Date: Fri, 18 Apr 2014 19:42:58 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44606 - head/en_US.ISO8859-1/books/handbook/security Message-ID: <201404181942.s3IJgwdB016828@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Fri Apr 18 19:42:57 2014 New Revision: 44606 URL: http://svnweb.freebsd.org/changeset/doc/44606 Log: Fix some redundancy and title capitalization in Security chapter. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 17:35:05 2014 (r44605) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Apr 18 19:42:57 2014 (r44606) @@ -242,8 +242,8 @@ and even lock users into running only single, privileged commands such as &man.service.8;</para> - <para>After installation, edit the - <filename>/usr/local/etc/sudoers</filename> file by using + <para>After installation, edit + <filename>/usr/local/etc/sudoers</filename> using the <command>visudo</command> interface. In this example, a new webadmin group will be added, the user <systemitem class="username">trhodes</systemitem> to that group, and @@ -322,9 +322,8 @@ also enforce mixed characters. In particular the &man.pam.passwdqc.8; will be discussed.</para> - <para>To proceed, open the - <filename>/etc/pam.d/passwd</filename> file and add the - following line to the file.</para> + <para>To proceed, add the following line to + <filename>/etc/pam.d/passwd</filename>:</para> <programlisting>password requisite pam_passwdqc.so min=disabled,disabled,disabled,12,10 similar=deny retry=3 enforce=users</programlisting> @@ -408,18 +407,18 @@ Enter new password:</programlisting> <para>A backdoor or rootkit software does do one thing useful for administrators - once detected, it is a sign that a compromise happened at some point. But normally these types - types of applications are hidden very well. Tools do exist + of applications are hidden very well. Tools do exist to detect backdoors and rootkits, one of them is <package>security/rkhunter</package>.</para> - <para>After installation the system may be checked using the - following command which will produce a lot of - information:</para> + <para>After installation, the system may be checked using the + following command. It will produce a lot of + information and will require some manual + pressing of the <keycap>ENTER</keycap> key:</para> <screen>&prompt.root; <userinput>rkhunter -c</userinput></screen> - <para>After the process complete, which will require some manual - pressing of the <keycap>ENTER</keycap> key, a status message + <para>After the process completes, a status message will be printed to the screen. This message will include the amount of files checked, suspect files, possible rootkits, and more. During the check, some generic security warnings may @@ -477,8 +476,8 @@ Enter new password:</programlisting> <screen>&prompt.root; mtree: /bin checksum: 3427012225</screen> - <para>Viewing the <filename>bin_cksum_mtree</filename> file - should yield output similar to the following as well:</para> + <para>Viewing <filename>bin_cksum_mtree</filename> + should yield output similar to the following:</para> <programlisting># user: root # machine: dreadnaught @@ -518,8 +517,8 @@ Enter new password:</programlisting> was originally ran. Since no changes occurred in the time these commands were ran, the <filename>bin_chksum_output</filename> output will be empty. - To simulate a change, change the date on the - <filename>/bin/cat</filename> file using &man.touch.1; and run + To simulate a change, change the date on + <filename>/bin/cat</filename> using &man.touch.1; and run the verification command again:</para> <screen>&prompt.root; <userinput>touch /bin/cat</userinput></screen> @@ -1264,7 +1263,7 @@ Aug 27 15:37:58 Aug 28 01:37:58 krbtgt </sect2> <sect2> - <title>Configuring a Server to use + <title>Configuring a Server to Use <application>Kerberos</application></title> <indexterm> @@ -1356,7 +1355,7 @@ kadmin><userinput> exit</userinput></ </sect2> <sect2> - <title>Configuring a Client to use + <title>Configuring a Client to Use <application>Kerberos</application></title> <indexterm> @@ -2899,7 +2898,7 @@ user@unfirewalled-system.example.org's p </note> <tip> - <para>Don't confuse <filename>/etc/ssh/sshd_config</filename> + <para>Do not confuse <filename>/etc/ssh/sshd_config</filename> with <filename>/etc/ssh/ssh_config</filename> (note the extra <literal>d</literal> in the first filename). The first file configures the server and the second file
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404181942.s3IJgwdB016828>