r3344 - trunk/BOOK/postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Wed Jan 26 19:26:54 PST 2005


Author: randy
Date: 2005-01-26 20:26:52 -0700 (Wed, 26 Jan 2005)
New Revision: 3344

Modified:
   trunk/BOOK/postlfs/security/cyrus-sasl.xml
   trunk/BOOK/postlfs/security/gnupg.xml
   trunk/BOOK/postlfs/security/mitkrb.xml
   trunk/BOOK/postlfs/security/stunnel.xml
   trunk/BOOK/postlfs/security/tripwire.xml
Log:
Added indexing tags to Tripwire; more Chapter 4 clean-up

Modified: trunk/BOOK/postlfs/security/cyrus-sasl.xml
===================================================================
--- trunk/BOOK/postlfs/security/cyrus-sasl.xml	2005-01-27 02:31:07 UTC (rev 3343)
+++ trunk/BOOK/postlfs/security/cyrus-sasl.xml	2005-01-27 03:26:52 UTC (rev 3344)
@@ -82,8 +82,11 @@
 <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \
             --with-dbpath=/var/lib/sasl/sasldb2 \
             --with-saslauthd=/var/run &&
-make &&
-make install &&
+make</command></userinput></screen>
+
+<para>Now, as the root user:</para>
+
+<screen><userinput role='root'><command>make install &&
 install -m644 saslauthd/saslauthd.mdoc \
     /usr/share/man/man8/saslauthd.8 &&
 install -d -m755 /usr/share/doc/sasl &&
@@ -146,7 +149,7 @@
 <primary sortas="f-cyrus-sasl-init">cyrus-sasl</primary>
 </indexterm>
 
-<screen><userinput><command>make install-cyrus-sasl</command></userinput></screen>
+<screen><userinput role='root'><command>make install-cyrus-sasl</command></userinput></screen>
 
 <note><para>You'll need to modify the init script and replace the 
 <parameter><replaceable>[authmech]</replaceable></parameter> parameter to the 

Modified: trunk/BOOK/postlfs/security/gnupg.xml
===================================================================
--- trunk/BOOK/postlfs/security/gnupg.xml	2005-01-27 02:31:07 UTC (rev 3343)
+++ trunk/BOOK/postlfs/security/gnupg.xml	2005-01-27 03:26:52 UTC (rev 3344)
@@ -53,7 +53,8 @@
 
 <sect3><title><application>GnuPG</application> dependencies</title>
 <sect4><title>Optional</title>
-<para><xref linkend="openldap"/>, <ulink url="../server/mail.html">MTA</ulink>, 
+<para><xref linkend="openldap"/>, 
+<ulink url="../server/mail.html">MTA</ulink>, 
 <xref linkend="docbook-utils"/> and <ulink 
 url="http://www.oasis-open.org/docbook/tools/dtm/">docbook-to-man</ulink>
 </para></sect4>
@@ -68,8 +69,11 @@
 commands:</para>
 
 <screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/lib &&
-make &&
-make install &&
+make</command></userinput></screen>
+
+<para>Now, as the root user:</para>
+
+<screen><userinput role='root'><command>make install &&
 chmod 4755 /usr/bin/gpg</command></userinput></screen>
 
 </sect2>
@@ -95,7 +99,7 @@
 <segtitle>Installed Directories</segtitle>
 <seglistitem>
 <seg>gpg, gpgsplit and gpgv</seg>
-<seg>/usr/lib/gunpg and /usr/share/gnupg</seg>
+<seg>/usr/lib/gnupg and /usr/share/gnupg</seg>
 </seglistitem>
 </segmentedlist>
 

Modified: trunk/BOOK/postlfs/security/mitkrb.xml
===================================================================
--- trunk/BOOK/postlfs/security/mitkrb.xml	2005-01-27 02:31:07 UTC (rev 3343)
+++ trunk/BOOK/postlfs/security/mitkrb.xml	2005-01-27 03:26:52 UTC (rev 3344)
@@ -102,7 +102,7 @@
 running the following commands as root:
 </para>
 
-<screen><userinput><command>make install &&
+<screen><userinput role='root'><command>make install &&
 mv /bin/login /bin/login.shadow &&
 cp /usr/sbin/login.krb5 /bin/login &&
 mv /usr/bin/ksu /bin &&
@@ -178,7 +178,7 @@
 Create the Kerberos configuration file with the following command:
 </para>
 
-<screen><userinput><command>cat > /etc/krb5.conf << "EOF"</command>
+<screen><userinput role='root'><command>cat > /etc/krb5.conf << "EOF"</command>
 # Begin /etc/krb5.conf
 
 [libdefaults]
@@ -234,14 +234,14 @@
 Create the <acronym>KDC</acronym> database:
 </para>
 
-<screen><userinput><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen>
+<screen><userinput role='root'><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen>
 
 <para>
 Now you should populate the database with principles (users). For now,
 just use your regular login name or root. 
 </para>
 
-<screen><userinput><command>kadmin.local</command></userinput>
+<screen><userinput role='root'><command>kadmin.local</command></userinput>
 <prompt>kadmin:</prompt><userinput><command>addprinc <replaceable>[loginname]</replaceable></command></userinput></screen>
 
 <para>
@@ -249,14 +249,14 @@
 server daemons must have a host key installed:
 </para>
 
-<screen><prompt>kadmin:</prompt><userinput><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
+<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
 
 <para>
 After choosing the defaults when prompted, you will have to export the
 data to a keytab file:
 </para>
 
-<screen><prompt>kadmin:</prompt><userinput><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
+<screen><prompt>kadmin:</prompt><userinput role='root'><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
 
 <para>
 This should have created a file in <filename class="directory">/etc</filename> 
@@ -271,8 +271,8 @@
 created the host principles. Below is an example:
 </para>
 
-<screen><prompt>kadmin:</prompt><userinput><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput>
-<prompt>kadmin:</prompt><userinput><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
+<screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput>
+<prompt>kadmin:</prompt><userinput role='root'><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen>
 
 <para>
 Exit the <command>kadmin</command> program (use <command>quit</command>
@@ -281,7 +281,7 @@
 installation:
 </para>
 
-<screen><userinput><command>/usr/sbin/krb5kdc &</command></userinput></screen>
+<screen><userinput role='root'><command>/usr/sbin/krb5kdc &</command></userinput></screen>
 
 <para>
 Attempt to get a ticket with the following command:
@@ -324,7 +324,7 @@
 included in the <xref linkend="intro-important-bootscripts"/> package.
 </para>
 
-<screen><userinput><command>make install-kerberos</command></userinput></screen>
+<screen><userinput role='root'><command>make install-kerberos</command></userinput></screen>
 
 </sect4>
 

Modified: trunk/BOOK/postlfs/security/stunnel.xml
===================================================================
--- trunk/BOOK/postlfs/security/stunnel.xml	2005-01-27 02:31:07 UTC (rev 3343)
+++ trunk/BOOK/postlfs/security/stunnel.xml	2005-01-27 03:26:52 UTC (rev 3344)
@@ -67,9 +67,9 @@
 <para>The <command>stunnel</command> daemon will be run in a 
 <command>chroot</command> jail by an unprivileged user. Create the new user, 
 group and <command>chroot</command> home directory structure using the 
-following commands:</para>
+following commands as the root user:</para>
 
-<screen><userinput><command>groupadd stunnel &&
+<screen><userinput role='root'><command>groupadd stunnel &&
 useradd -c "Stunnel Daemon" -d /var/lib/stunnel \
         -g stunnel -s /bin/false stunnel &&
 install -d -m 700 -o stunnel -g stunnel /var/lib/stunnel/run</command></userinput></screen>
@@ -93,9 +93,12 @@
 
 <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \
     --localstatedir=/var/lib/stunnel &&
-make &&
-make install</command></userinput></screen>
+make</command></userinput></screen>
 
+<para>Now, as the root user:</para>
+
+<screen><userinput role='root'><command>make install</command></userinput></screen>
+
 </sect2>
 
 <sect2>
@@ -137,7 +140,7 @@
 <para>Create a basic <filename>/etc/stunnel/stunnel.conf</filename> 
 configuration file using the following commands:</para>
 
-<screen><userinput><command>cat >/etc/stunnel/stunnel.conf << "EOF"</command>
+<screen><userinput role='root'><command>cat >/etc/stunnel/stunnel.conf << "EOF"</command>
 # File: /etc/stunnel/stunnel.conf
 
 pid = /run/stunnel.pid
@@ -151,7 +154,7 @@
 <para>Next, you need to add the service you wish to encrypt to the 
 configuration file. The format is as follows:</para> 
 
-<screen><userinput>[<replaceable>[service]</replaceable>]
+<screen><userinput role='root'>[<replaceable>[service]</replaceable>]
 accept  = <replaceable>[hostname:portnumber]</replaceable>
 connect = <replaceable>[hostname:portnumber]</replaceable></userinput></screen>
 
@@ -175,7 +178,7 @@
 <indexterm zone="stunnel stunnel.init">
 <primary sortas="f-stunnel.init">stunnel</primary></indexterm>
 
-<screen><userinput><command>make install-stunnel</command></userinput></screen>
+<screen><userinput role='root'><command>make install-stunnel</command></userinput></screen>
 </sect3>
 
 </sect2>

Modified: trunk/BOOK/postlfs/security/tripwire.xml
===================================================================
--- trunk/BOOK/postlfs/security/tripwire.xml	2005-01-27 02:31:07 UTC (rev 3343)
+++ trunk/BOOK/postlfs/security/tripwire.xml	2005-01-27 03:26:52 UTC (rev 3344)
@@ -18,6 +18,9 @@
 </sect1info>
 <?dbhtml filename="tripwire.html"?>
 <title>Tripwire-&tripwire-version;</title>
+<indexterm zone="tripwire-portable">
+<primary sortas="a-Tripwire">Tripwire</primary>
+</indexterm>
 
 <sect2>
 <title>Introduction to <application>Tripwire</application></title>
@@ -40,7 +43,8 @@
 
 <sect3><title><application>Tripwire</application> dependencies</title>
 <sect4><title>Optional</title>
-<para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para></sect4>
+<para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para>
+</sect4>
 </sect3>
 
 </sect2>
@@ -53,8 +57,11 @@
 
 <screen><userinput><command>sed -i -e 's at TWDB="${prefix}@TWDB="/var@' install/install.cfg &&
 ./configure --prefix=/usr --sysconfdir=/etc/tripwire &&
-make &&
-make install &&
+make</command></userinput></screen>
+
+<para>Now, as the root user:</para>
+
+<screen><userinput role='root'><command>make install &&
 cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen>
 
 <para>The default configuration is to use a local <acronym>MTA</acronym>. If 
@@ -85,8 +92,11 @@
 <sect2>
 <title>Configuring <application>Tripwire</application></title>
 
-<sect3><title>Config files</title>
+<sect3 id="tripwire-config"><title>Config files</title>
 <para><filename>/etc/tripwire/*</filename></para>
+<indexterm zone="tripwire-portable tripwire-config">
+<primary sortas="e-etc-tripwire">/etc/tripwire/*</primary>
+</indexterm>
 </sect3>
 
 <sect3><title>Configuration Information</title>
@@ -119,7 +129,7 @@
 <filename class="directory">/etc/tripwire/</filename> you may begin the 
 configuration steps:</para>
 
-<screen><userinput><command>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
+<screen><userinput role='root'><command>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
     /etc/tripwire/twpol.txt &&
 tripwire --init</command></userinput></screen>
 
@@ -129,7 +139,7 @@
 <para>To use <application>Tripwire</application> after creating a policy file 
 to run a report, use the following command:</para>
 
-<screen><userinput><command>tripwire --check > /etc/tripwire/report.txt</command></userinput></screen>
+<screen><userinput role='root'><command>tripwire --check > /etc/tripwire/report.txt</command></userinput></screen>
 
 <para>View the output to check the integrity of your files. An automatic
 integrity report can be produced by using a cron facility to schedule
@@ -148,7 +158,7 @@
 system. Then, type in the following command making the appropriate 
 substitutions for <replaceable>[?]</replaceable>:</para>
 
-<screen><userinput><command>tripwire --update -twrfile \
+<screen><userinput role='root'><command>tripwire --update -twrfile \
     /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen>
 
 <para>You will be placed into <application>vim</application> with a copy of 
@@ -165,9 +175,8 @@
 use a new one, modify the policy file and then execute the following
 commands:</para>
 
-<screen><userinput><command>twadmin --create-polfile /etc/tripwire/twpol.txt &&
+<screen><userinput role='root'><command>twadmin --create-polfile /etc/tripwire/twpol.txt &&
 tripwire --init</command></userinput></screen>
-
 </sect3>
 
 </sect2>
@@ -176,8 +185,10 @@
 <title>Contents</title>
 <segmentedlist>
   <segtitle>Installed Programs</segtitle>
+  <segtitle>Installed Directories</segtitle>
   <seglistitem>
     <seg>siggen, tripwire, twadmin and twprint.</seg>
+    <seg>/etc/tripwire, /usr/share/doc/tripwire and /var/lib/tripwire</seg>
   </seglistitem>
 </segmentedlist>
 
@@ -189,19 +200,30 @@
     <term><command>siggen</command></term>
     <listitem><para>is a signature gathering utility that displays 
       the hash function values for the specified files.</para>
+    <indexterm zone="tripwire-portable siggen">
+      <primary sortas="b-siggen">siggen</primary>
+    </indexterm>
     </listitem>
   </varlistentry>
 
   <varlistentry id='tripwire'>
     <term><command>tripwire</command></term> 
-    <listitem><para>is the main file integrity checking program.</para></listitem>
+    <listitem><para>is the main file integrity checking program.</para>
+    <indexterm zone="tripwire-portable tripwire">
+      <primary sortas="b-tripwire">tripwire</primary>
+    </indexterm>
+    </listitem>
   </varlistentry>
 
   <varlistentry id='twadmin'>
     <term><command>twadmin</command></term>
     <listitem><para>administrative and utility tool used to perform 
       certain administrative functions related to 
-      <application>Tripwire</application> files and configuration options.</para>
+      <application>Tripwire</application> files and configuration 
+        options.</para>
+    <indexterm zone="tripwire-portable twadmin">
+      <primary sortas="b-twadmin">twadmin</primary>
+    </indexterm>
     </listitem>
   </varlistentry>
 
@@ -209,6 +231,9 @@
     <term><command>twprint</command></term>
     <listitem><para>prints <application>Tripwire</application> 
       database and report files in clear text format.</para>
+    <indexterm zone="tripwire-portable twprint">
+      <primary sortas="b-twprint">twprint</primary>
+    </indexterm>
     </listitem>
   </varlistentry>
 </variablelist>




More information about the blfs-book mailing list