr/sbin/sendmail</command>, and <systemitem class="daemon">/usr/sbin/xinetd</systemitem>.
 		</para>
 		<note>
 			<title>Note</title>
@@ -366,7 +366,7 @@
 		<section id="sect-Security_Guide-TCP_Wrappers_Configuration_Files-Option_Fields">
 			<title>Option Fields</title>
 			<para>
-				In addition to basic rules that allow and deny access, the &PROD; implementation of TCP Wrappers supports extensions to the access control language through <firstterm>option fields</firstterm>. By using option fields in hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
+				In addition to basic rules that allow and deny access, the Fedora implementation of TCP Wrappers supports extensions to the access control language through <firstterm>option fields</firstterm>. By using option fields in hosts access rules, administrators can accomplish a variety of tasks such as altering log behavior, consolidating access control, and launching shell commands.
 			</para>
 			<section id="sect-Security_Guide-Option_Fields-Logging">
 				<title>Logging</title>

Modified: community/f14/en-US/VPN.xml
===================================================================
--- community/f14/en-US/VPN.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/VPN.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -27,19 +27,19 @@
 	</section>
 	
 	<section id="sect-Security_Guide-Virtual_Private_Networks_VPNs-VPNs_and_PROD">
-		<title>VPNs and &PROD;</title>
+		<title>VPNs and Fedora</title>
 		<para>
-			&PROD; provides various options in terms of implementing a software solution to securely connect to a <acronym>WAN</acronym>. <firstterm>Internet Protocol Security</firstterm> (<acronym>IPsec</acronym>) is the supported <abbrev>VPN</abbrev> implementation for &PROD;, and sufficiently addresses the usability needs of organizations with branch offices or remote users.
+			Fedora provides various options in terms of implementing a software solution to securely connect to a <acronym>WAN</acronym>. <firstterm>Internet Protocol Security</firstterm> (<acronym>IPsec</acronym>) is the supported <abbrev>VPN</abbrev> implementation for Fedora, and sufficiently addresses the usability needs of organizations with branch offices or remote users.
 		</para>
 	</section>
 	
 	<section id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec">
 		<title>IPsec</title>
 		<para>
-			&PROD; supports <abbrev>IPsec</abbrev> for connecting remote hosts and networks to each other using a secure tunnel on a common carrier network such as the Internet. <abbrev>IPsec</abbrev> can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one <acronym>LAN</acronym>/<acronym>WAN</acronym> to another) configuration.
+			Fedora supports <abbrev>IPsec</abbrev> for connecting remote hosts and networks to each other using a secure tunnel on a common carrier network such as the Internet. <abbrev>IPsec</abbrev> can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one <acronym>LAN</acronym>/<acronym>WAN</acronym> to another) configuration.
 		</para>
 		<para>
-			The <abbrev>IPsec</abbrev> implementation in &PROD; uses <firstterm>Internet Key Exchange</firstterm> (<firstterm>IKE</firstterm>), a protocol implemented by the Internet Engineering Task Force (<acronym>IETF</acronym>), used for mutual authentication and secure associations between connecting systems.
+			The <abbrev>IPsec</abbrev> implementation in Fedora uses <firstterm>Internet Key Exchange</firstterm> (<firstterm>IKE</firstterm>), a protocol implemented by the Internet Engineering Task Force (<acronym>IETF</acronym>), used for mutual authentication and secure associations between connecting systems.
 		</para>
 	</section>
 	
@@ -49,13 +49,13 @@
 			An <abbrev>IPsec</abbrev> connection is split into two logical phases. In phase 1, an <abbrev>IPsec</abbrev> node initializes the connection with the remote node or network. The remote node or network checks the requesting node&#39;s credentials and both parties negotiate the authentication method for the connection.
 		</para>
 		<para>
-			On &PROD; systems, an <abbrev>IPsec</abbrev> connection uses the <firstterm>pre-shared key</firstterm> method of <abbrev>IPsec</abbrev> node authentication. In a pre-shared key <abbrev>IPsec</abbrev> connection, both hosts must use the same key in order to move to Phase 2 of the <abbrev>IPsec</abbrev> connection.
+			On Fedora systems, an <abbrev>IPsec</abbrev> connection uses the <firstterm>pre-shared key</firstterm> method of <abbrev>IPsec</abbrev> node authentication. In a pre-shared key <abbrev>IPsec</abbrev> connection, both hosts must use the same key in order to move to Phase 2 of the <abbrev>IPsec</abbrev> connection.
 		</para>
 		<para>
 			Phase 2 of the <abbrev>IPsec</abbrev> connection is where the <firstterm>Security Association</firstterm> (<acronym>SA</acronym>) is created between <abbrev>IPsec</abbrev> nodes. This phase establishes an <abbrev>SA</abbrev> database with configuration information, such as the encryption method, secret session key exchange parameters, and more. This phase manages the actual <abbrev>IPsec</abbrev> connection between remote nodes and networks.
 		</para>
 		<para>
-			The &PROD; implementation of <abbrev>IPsec</abbrev> uses IKE for sharing keys between hosts across the Internet. The <command>racoon</command> keying daemon handles the IKE key distribution and exchange. Refer to the <command>racoon</command> man page for more information about this daemon.
+			The Fedora implementation of <abbrev>IPsec</abbrev> uses IKE for sharing keys between hosts across the Internet. The <command>racoon</command> keying daemon handles the IKE key distribution and exchange. Refer to the <command>racoon</command> man page for more information about this daemon.
 		</para>
 	</section>
 	
@@ -82,7 +82,7 @@
 			</listitem>
 		</itemizedlist>
 		<para>
-			To configure <abbrev>IPsec</abbrev> on &PROD;, you can use the <application>Network Administration Tool</application>, or manually edit the networking and <abbrev>IPsec</abbrev> configuration files.
+			To configure <abbrev>IPsec</abbrev> on Fedora, you can use the <application>Network Administration Tool</application>, or manually edit the networking and <abbrev>IPsec</abbrev> configuration files.
 		</para>
 		<itemizedlist>
 			<listitem>
@@ -101,7 +101,7 @@
 	<section id="sect-Security_Guide-Virtual_Private_Networks_VPNs-IPsec_Host_to_Host_Configuration">
 		<title>IPsec Host-to-Host Configuration</title>
 		<para>
-			IPsec can be configured to connect one desktop or workstation (host) to another using a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between each host. The requirements of a host-to-host connection are minimal, as is the configuration of <abbrev>IPsec</abbrev> on each host. The hosts need only a dedicated connection to a carrier network (such as the Internet) and &PROD; to create the <abbrev>IPsec</abbrev> connection.
+			IPsec can be configured to connect one desktop or workstation (host) to another using a host-to-host connection. This type of connection uses the network to which each host is connected to create a secure tunnel between each host. The requirements of a host-to-host connection are minimal, as is the configuration of <abbrev>IPsec</abbrev> on each host. The hosts need only a dedicated connection to a carrier network (such as the Internet) and Fedora to create the <abbrev>IPsec</abbrev> connection.
 		</para>
 		<section id="sect-Security_Guide-IPsec_Host_to_Host_Configuration-Host_to_Host_Connection">
 			<title>Host-to-Host Connection</title>
@@ -353,7 +353,7 @@
 	}
 }</screen>
 			<para>
-				The default phase 1 configuration file that is created when an <abbrev>IPsec</abbrev> connection is initialized contains the following statements used by the &PROD; implementation of IPsec:
+				The default phase 1 configuration file that is created when an <abbrev>IPsec</abbrev> connection is initialized contains the following statements used by the Fedora implementation of IPsec:
 			</para>
 			<variablelist>
 				<varlistentry>
@@ -368,7 +368,7 @@
 					<term>exchange_mode aggressive</term>
 					<listitem>
 						<para>
-							The default configuration for <abbrev>IPsec</abbrev> on &PROD; uses an aggressive authentication mode, which lowers the connection overhead while allowing configuration of several <abbrev>IPsec</abbrev> connections with multiple hosts.
+							The default configuration for <abbrev>IPsec</abbrev> on Fedora uses an aggressive authentication mode, which lowers the connection overhead while allowing configuration of several <abbrev>IPsec</abbrev> connections with multiple hosts.
 						</para>
 					</listitem>
 				</varlistentry>
@@ -376,7 +376,7 @@
 					<term>my_identifier address</term>
 					<listitem>
 						<para>
-							Specifies the identification method to use when authenticating nodes. &PROD; uses IP addresses to identify nodes.
+							Specifies the identification method to use when authenticating nodes. Fedora uses IP addresses to identify nodes.
 						</para>
 					</listitem>
 				</varlistentry>
@@ -400,7 +400,7 @@
 					<term>authentication_method pre_shared_key</term>
 					<listitem>
 						<para>
-							Specifies the authentication method used during node negotiation. By default, &PROD; uses pre-shared keys for authentication.
+							Specifies the authentication method used during node negotiation. By default, Fedora uses pre-shared keys for authentication.
 						</para>
 					</listitem>
 				</varlistentry>
@@ -450,7 +450,7 @@
 						<term>pfs_group 2</term>
 						<listitem>
 							<para>
-								Defines the Diffie-Hellman key exchange protocol, which determines the method by which the <abbrev>IPsec</abbrev> nodes establish a mutual temporary session key for the second phase of <abbrev>IPsec</abbrev> connectivity. By default, the &PROD; implementation of <abbrev>IPsec</abbrev> uses group 2 (or <computeroutput>modp1024</computeroutput>) of the Diffie-Hellman cryptographic key exchange groups. Group 2 uses a 1024-bit modular exponentiation that prevents attackers from decrypting previous <abbrev>IPsec</abbrev> transmissions even if a private key is compromised.
+								Defines the Diffie-Hellman key exchange protocol, which determines the method by which the <abbrev>IPsec</abbrev> nodes establish a mutual temporary session key for the second phase of <abbrev>IPsec</abbrev> connectivity. By default, the Fedora implementation of <abbrev>IPsec</abbrev> uses group 2 (or <computeroutput>modp1024</computeroutput>) of the Diffie-Hellman cryptographic key exchange groups. Group 2 uses a 1024-bit modular exponentiation that prevents attackers from decrypting previous <abbrev>IPsec</abbrev> transmissions even if a private key is compromised.
 							</para>
 						</listitem>
 					</varlistentry>
@@ -458,7 +458,7 @@
 						<term>lifetime time 1 hour</term>
 						<listitem>
 							<para>
-								This parameter specifies the lifetime of an SA and can be quantified either by time or by bytes of data. The default &PROD; implementation of <abbrev>IPsec</abbrev> specifies a one hour lifetime.
+								This parameter specifies the lifetime of an SA and can be quantified either by time or by bytes of data. The default Fedora implementation of <abbrev>IPsec</abbrev> specifies a one hour lifetime.
 							</para>
 						</listitem>
 					</varlistentry>
@@ -466,7 +466,7 @@
 						<term>encryption_algorithm 3des, blowfish 448, rijndael</term>
 						<listitem>
 							<para>
-								Specifies the supported encryption ciphers for phase 2. &PROD; supports 3DES, 448-bit Blowfish, and Rijndael (the cipher used in the <firstterm>Advanced Encryption Standard</firstterm>, or <acronym>AES</acronym>).
+								Specifies the supported encryption ciphers for phase 2. Fedora supports 3DES, 448-bit Blowfish, and Rijndael (the cipher used in the <firstterm>Advanced Encryption Standard</firstterm>, or <acronym>AES</acronym>).
 							</para>
 						</listitem>
 					</varlistentry>

Modified: community/f14/en-US/Wstation.xml
===================================================================
--- community/f14/en-US/Wstation.xml	2010-10-07 02:59:04 UTC (rev 670)
+++ community/f14/en-US/Wstation.xml	2010-10-07 03:55:28 UTC (rev 671)
@@ -1210,7 +1210,7 @@
 			Firewalls prevent network packets from accessing the system&#39;s network interface. If a request is made to a port that is blocked by a firewall, the request is ignored. If a service is listening on one of these blocked ports, it does not receive the packets and is effectively disabled. For this reason, care should be taken when configuring a firewall to block access to ports not in use, while not blocking access to ports used by configured services.
 		</para>
 		<para>
-			For most users, the best tool for configuring a simple firewall is the graphical firewall configuration tool which ships with Fedora: the <application>&RHSECLEVELTOOL;</application> (<command>system-config-firewall</command>). This tool creates broad <command>iptables</command> rules for a general-purpose firewall using a control panel interface.
+			For most users, the best tool for configuring a simple firewall is the graphical firewall configuration tool which ships with Fedora: the <application>Firewall Administration Tool</application> (<command>system-config-firewall</command>). This tool creates broad <command>iptables</command> rules for a general-purpose firewall using a control panel interface.
 		</para>
 		<para>
 			Refer to <xref linkend="sect-Security_Guide-Firewalls-Basic_Firewall_Configuration" /> for more information about using this application and its available options.



More information about the docs-commits mailing list