Site Navigation

Date:      Wed, 30 Jan 2008 22:40:23 GMT
From:      Gabor Pali <pgj@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 134491 for review
Message-ID:  <200801302240.m0UMeN76017464@repoman.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

http://perforce.freebsd.org/chv.cgi?CH=134491

Change 134491 by pgj@disznohal on 2008/01/30 22:39:35

	Add initial Hungarian translation of Chapter 14: Security.

Affected files ...

.. //depot/projects/docproj_hu/books/handbook/security/chapter.sgml#4 edit

Differences ...

==== //depot/projects/docproj_hu/books/handbook/security/chapter.sgml#4 (text+ko) ====

@@ -4,962 +4,1525 @@
      $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.316 2007/10/23 07:03:34 dougb Exp $
 -->
 
-<chapter id="security">
+<!-- The FreeBSD Hungarian Documentation Project
+     Translated by: PALI, Gabor <pgj@FreeBSD.org>
+     Original Revision: 1.316                     -->
+
+<chapter id="security" lang="hu">
   <chapterinfo>
     <authorgroup>
       <author>
 	<firstname>Matthew</firstname>
 	<surname>Dillon</surname>
-	<contrib>Much of this chapter has been taken from the
-	security(7) manual page by </contrib>
+	<contrib>A fejezet legnagyobb r&eacute;sz&eacute;t a security(7)
+	  man oldal alapj&aacute;n &iacute;rta: </contrib>
       </author>
     </authorgroup>
   </chapterinfo>
 
-  <title>Security</title>
-  <indexterm><primary>security</primary></indexterm>
+  <title>Biztons&aacute;g</title>
+  <indexterm><primary>biztons&aacute;g</primary></indexterm>
 
   <sect1 id="security-synopsis">
-    <title>Synopsis</title>
+    <title>&Aacute;ttekint&eacute;s</title>
 
-    <para>This chapter will provide a basic introduction to system security
-      concepts, some general good rules of thumb, and some advanced topics
-      under &os;.  A lot of the topics covered here can be applied
-      to system and Internet security in general as well.  The Internet
-      is no longer a <quote>friendly</quote> place in which everyone
-      wants to be your kind neighbor.  Securing your system is imperative
-      to protect your data, intellectual property, time, and much more
-      from the hands of hackers and the like.</para>
+    <para>Ez a fejezet egy alapvet&#245; bevezet&eacute;st ad a
+      rendszerek biztons&aacute;gi fogalmaiba, n&eacute;h&aacute;ny
+      &aacute;ltal&aacute;nos j&oacute;tan&aacute;csot &eacute;s
+      n&eacute;h&aacute;ny komolyabb t&eacute;m&aacute;t &os; alatt.  Az
+      itt megfogalmazott t&eacute;m&aacute;k nagy r&eacute;sze
+      egyar&aacute;nt r&aacute;h&uacute;zhat&oacute; rendszer&uuml;nk
+      &eacute;s &aacute;ltal&aacute;noss&aacute;gban v&eacute;ve az
+      internetes biztons&aacute;gra is.  A internet m&aacute;r nem az
+      <quote>b&eacute;k&eacute;s</quote> hely, ahol mindenki a kedves
+      szomsz&eacute;d szerep&eacute;t j&aacute;tssza.  A
+      rendszer&uuml;nk bebiztos&iacute;t&aacute;sa elker&uuml;lhetetlen
+      az adataink, szellemi tulajdonunk, id&#245;nk &eacute;s m&eacute;g
+      sok minden m&aacute;s megv&eacute;d&eacute;s&eacute;re az
+      internetes bandit&aacute;k &eacute;s hasonl&oacute;k ellen.</para>
 
-    <para>&os; provides an array of utilities and mechanisms to ensure
-      the integrity and security of your system and network.</para>
+    <para>A &os; seg&eacute;dprogramok &eacute;s mechanizmusok
+      sor&aacute;t k&iacute;n&aacute;lja fel a rendszer&uuml;nk &eacute;s
+      h&aacute;l&oacute;zatunk s&eacute;rtetlens&eacute;g&eacute;nek
+      &eacute;s biztons&aacute;g&aacute;nak
+      fenntart&aacute;s&aacute;ra.</para>
 
-    <para>After reading this chapter, you will know:</para>
+    <para>A fejezet elolvas&aacute;sa sor&aacute;n
+      megismerj&uuml;k:</para>
 
     <itemizedlist>
       <listitem>
-	<para>Basic system security concepts, in respect to &os;.</para>
+	<para>az alapvet&#245; rendszerbiztons&aacute;gi fogalmakat,
+	  k&uuml;l&ouml;n&ouml;s tekintettel a &os;-re</para>
       </listitem>
 
       <listitem>
-	<para>About the various crypt mechanisms available in &os;,
-	  such as <acronym>DES</acronym> and <acronym>MD5</acronym>.</para>
+	<para>milyen olyan k&uuml;l&ouml;nb&ouml;z&#245;
+	  titkos&iacute;t&aacute;si mechanizmusok &eacute;rthet&#245;ek el
+	  a &os;-ben, mint p&eacute;ld&aacute;ul a
+	  <acronym>DES</acronym> &eacute;s az
+	  <acronym>MD5</acronym></para>
       </listitem>
 
       <listitem>
-	<para>How to set up one-time password authentication.</para>
+	<para>hogyan &aacute;ll&iacute;tsunk be egyszeri jelszavas
+	  azonos&iacute;t&aacute;st</para>
       </listitem>
 
       <listitem>
-	<para>How to configure <acronym>TCP</acronym> Wrappers for use
-	  with <command>inetd</command>.</para>
+	<para>hogyan burkoljunk az <command>inetd</command>
+	  seg&iacute;ts&eacute;g&eacute;vel <acronym>TCP</acronym>
+	  kapcsolatokat</para>
       </listitem>
 
       <listitem>
-	<para>How to set up <application>KerberosIV</application> on &os;
-	  releases prior to 5.0.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be a
+	  <application>KerberosIV</application>-t a &os; 5.0-n&aacute;l
+	  kor&aacute;bbi v&aacute;ltozatain</para>
       </listitem>
 
       <listitem>
-	<para>How to set up <application>Kerberos5</application> on
-	  &os;.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be a
+	  <application>Kerberos5</application>-t a &os;-n</para>
       </listitem>
 
       <listitem>
-	<para>How to configure IPsec and create a <acronym>VPN</acronym> between
-	&os;/&windows; machines.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be az IPsec-et &eacute;s
+	  hozzunk l&eacute;tre <acronym>VPN</acronym>-t &os;/&windows;
+	  g&eacute;pek k&ouml;z&ouml;tt</para>
       </listitem>
-     
+
       <listitem>
-	<para>How to configure and use <application>OpenSSH</application>, &os;'s <acronym>SSH</acronym>
-	  implementation.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be &eacute;s
+	  haszn&aacute;ljuk az <application>OpenSSH</application>-t, a
+	  &os; <acronym>SSH</acronym>
+	  implement&aacute;ci&oacute;j&aacute;t</para>
       </listitem>
 
       <listitem>
-	<para>What file system <acronym>ACL</acronym>s are and how to use them.</para>
+	<para>mik azok az <acronym>ACL</acronym>-ek az
+	  &aacute;llom&aacute;nyrendszerben &eacute;s mik&eacute;nt kell
+	  &#245;ket haszn&aacute;lni</para>
       </listitem>
 
       <listitem>
-	<para>How to use the <application>Portaudit</application>
-	  utility to audit third party software packages installed
-	  from the Ports Collection.</para>
+	<para>hogyan kell haszn&aacute;lni a
+	  <application>Portaudit</application> seg&eacute;dprogramot a
+	  Portgy&#251;jtem&eacute;nyb&#245;l telep&iacute;tett
+	  k&uuml;ls&#245;s szoftvercsomagok
+	  biztons&aacute;goss&aacute;g&aacute;nak
+	  ellen&#245;rz&eacute;s&eacute;re</para>
       </listitem>
 
       <listitem>
-	<para>How to utilize the &os; security advisories
-	  publications.</para>
+	<para>hogyan hasznos&iacute;tsuk a &os; biztons&aacute;gi
+	  tan&aacute;csait tartalmaz&oacute;
+	  le&iacute;r&aacute;sokat</para>
       </listitem>
 
       <listitem>
-	<para>Have an idea of what Process Accounting is and how to
-	  enable it on &os;.</para>
+	<para>mit jelent a fut&oacute; programok
+	  nyilv&aacute;ntart&aacute;sa &eacute;s hogyan
+	  enged&eacute;lyezz&uuml;k azt &os;-n</para>
       </listitem>
     </itemizedlist>
 
-    <para>Before reading this chapter, you should:</para>
+    <para>A fejezet elolvas&aacute;s&aacute;hoz aj&aacute;nlott:</para>
 
     <itemizedlist>
       <listitem>
-	<para>Understand basic &os; and Internet concepts.</para>
+	<para>az alapvet&#245; &os; &eacute;s internetes fogalmak
+	  ismerete</para>
       </listitem>
     </itemizedlist>
 
-    <para>Additional security topics are covered throughout this book.
-      For example, Mandatory Access Control is discussed in <xref
-      linkend="mac"> and Internet Firewalls are discussed in <xref
-      linkend="firewalls">.</para>
+    <para>A k&ouml;nyvben tov&aacute;bbi biztons&aacute;gi
+      t&eacute;m&aacute;kr&oacute;l is sz&oacute; esik,
+      p&eacute;ld&aacute;ul a <xref linkend="mac">ben a
+      K&ouml;telez&#245;
+      hozz&aacute;f&eacute;r&eacute;svez&eacute;rl&eacute;sr&#245;l
+      (MAC) &eacute;s a <xref linkend="firewalls">ben pedig az
+      internetes t&#251;zfalakr&oacute;l.</para>
+
   </sect1>
 
   <sect1 id="security-intro">
-    <title>Introduction</title>
+    <title>Bevezet&eacute;s</title>
 
-    <para>Security is a function that begins and ends with the system
-      administrator.  While all BSD &unix; multi-user systems have some
-      inherent security, the job of building and maintaining additional
-      security mechanisms to keep those users <quote>honest</quote> is
-      probably one of the single largest undertakings of the sysadmin.
-      Machines are only as secure as you make them, and security concerns
-      are ever competing with the human necessity for convenience.  &unix;
-      systems, in general, are capable of running a huge number of
-      simultaneous processes and many of these processes operate as
-      servers &mdash; meaning that external entities can connect and talk
-      to them.  As yesterday's mini-computers and mainframes become
-      today's desktops, and as computers become networked and
-      inter-networked, security becomes an even bigger issue.</para>
+    <para>A biztons&aacute;g egy olyan funkci&oacute;, ami a
+      rendszergazd&aacute;t&oacute;l indul &eacute;s n&aacute;la is
+      v&eacute;gz&#245;dik.  M&iacute;g az &ouml;sszes
+      t&ouml;bbfelhaszn&aacute;l&oacute;s BSD &unix; rendszer
+      &ouml;nmag&aacute;ban is valamennyire biztons&aacute;gos, a
+      felhaszn&aacute;l&oacute;k
+      <quote>fegyelmez&eacute;s&eacute;hez</quote> sz&uuml;ks&eacute;g
+      tov&aacute;bbi biztons&aacute;gi mechanizmusok
+      ki&eacute;p&iacute;t&eacute;se &eacute;s karbantart&aacute;sa
+      minden bizonnyal egy rendszergazda egyik legnagyobb
+      k&ouml;teless&eacute;ge.  A
+      sz&aacute;m&iacute;t&oacute;g&eacute;pek csak annyira
+      biztons&aacute;gosak, mint amennyire be&aacute;ll&iacute;tjuk
+      &#245;ket, &eacute;s a biztons&aacute;gi megfontol&aacute;sok
+      &aacute;lland&oacute; versenyben vannak az emberi
+      k&eacute;nyelemmel.  A &unix; rendszerek
+      &aacute;ltal&aacute;noss&aacute;gban v&eacute;ve
+      &oacute;r&aacute;si mennyis&eacute;g&#251; program
+      p&aacute;rhuzamos futtat&aacute;s&aacute;ra k&eacute;pesek, melyek
+      t&ouml;bbs&eacute;ge kiszolg&aacute;l&oacute;k&eacute;nt fut
+      &mdash; ami azt jelenti, hogy hozz&aacute;juk
+      k&iacute;v&uuml;lr&#245;l &eacute;rkez&#245; egyedek
+      csatlakozhatnak &eacute;s t&aacute;rsaloghatnak vel&uuml;k.  Ahogy
+      a tegnap kicsi &eacute;s nagy
+      sz&aacute;m&iacute;t&oacute;g&eacute;pei napjaink asztali
+      g&eacute;peiv&eacute; v&aacute;ltak &eacute;s ahogy a
+      sz&aacute;m&iacute;t&oacute;g&eacute;pek egyre t&ouml;bben
+      csatlakoznak h&aacute;l&oacute;zatra &eacute;s internetre, a
+      biztons&aacute;g fontoss&aacute;ga is egyre jobban
+      n&ouml;vekszik.</para>
 
-    <para>System security also pertains to dealing with various forms of
-      attack, including attacks that attempt to crash, or otherwise make a
-      system unusable, but do not attempt to compromise the
-      <username>root</username> account (<quote>break root</quote>).
-      Security concerns
-      can be split up into several categories:</para>
+    <para>A rendszerek biztons&aacute;ga a t&aacute;mad&aacute;sok
+      k&uuml;l&ouml;nb&ouml;z&#245; form&aacute;ival is foglalkozik,
+      t&ouml;bbek k&ouml;zt olyan t&aacute;mad&aacute;sokkal, amelyek a
+      rendszer &ouml;sszeoml&aacute;s&aacute;t vagy
+      haszn&aacute;lhatatlans&aacute;g&aacute;t c&eacute;lozz&aacute;k
+      meg, de nem pr&oacute;b&aacute;lj&aacute;k meg vesz&eacute;lybe
+      sodorni a <username>root</username> felhaszn&aacute;l&oacute;
+      hozz&aacute;f&eacute;r&eacute;s&eacute;t (<quote>felt&ouml;rni a
+      g&eacute;pet</quote>).  A biztons&aacute;ggal kapcsolatos
+      probl&eacute;m&aacute;k t&ouml;bb kateg&oacute;ri&aacute;ra
+      oszthat&oacute;ak:</para>
 
     <orderedlist>
       <listitem>
-	<para>Denial of service attacks.</para>
+	<para>A szolg&aacute;ltat&aacute;sok
+	  m&#251;k&ouml;d&eacute;sk&eacute;ptelenn&eacute;
+	  t&eacute;tel&eacute;re ir&aacute;nyul&oacute; (DoS)
+	  t&aacute;mad&aacute;sok.</para>
       </listitem>
 
       <listitem>
-	<para>User account compromises.</para>
+	<para>A felhaszn&aacute;l&oacute;k
+	  hozz&aacute;f&eacute;r&eacute;s&eacute;nek
+	  vesz&eacute;lyeztet&eacute;se.</para>
       </listitem>
 
       <listitem>
-	<para>Root compromise through accessible servers.</para>
+	<para>Rendszergazdai jogok megszerz&eacute;se a k&ouml;zeli
+	  szervereken kereszt&uuml;l.</para>
       </listitem>
 
       <listitem>
-	<para>Root compromise via user accounts.</para>
+	<para>Rendszergazdai jogok megszerz&eacute;se a
+	  felhaszn&aacute;l&oacute;i hozz&aacute;f&eacute;r&eacute;seken
+	  kereszt&uuml;l.</para>
       </listitem>
 
       <listitem>
-	<para>Backdoor creation.</para>
+	<para>Kiskapuk l&eacute;trehoz&aacute;sa a rendszerben.</para>
       </listitem>
     </orderedlist>
 
     <indexterm>
-      <primary>DoS attacks</primary>
+      <primary>DoS t&aacute;mad&aacute;s</primary>
       <see>Denial of Service (DoS)</see>
     </indexterm>
     <indexterm>
-      <primary>security</primary>
-      <secondary>DoS attacks</secondary>
+      <primary>biztons&aacute;g</primary>
+      <secondary>DoS t&aacute;mad&aacute;s</secondary>
       <see>Denial of Service (DoS)</see>
     </indexterm>
     <indexterm><primary>Denial of Service (DoS)</primary></indexterm>
 
-    <para>A denial of service attack is an action that deprives the
-      machine of needed resources.  Typically, DoS attacks are
-      brute-force mechanisms that attempt to crash or otherwise make a
-      machine unusable by overwhelming its servers or network stack.  Some
-      DoS attacks try to take advantage of bugs in the networking
-      stack to crash a machine with a single packet.  The latter can only
-      be fixed by applying a bug fix to the kernel.  Attacks on servers
-      can often be fixed by properly specifying options to limit the load
-      the servers incur on the system under adverse conditions.
-      Brute-force network attacks are harder to deal with.  A
-      spoofed-packet attack, for example, is nearly impossible to stop,
-      short of cutting your system off from the Internet.  It may not be
-      able to take your machine down, but it can saturate your
-      Internet connection.</para>
+    <para>A szolg&aacute;ltat&aacute;sok
+      m&#251;k&ouml;d&eacute;sk&eacute;ptelenn&eacute;
+      t&eacute;tel&eacute;re ir&aacute;nyul&oacute;
+      t&aacute;mad&aacute;sok olyan tev&eacute;kenys&eacute;gre utalnak,
+      amelyek k&eacute;pesek megfosztani egy
+      sz&aacute;m&iacute;t&oacute;g&eacute;pet az
+      er&#245;forr&aacute;sait&oacute;l.  A DoS t&aacute;mad&aacute;sok
+      t&ouml;bbnyire nyers er&#245;vel kivitelezett technik&aacute;k,
+      melyek vagy a rendszer &ouml;sszeomlaszt&aacute;s&aacute;t vagy
+      pedig a haszn&aacute;lhatatlann&aacute; t&eacute;tel&eacute;t
+      veszik c&eacute;lba &uacute;gy, hogy t&uacute;lterhelik az
+      &aacute;ltala felk&iacute;n&aacute;lt
+      szolg&aacute;ltat&aacute;sokat vagy a h&aacute;l&oacute;zati
+      alrendszert.  Egyes DoS t&aacute;mad&aacute;sok a
+      h&aacute;l&oacute;zati alrendszerben rejt&#245;z&#245;
+      hib&aacute;kat igyekeznek kihaszn&aacute;lni, amivel ak&aacute;r
+      egyetlen csomaggal is k&eacute;pesek romba d&ouml;nteni egy
+      sz&aacute;m&iacute;t&oacute;g&eacute;pet.  Ez ut&oacute;bbit csak
+      &uacute;gy lehet orvosolni, ha a hib&aacute;t kijav&iacute;tjuk a
+      rendszermagban.  A szerverekre m&eacute;rt csap&aacute;sokat
+      gyakran ki lehet v&eacute;deni a param&eacute;tereik &uuml;gyes
+      be&aacute;ll&iacute;t&aacute;s&aacute;val, melyek
+      seg&iacute;ts&eacute;g&eacute;vel korl&aacute;tozni tudjuk az
+      &#245;ket &eacute;rt terhel&eacute;st egy kellemetlenebb
+      helyezetben.  A nyers er&#245;t alkalmaz&oacute;
+      h&aacute;l&oacute;zati t&aacute;mad&aacute;sokkal a legnehezebb
+      szemben&eacute;zni.  P&eacute;ld&aacute;ul az
+      &aacute;lc&aacute;zott t&aacute;madad&aacute;sok, melyeket szinte
+      lehetetlen meg&aacute;ll&iacute;tani, remek eszk&ouml;zei
+      g&eacute;p&uuml;nk elv&aacute;g&aacute;s&aacute;nak az
+      internett&#245;l.  Ezzel nem csak a g&eacute;p&uuml;nket
+      iktatj&aacute;k ki, hanem az internet csatlakoz&aacute;sunkat is
+      eldug&iacute;tj&aacute;k.</para>
 
     <indexterm>
-      <primary>security</primary>
-      <secondary>account compromises</secondary>
+      <primary>biztons&aacute;g</primary>
+      <secondary>a hozz&aacute;f&eacute;r&eacute;sek
+	megszerz&eacute;se</secondary>
     </indexterm>
 
-    <para>A user account compromise is even more common than a DoS
-      attack.  Many sysadmins still run standard 
-      <application>telnetd</application>, <application>rlogind</application>,
-      <application>rshd</application>,
-      and <application>ftpd</application> servers on their machines.
-      These servers, by default, do
-      not operate over encrypted connections.  The result is that if you
-      have any moderate-sized user base, one or more of your users logging
-      into your system from a remote location (which is the most common
-      and convenient way to login to a system) will have his or her
-      password sniffed.  The attentive system admin will analyze his
-      remote access logs looking for suspicious source addresses even for
-      successful logins.</para>
+    <para>A DoS t&aacute;mad&aacute;sokn&aacute;l m&eacute;g gyakrabban
+      el&#245;fordulnak a felhaszn&aacute;l&oacute;i
+      hozz&aacute;f&eacute;r&eacute;sek felt&ouml;r&eacute;sei.  A
+      rendszergazd&aacute;k t&ouml;bbs&eacute;ge m&eacute;g mindig
+      futtat <application>telnetd</application>,
+      <application>rlogin</application>, <application>rshd</application>
+      &eacute;s <application>ftpd</application> szervereket a
+      g&eacute;p&eacute;n.  Ezek a szerverek
+      alap&eacute;rtelmez&eacute;s szerint nem titkos&iacute;tott
+      kapcsolaton kereszt&uuml;l m&#251;k&ouml;dnek.  Ebb&#245;l
+      k&ouml;vetkezik, hogy ha nincsen annyira sok
+      felhaszn&aacute;l&oacute;nk &eacute;s k&ouml;z&uuml;l&uuml;k
+      n&eacute;h&aacute;nyan t&aacute;voli helyekr&#245;l jelentkeznek
+      be (ami az egyik leggyakoribb &eacute;s legk&eacute;nyelmesebb
+      m&oacute;dja a bejelentkez&eacute;snek), akkor el&#245;fordulhat,
+      hogy valami megneszeli a jelszavaikat.  A
+      k&ouml;r&uuml;ltekint&#245; rendszergazd&aacute;k mindig
+      ellen&#245;rzik a bejelentkez&eacute;seket tartalmaz&oacute;
+      napl&oacute;kat &eacute;s igyekeznek kisz&#251;rni a gyan&uacute;s
+      c&iacute;meket m&eacute;g abban az esetben is, amikor a
+      bejelentkez&eacute;s sikeres volt.</para>
 
-    <para>One must always assume that once an attacker has access to a
-      user account, the attacker can break <username>root</username>.
-      However, the reality is that in a well secured and maintained system,
-      access to a user account does not necessarily give the attacker
-      access to <username>root</username>.  The distinction is important
-      because without access to <username>root</username> the attacker
-      cannot generally hide his tracks and may, at best, be able to do
-      nothing more than mess with the user's files, or crash the machine.
-      User account compromises are very common because users tend not to
-      take the precautions that sysadmins take.</para>
+    <para>Mindig arra kell gondolni, hogy ha a t&aacute;mad&oacute;nak
+      siker&uuml;lt megszerezni az egyik felhaszn&aacute;l&oacute;
+      hozz&aacute;f&eacute;r&eacute;s&eacute;t, akkor ak&aacute;r
+      k&eacute;pes lehet a <username>root</username>
+      felhaszn&aacute;l&oacute; fi&oacute;kj&aacute;nak
+      felt&ouml;r&eacute;s&eacute;re is.  Azonban a
+      val&oacute;s&aacute;gban egy j&oacute;l &#245;rz&ouml;tt &eacute;s
+      karbantarott rendszer eset&eacute;n a felhaszn&aacute;l&oacute;i
+      hozz&aacute;f&eacute;r&eacute;sek megszerz&eacute;se nem
+      felt&eacute;tlen&uuml;l adja a t&aacute;mad&oacute; kez&eacute;re
+      a <username>root</username>
+      hozz&aacute;f&eacute;r&eacute;s&eacute;t.  Ebben fontos
+      k&uuml;l&ouml;nbs&eacute;get tenni, hiszen a
+      <username>root</username> felhaszn&aacute;l&oacute; jogai
+      n&eacute;lk&uuml;l a t&aacute;mad&oacute; nem k&eacute;pes
+      elrejteni a nyomait &eacute;s legjobb esetben sem tud t&ouml;bbet
+      tenni, mint t&ouml;nkretenni az adott felhaszn&aacute;l&oacute;
+      &aacute;llom&aacute;nyait vagy &ouml;sszeomlasztani a rendszert.
+      A felhaszn&aacute;l&oacute;i hozz&aacute;f&eacute;r&eacute;sek
+      felt&ouml;r&eacute;se nagyon gyakran megt&ouml;rt&eacute;nik,
+      mivel a felhaszn&aacute;l&oacute;k messze nem annyira
+      el&#245;vigy&aacute;zatosak, mint egy rendszergazda.</para>
 
     <indexterm>
-      <primary>security</primary>
-      <secondary>backdoors</secondary>
+      <primary>biztons&aacute;g</primary>
+      <secondary>kiskapuk</secondary>
     </indexterm>
 
-    <para>System administrators must keep in mind that there are
-      potentially many ways to break <username>root</username> on a machine.
-      The attacker may know the <username>root</username> password,
-      the attacker may find a bug in a root-run server and be able
-      to break <username>root</username> over a network
-      connection to that server, or the attacker may know of a bug in
-      a suid-root program that allows the attacker to break
-      <username>root</username> once he has broken into a user's account.
-      If an attacker has found a way to break <username>root</username>
-      on a machine, the attacker may not have a need
-      to install a backdoor.  Many of the <username>root</username> holes
-      found and closed to date involve a considerable amount of work
-      by the attacker to cleanup after himself, so most attackers install
-      backdoors.  A backdoor provides the attacker with a way to easily
-      regain <username>root</username> access to the system, but it
-      also gives the smart system administrator a convenient way
-      to detect the intrusion.
-      Making it impossible for an attacker to install a backdoor may
-      actually be detrimental to your security, because it will not
-      close off the hole the attacker found to break in the first
-      place.</para>
+    <para>A rendszergazd&aacute;knak mindig &eacute;szben kell tartani,
+      hogy egy sz&aacute;m&iacute;t&oacute;g&eacute;pen t&ouml;bb
+      m&oacute;don is meg lehet szerezni a <username>root</username>
+      felhaszn&aacute;l&oacute;
+      hozz&aacute;f&eacute;r&eacute;s&eacute;t.  A t&aacute;mad&oacute;
+      megtudhatja a <username>root</username> jelszav&aacute;t,
+      hib&aacute;t fedezhet fel az egyik rendszergazdai
+      jogosults&aacute;ggal fut&oacute; szerverben &eacute;s
+      k&eacute;pes felt&ouml;rni a <username>root</username>
+      hozz&aacute;f&eacute;r&eacute;st egy h&aacute;l&oacute;zati
+      kapcsolaton kereszt&uuml;l, vagy a t&aacute;mad&oacute; olyan
+      programban tal&aacute;l hib&aacute;t, aminek
+      seg&iacute;ts&eacute;g&eacute;vel el tudja &eacute;rni a
+      <username>root</username> fi&oacute;kj&aacute;t egy
+      felhaszn&aacute;l&oacute;i hozz&aacute;f&eacute;r&eacute;sen
+      kereszt&uuml;l.  Miut&aacute;n a t&aacute;mad&oacute;
+      megtal&aacute;lta a rendszergazdai jogok
+      megszerz&eacute;s&eacute;nek m&oacute;dj&aacute;t, nem
+      felt&eacute;tlen&uuml;l kell kiskapukat elhelyeznie a rendszerbe.
+      Az eddig tal&aacute;lt &eacute;s lez&aacute;rt rendszergazdai
+      jogokat eredm&eacute;nyez&#245; biztons&aacute;gi r&eacute;sek egy
+      r&eacute;sze viszont akkora mennyis&eacute;g&#251; munk&aacute;t
+      jelenten&eacute;nek a t&aacute;mad&oacute;nak elt&uuml;ntetni maga
+      ut&aacute;n a nyomokat, hogy kiskapukat is telep&iacute;tenek.
+      Egy ilyen kiskapu seg&iacute;ts&eacute;g&eacute;vel a
+      t&aacute;mad&oacute; ism&eacute;t k&ouml;nnyed&eacute;n
+      hozz&aacute;juthat a <username>root</username>
+      felhaszn&aacute;l&oacute;
+      hozz&aacute;f&eacute;r&eacute;s&eacute;hez a rendszerben, de ezen
+      kereszt&uuml;l egy okos rendszergazda k&eacute;pes a
+      behatol&oacute;t leleplezni.  A kiskapuk lerak&aacute;s&aacute;nak
+      megakad&aacute;lyoz&aacute;sa val&oacute;j&aacute;ban k&aacute;ros
+      a biztons&aacute;g szempontj&aacute;b&oacute;l n&eacute;zve, mert
+      ezzel nem sz&uuml;ntetj&uuml;k meg azokat a lyukakat, amin
+      kereszt&uuml;l a t&aacute;mad&oacute; el&#245;sz&ouml;r
+      bejutott.</para>
 
+    <para>A t&aacute;mad&aacute;sok elleni v&eacute;delmet mindig
+      t&ouml;bb vonalban kell megval&oacute;s&iacute;tani, melyeket
+      &iacute;gy oszthatunk fel:</para>
 
-    <para>Security remedies should always be implemented with a
-      multi-layered <quote>onion peel</quote> approach and can be
-      categorized as follows:</para>
-
     <orderedlist>
       <listitem>
-	<para>Securing <username>root</username> and staff accounts.</para>
+	<para>A rendszergazda &eacute;s a szem&eacute;lyzet
+	  hozz&aacute;f&eacute;r&eacute;s&eacute;nek
+	  v&eacute;delme.</para>
       </listitem>
 
       <listitem>
-	<para>Securing <username>root</username>&ndash;run servers
-	  and suid/sgid binaries.</para>
+	<para>A rendszergazdai jogokkal fut&oacute; szerverek &eacute;s
+	  suid/sgid enged&eacute;lyekkel rendelkez&#245; programok
+	  v&eacute;delme.</para>
       </listitem>
 
       <listitem>
-	<para>Securing user accounts.</para>
+	<para>A felhaszn&aacute;l&oacute;i
+	  hozz&aacute;f&eacute;r&eacute;sek v&eacute;delme.</para>
       </listitem>
 
       <listitem>
-	<para>Securing the password file.</para>
+	<para>A jelszavakat t&aacute;rol&oacute; &aacute;llom&aacute;ny
+	  v&eacute;delme.</para>
       </listitem>
 
       <listitem>
-	<para>Securing the kernel core, raw devices, and
-	  file systems.</para>
+	<para>A rendszermag belsej&eacute;nek, a nyers
+	  eszk&ouml;z&ouml;k &eacute;s az &aacute;llom&aacute;nyrendszerek
+	  v&eacute;delme.</para>
       </listitem>
 
       <listitem>
-	<para>Quick detection of inappropriate changes made to the
-	  system.</para>
+	<para>A rendszert &eacute;rt szab&aacute;lytalan
+	  m&oacute;dos&iacute;t&aacute;sok gyors
+	  &eacute;szlel&eacute;se.</para>
       </listitem>
 
       <listitem>
-	<para>Paranoia.</para>
+	<para>&Aacute;lland&oacute; paranoia.</para>
       </listitem>
     </orderedlist>
 
-    <para>The next section of this chapter will cover the above bullet
-      items in greater depth.</para>
+    <para>A fejezet most k&ouml;vetkez&#245; szakasz&aacute;ban az
+      im&eacute;nt felsorolt elemeket fejtj&uuml;k ki
+      m&eacute;lyebben.</para>
+
   </sect1>
 
   <sect1 id="securing-freebsd">
-    <title>Securing &os;</title>
+    <title>A &os; v&eacute;delme</title>
     <indexterm>
-      <primary>security</primary>
-      <secondary>securing &os;</secondary>
+      <primary>biztons&aacute;g</primary>
+      <secondary>a &os; v&eacute;delme</secondary>
     </indexterm>
 
     <note>
-      <title>Command vs. Protocol</title>
-      <para>Throughout this document, we will use
-       <application>bold</application> text to refer to an
-       application, and a <command>monospaced</command> font to refer
-       to specific commands.  Protocols will use a normal font.  This
-       typographical distinction is useful for instances such as ssh,
-       since it is
-       a protocol as well as command.</para>
+      <title>Parancs kontra protokoll</title>
+
+      <para>A dokumentumban a
+	<application>f&eacute;lk&ouml;v&eacute;ren</application> fogjuk
+	szedni az alkalmaz&aacute;sokat, &eacute;s
+	<command>egyensz&eacute;less&eacute;g&#251;</command>
+	bet&#251;kkel pedig az adott parancsokra hivatkozunk.  A
+	protokollokat nem k&uuml;l&ouml;nb&ouml;ztetj&uuml;k meg.  Ez a
+	tipogr&aacute;fiai elk&uuml;l&ouml;n&iacute;t&eacute;s hasznos
+	p&eacute;ld&aacute;ul az ssh egyes vonatkoz&aacute;sainak
+	eset&eacute;n, mivel ez egyben egy protokoll &eacute;s egy
+	parancs is.</para>
     </note>
 
-    <para>The sections that follow will cover the methods of securing your
-      &os; system that were mentioned in the <link
-        linkend="security-intro">last section</link> of this chapter.</para>
+    <para>A most k&ouml;vetkez&#245; szakaszok a &os;
+      v&eacute;delm&eacute;nek azon m&oacute;dszereit ismertetik,
+      amelyekr&#245;l a fejezet <link
+      linkend="security-intro">el&#245;z&#245; szakasz&aacute;ban</link>
+      m&aacute;r &iacute;rtunk.</para>
 
     <sect2 id="securing-root-and-staff">
-      <title>Securing the <username>root</username> Account and
-	Staff Accounts</title>
+      <title>A rendszergazda &eacute;s a szem&eacute;lyzet
+	hozz&aacute;f&eacute;r&eacute;s&eacute;nek v&eacute;delme</title>
       <indexterm>
         <primary><command>su</command></primary>
       </indexterm>
 
-      <para>First off, do not bother securing staff accounts if you have
-	not secured the <username>root</username> account.
-	Most systems have a password assigned to the <username>root</username>
-	account.  The first thing you do is assume
-	that the password is <emphasis>always</emphasis> compromised.
-	This does not mean that you should remove the password.  The
-	password is almost always necessary for console access to the
-	machine.  What it does mean is that you should not make it
-	possible to use the password outside of the console or possibly
-	even with the &man.su.1; command.  For example, make sure that
-	your ptys are specified as being insecure in the
-	<filename>/etc/ttys</filename> file so that direct
-	<username>root</username> logins
-	via <command>telnet</command> or <command>rlogin</command> are
-	disallowed.  If using other login services such as
-        <application>sshd</application>, make sure that direct
-	<username>root</username> logins are disabled there as well.
-	You can do this by editing
-        your <filename>/etc/ssh/sshd_config</filename> file, and making
-        sure that <literal>PermitRootLogin</literal> is set to
-        <literal>NO</literal>.  Consider every access method &mdash;
-        services such as FTP often fall through the cracks.
-	Direct <username>root</username> logins should only be allowed
-	via the system console.</para>
+      <para>El&#245;sz&ouml;r is: ne t&ouml;rj&uuml;k magunkat a
+	szem&eacute;lyzeti hozz&aacute;f&eacute;r&eacute;sek
+	biztons&aacute;goss&aacute; t&eacute;tel&eacute;vel, ha
+	m&eacute;g a rendszergazda
+	hozz&aacute;f&eacute;r&eacute;s&eacute;t sem tett&uuml;k
+	el&eacute;gg&eacute; biztons&aacute;goss&aacute;.  A
+	legt&ouml;bb rendszerben a <username>root</username>
+	hozz&aacute;f&eacute;r&eacute;shez tartozik egy jelsz&oacute;.
+	Els&#245;k&eacute;nt fel kell tenn&uuml;nk, hogy ez a
+	jelsz&oacute; <emphasis>mindig</emphasis> megszerezhet&#245;.
+	Ez term&eacute;szetesen nem arra utal, hogy el kellene
+	t&aacute;vol&iacute;tanunk.  A jelsz&oacute; szinte mindig
+	sz&uuml;ks&eacute;ges a sz&aacute;m&iacute;t&oacute;g&eacute;p
+	konzolon kereszt&uuml;li el&eacute;r&eacute;s&eacute;hez.
+	Val&oacute;j&aacute;ban arra akar
+	r&aacute;vil&aacute;g&iacute;tani, hogy a konzolon
+	k&iacute;v&uuml;l sehol m&aacute;shol ne lehessen
+	haszn&aacute;lni ezt a jelsz&oacute;t, m&eacute;g a &man.su.1;
+	paranccsal sem.  P&eacute;ld&aacute;ul gondoskodjunk
+	r&oacute;la, hogy az <filename>/etc/ttys</filename>
+	&aacute;llom&aacute;nyban megadott
+	pszeud&oacute;termin&aacute;lokat <quote>insecure</quote> (nem
+	biztons&aacute;gos) t&iacute;pus&uacute;nak
+	&aacute;ll&iacute;tottuk be, &eacute;s &iacute;gy a
+	<command>telnet</command> vagy <command>rlogin</command>
+	parancsokon kereszt&uuml;l nem lehet rendszergazdak&eacute;nt
+	bejelentkezni.  Ha m&aacute;s szolg&aacute;ltat&aacute;son
+	kereszt&uuml;l jelentkez&uuml;nk be, p&eacute;ld&aacute;ul az
+	<application>sshd</application>
+	seg&iacute;ts&eacute;g&eacute;vel, akkor ebben az esetben is
+	gondoskodjunk r&oacute;la, hogy itt is letiltottuk a
+	k&ouml;zvetlen rendszergazdai bejelentkez&eacute;s
+	lehet&#245;s&eacute;g&eacute;t.  Ezt &uacute;gy tudjuk megtenni,
+	ha megnyitjuk az <filename>/etc/ssh/sshd_config</filename>
+	&aacute;llom&aacute;nyt &eacute;s a
+	<literal>PermitRootLogin</literal> param&eacute;ter
+	&eacute;rt&eacute;k&eacute;t &aacute;t&aacute;ll&iacute;tjuk
+	<literal>NO</literal>-ra.  Vegy&uuml;nk sz&aacute;mba minden
+	lehets&eacute;ges hozz&aacute;f&eacute;r&eacute;si m&oacute;dot
+	&mdash; az FTP &eacute;s a hozz&aacute; hasonl&oacute;
+	m&oacute;dok gyakran &aacute;tsziv&aacute;rognak a
+	reped&eacute;seken.  A rendszergazd&aacute;nak csak a
+	rendszerkonzolon kereszt&uuml;l szabad tudnia
+	bejelentkeznie.</para>
+
       <indexterm>
         <primary><groupname>wheel</groupname></primary>
       </indexterm>
 
-      <para>Of course, as a sysadmin you have to be able to get to
-	<username>root</username>, so we open up a few holes.
-	But we make sure these holes require additional password
-	verification to operate.  One way to make <username>root</username>
-	accessible is to add appropriate staff accounts to the
-	<groupname>wheel</groupname> group (in
-	<filename>/etc/group</filename>).  The staff members placed in the
-	<groupname>wheel</groupname> group are allowed to
-	<command>su</command> to <username>root</username>.
-	You should never give staff
-	members native <groupname>wheel</groupname> access by putting them in the
-	<groupname>wheel</groupname> group in their password entry.  Staff
-	accounts should be placed in a <groupname>staff</groupname> group, and
-	then added to the <groupname>wheel</groupname> group via the
-	<filename>/etc/group</filename> file.  Only those staff members
-	who actually need to have <username>root</username> access
-	should be placed in the
-	<groupname>wheel</groupname> group.  It is also possible, when using
-	an authentication method such as Kerberos, to use Kerberos'
-	<filename>.k5login</filename> file in the <username>root</username>
-	account to allow a &man.ksu.1; to <username>root</username>
-	without having to place anyone at all in the
-	<groupname>wheel</groupname> group.  This may be the better solution
-	since the <groupname>wheel</groupname> mechanism still allows an
-	intruder to break <username>root</username> if the intruder
-	has gotten hold of your
-	password file and can break into a staff account.  While having
-	the <groupname>wheel</groupname> mechanism is better than having
-	nothing at all, it is not necessarily the safest option.</para>
+      <para>Term&eacute;szetesen egy rendszergazd&aacute;nak valahogy el
+	kell &eacute;rnie a <username>root</username>
+	hozz&aacute;f&eacute;r&eacute;st, ez&eacute;rt ezzel felnyitunk
+	n&eacute;h&aacute;ny biztons&aacute;gi r&eacute;st.  De
+	gondoskodjunk r&oacute;la, hogy ezek a r&eacute;sek
+	tov&aacute;bbi jelszavakat ig&eacute;nyelnek a
+	m&#251;k&ouml;d&eacute;s&uuml;kh&ouml;z.  A
+	<username>root</username> hozz&aacute;f&eacute;r&eacute;s
+	el&eacute;r&eacute;s&eacute;hez &eacute;rdemes felvenni
+	tetsz&#245;leges szem&eacute;lyzeti (staff)
+	hozz&aacute;f&eacute;r&eacute;seket a
+	<groupname>wheel</groupname> csoportba (az
+	<filename>/etc/group</filename> &aacute;llom&aacute;nyban).  Ha
+	a szem&eacute;lyzet tagjait a <groupname>wheel</groupname>
+	csoportba rakjuk, akkor innen a <command>su</command> paranccsal
+	fel tudjuk venni a <username>root</username>
+	felhaszn&aacute;l&oacute; jogait.  A szem&eacute;lyzet tagjait
+	k&ouml;zvetlen&uuml;l sose vegy&uuml;k fel a
+	<groupname>wheel</groupname> csoportba a
+	l&eacute;trehoz&aacute;sukkor!  A szem&eacute;lyzet tagjai
+	el&#245;sz&ouml;r ker&uuml;ljenek egy
+	<groupname>staff</groupname> csoportba, &eacute;s majd csak
+	ezut&aacute;n az <filename>/etc/group</filename>
+	&aacute;llom&aacute;nyon kereszt&uuml;l a
+	<groupname>wheel</groupname> csoportba.  A szem&eacute;lyzetnek
+	csak azon tagjait tegy&uuml;k t&eacute;nylegesen a
+	<groupname>wheel</groupname> csoportba, akiknek val&oacute;ban
+	sz&uuml;ks&eacute;g&uuml;k van a <username>root</username>
+	felhaszn&aacute;l&oacute;
+	hozz&aacute;f&eacute;r&eacute;s&eacute;re.  Ha mondjuk a
+	Kerberost haszn&aacute;ljuk hiteles&iacute;t&eacute;sre, akkor
+	megcsin&aacute;lhatjuk azt is, hogy a Kerberos
+	<filename>.k5login</filename> &aacute;llom&aacute;ny&aacute;ban
+	enged&eacute;lyezz&uuml;k a &man.ksu.1; parancson kereszt&uuml;l
+	a <username>root</username> hozz&aacute;f&eacute;r&eacute;s
+	el&eacute;r&eacute;s&eacute;t a <groupname>wheel</groupname>
+	csoport alkalmaz&aacute;sa n&eacute;lk&uuml;l.  Ez a
+	megold&aacute;s tal&aacute;n m&eacute;g jobb is, mivel a
+	<groupname>wheel</groupname> haszn&aacute;lata eset&eacute;n a
+	behatol&oacute;nak m&eacute;g mindig lehet&#245;s&eacute;ge van
+	hozz&aacute;jutni a <username>root</username>
+	hozz&aacute;f&eacute;r&eacute;s&eacute;hez olyankor, amikor a
+	kez&eacute;ben van a jelszavakat t&aacute;rol&oacute;
+	&aacute;llom&aacute;ny &eacute;s meg tudja szerezni a
+	szem&eacute;lyzet valamelyik tagj&aacute;nak
+	hozz&aacute;f&eacute;r&eacute;s&eacute;t.  A
+	<groupname>wheel</groupname> csoport &aacute;ltal
+	felk&iacute;n&aacute;lt megold&aacute;s ugyan jobb, mint a
+	semmi, de k&eacute;ts&eacute;gtelen&uuml;l nem
+	legbiztons&aacute;gosabb.</para>
 
-      <!-- XXX:
-	This will need updating depending on the outcome of PR bin/71147.
-	Personally I know what I'd like to see, which puts this in definite
-	need of a rewrite, but we'll have to wait and see.  ceri@
-      -->
+      <para>A szem&eacute;lyzeti hozz&aacute;f&eacute;r&eacute;sek
+	&eacute;s ez&aacute;ltal a <username>root</username>
+	hozz&aacute;f&eacute;r&eacute;s&eacute;nek egyik k&ouml;zvetett
+	m&oacute;dja egy alternat&iacute;v bejelentkez&eacute;si
+	m&oacute;d haszn&aacute;lata, ami l&eacute;nyeg&eacute;ben a
+	szem&eacute;lyzeti hozz&aacute;f&eacute;r&eacute;sek
+	titkos&iacute;tott jelszavainak
+	<quote>kicsillagoz&aacute;s&aacute;t</quote> jelenti.  A
+	&man.vipw.8; parancs haszn&aacute;lat&aacute;val a
+	titkos&iacute;tott jelszavakat ki tudjuk cser&eacute;lni
+	egyetlen <quote><literal>*</literal></quote> karakterre.  Ez a
+	parancs a jelsz&oacute; alap&uacute; hiteles&iacute;t&eacute;sek
+	letilt&aacute;s&aacute;hoz friss&iacute;teni fogja az
+	<filename>/etc/master.passwd</filename> &aacute;llom&aacute;nyt
+	valamint a felhaszn&aacute;l&oacute;kat &eacute;s jelszavakat
+	tartalmaz&oacute; adatb&aacute;zist.</para>
 
-      <para>An indirect way to secure staff accounts, and ultimately
-        <username>root</username> access is to use an alternative
-	login access method and
-        do what is known as <quote>starring</quote> out the encrypted
-        password for the staff accounts.  Using the &man.vipw.8;
-        command, one can replace each instance of an encrypted password
-        with a single <quote><literal>*</literal></quote> character.
-	This command will update the <filename>/etc/master.passwd</filename>
-	file and user/password database to disable password-authenticated
-        logins.</para>
+      <para>A szem&eacute;lyzet egyik tagj&aacute;nak teh&aacute;t
+	&iacute;gy n&eacute;z ki a bejegyz&eacute;se:</para>
 
-      <para>A staff account entry such as:</para>
-
       <programlisting>foobar:R9DT/Fa1/LV9U:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
 
-      <para>Should be changed to this:</para>
+      <para>Amit erre cser&eacute;l&uuml;nk ki:</para>
 
       <programlisting>foobar:*:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
 
-      <para>This change will prevent normal logins from occurring,
-        since the encrypted password will never match
-        <quote><literal>*</literal></quote>.  With this done,
-	staff members must use
-        another mechanism to authenticate themselves such as
-        &man.kerberos.1; or &man.ssh.1; using a public/private key
-        pair.  When using something like Kerberos, one generally must
-        secure the machines which run the Kerberos servers and your
-        desktop workstation.  When using a public/private key pair
-        with ssh, one must generally secure
-        the machine used to login <emphasis>from</emphasis> (typically
-        one's workstation).  An additional layer of protection can be
-        added to the key pair by password protecting the key pair when
-        creating it with &man.ssh-keygen.1;.  Being able to
-        <quote>star</quote> out the passwords for staff accounts also
-        guarantees that staff members can only login through secure
-        access methods that you have set up.  This forces all staff
-        members to use secure, encrypted connections for all of their
-        sessions, which closes an important hole used by many
-        intruders: sniffing the network from an unrelated,
-        less secure machine.</para>
+      <para>Ez a v&aacute;ltoztat&aacute;s megg&aacute;tolja a
+	hagyom&aacute;nyos bejelentkez&eacute;seket, mivel a
+	titkos&iacute;tott jelsz&oacute; soha nem fog egyezni a
+	<quote><literal>*</literal></quote> karakterrel.  Ezut&aacute;n
+	a szem&eacute;lyzet tagjainak m&aacute;s m&oacute;don kell
+	azonos&iacute;taniuk magukat, p&eacute;ld&aacute;ul a
+	&man.kerberos.1; seg&iacute;ts&eacute;g&eacute;vel vagy az
+	&man.ssh.1; nyilv&aacute;nos/priv&aacute;t
+	kulcsp&aacute;rjaival.  Amikor egy Kerberoshoz hasonl&oacute;
+	rendszert haszn&aacute;lunk, akkor &aacute;ltal&aacute;ban a
+	Kerberos szervereit futtat&oacute; g&eacute;peket &eacute;s az
+	asztali munka&aacute;llom&aacute;sunkat kell v&eacute;deni.
+	Amikor az ssh-t haszn&aacute;ljuk nyilv&aacute;nos/priv&aacute;t
+	kulcsp&aacute;rokkal, &aacute;ltal&aacute;ban azt a g&eacute;pet
+	kell v&eacute;den&uuml;nk <emphasis>ahonnan</emphasis>
+	bejelentkez&uuml;nk (ez t&ouml;bbnyire egy
+	munka&aacute;llom&aacute;s).  A kulcsp&aacute;rokat bevonhatjuk
+	egy tov&aacute;bbi v&eacute;delmi r&eacute;teggel is, ha a
+	&man.ssh-keygen.1; paranccsal t&ouml;rt&eacute;n&#245;
+	l&eacute;trehoz&aacute;suk sor&aacute;n jelsz&oacute;t is
+	megadunk.  Ha <quote>kicsillagozzuk</quote> a szem&eacute;lyzet
+	tagjainak jelszavait, akkor biztosra vehetj&uuml;k, hogy
+	kiz&aacute;r&oacute;lag csak az &aacute;ltalunk
+	telep&iacute;tett biztons&aacute;gos m&oacute;dokon fognak
+	bejelentkezni.  Ennek k&ouml;sz&ouml;nhet&#245;en a
+	szem&eacute;lyzet minden tagja biztons&aacute;gos,
+	titkos&iacute;tott kapcsolatot fog haszn&aacute;lni, &eacute;s
+	ezzel elz&aacute;runk egy olyan biztons&aacute;gi r&eacute;st,
+	amit a legt&ouml;bb behatol&oacute; kihaszn&aacute;l: a
+	gyeng&eacute;bb v&eacute;delm&#251;
+	sz&aacute;m&iacute;t&oacute;g&eacute;pek fel&#245;l
+	&eacute;rkez&#245; forgalom lehallgat&aacute;s&aacute;t.</para>
+
+      <para>Egy m&eacute;g k&ouml;zvetettebb v&eacute;delmi mechanizmus
+	szerint mindig egy szigor&uacute;bb biztons&aacute;gi szint&#251;
+	g&eacute;pr&#245;l jelentkez&uuml;nk be egy
+	kev&eacute;sb&eacute; biztons&aacute;gosabb g&eacute;pre.
+	P&eacute;ld&aacute;ul ha a szerver&uuml;nk mindenf&eacute;le
+	szolg&aacute;ltat&aacute;sokat futtat, akkor a
+	munka&aacute;llom&aacute;sunknak egyetlen egyet sem lenne
+	szabad.  A munka&aacute;llom&aacute;sunk
+	biztons&aacute;goss&aacute; t&eacute;tel&eacute;hez a
+	lehet&#245; legkevesebb szolg&aacute;ltat&aacute;st szabad csak
+	futtatnunk, de ha lehet, egyet sem, &eacute;s mindig
+	jelsz&oacute;val v&eacute;dett
+	k&eacute;perny&#245;v&eacute;d&#245;t haszn&aacute;ljuk.
+	Term&eacute;szetesen ha a t&aacute;mad&oacute; k&eacute;pes
+	fizikailag hozz&aacute;f&eacute;rni a
+	munka&aacute;llom&aacute;sunkhoz, akkor szinte b&aacute;rmilyen
+	m&eacute;lys&eacute;g&#251; v&eacute;delmet k&eacute;pes
+	&aacute;tt&ouml;rni.  Ezt mindenk&eacute;ppen
+	sz&aacute;m&iacute;t&aacute;sba kell venn&uuml;nk, azonban ne
+	felejts&uuml;k el, hogy a legt&ouml;bb bet&ouml;r&eacute;si
+	k&iacute;s&eacute;rlet t&aacute;volr&oacute;l,
+	h&aacute;l&oacute;zaton kereszt&uuml;lr&#245;l &eacute;rkezik
+	olyan emberekt&#245;l, akik fizikailag nem f&eacute;rnek
+	hozz&aacute; a munka&aacute;llom&aacute;sunkhoz vagy a
+	szervereinkhez.</para>
 
-      <para>The more indirect security mechanisms also assume that you are
-	logging in from a more restrictive server to a less restrictive
-	server.  For example, if your main box is running all sorts of
-	servers, your workstation should not be running any.  In order for
-	your workstation to be reasonably secure you should run as few
-	servers as possible, up to and including no servers at all, and
-	you should run a password-protected screen blanker.  Of course,
-	given physical access to a workstation an attacker can break any
-	sort of security you put on it.  This is definitely a problem that
-	you should consider, but you should also consider the fact that the
-	vast majority of break-ins occur remotely, over a network, from
-	people who do not have physical access to your workstation or
-	servers.</para>
       <indexterm><primary>KerberosIV</primary></indexterm>
 
-      <para>Using something like Kerberos also gives you the ability to
-	disable or change the password for a staff account in one place,
-	and have it immediately affect all the machines on which the staff
-	member may have an account.  If a staff member's account gets
-	compromised, the ability to instantly change his password on all
-	machines should not be underrated.  With discrete passwords,
-	changing a password on N machines can be a mess.  You can also
-	impose re-passwording restrictions with Kerberos:  not only can a
-	Kerberos ticket be made to timeout after a while, but the Kerberos
-	system can require that the user choose a new password after a
-	certain period of time (say, once a month).</para>
+      <para>A Kerberos &eacute;s a hozz&aacute; hasonl&oacute;
+	rendszerek haszn&aacute;lat&aacute;val egyszerre tudjuk a
+	szem&eacute;lyzet tagjainak jelszav&aacute;t letiltani vagy
+	megv&aacute;ltoztatni, ami egyb&#245;l
+	&eacute;rv&eacute;nyess&eacute; v&aacute;lik minden olyan
+	g&eacute;pen, ahov&aacute; az adott felhaszn&aacute;l&oacute;nak
+	b&aacute;rmilyen hozz&aacute;f&eacute;r&eacute;se is volt.  Nem
+	szabad lebecs&uuml;ln&uuml;nk ezt a gyors
+	jelsz&oacute;v&aacute;lt&aacute;si lehet&#245;s&eacute;get abban
+	az esetben, ha a szem&eacute;lyzet valamelyik tagj&aacute;nak
+	hozz&aacute;f&eacute;r&eacute;s&eacute;t megszerezt&eacute;k.
+	Hagyom&aacute;nyos jelszavak haszn&aacute;lat&aacute;val a
+	jelszavak megv&aacute;ltoztat&aacute;sa N g&eacute;pen igazi
+	k&aacute;osz.  A Kerberosban jelsz&oacute;v&aacute;lt&aacute;si
+	megszor&iacute;t&aacute;sokat is fel&aacute;ll&iacute;thatunk:
+	nem csak a Kerberos &aacute;ltal adott jegyek j&aacute;rnak le
+	id&#245;vel, hanem a Kerberos rendszer meg is k&ouml;vetelheti a
+	felhaszn&aacute;l&oacute;kt&oacute;l, hogy egy adott id&#245;
+	(mondjuk egy h&oacute;nap) ut&aacute;n v&aacute;ltoztasson
+	jelsz&oacute;t.</para>
     </sect2>
 
     <sect2>
-      <title>Securing Root-run Servers and SUID/SGID Binaries</title>
+      <title>A rendszergazdai jogokkal fut&oacute; szerverek &eacute;s
+	SUID/SGID enged&eacute;lyekkel rendelkez&#245; programok
+	v&eacute;delme</title>
 
       <indexterm>
-        <primary><command>ntalk</command></primary>
+	<primary><command>ntalk</command></primary>
       </indexterm>
       <indexterm>
-        <primary><command>comsat</command></primary>
+	<primary><command>comsat</command></primary>
       </indexterm>
       <indexterm>
-        <primary><command>finger</command></primary>
+	<primary><command>finger</command></primary>
       </indexterm>
       <indexterm>
-        <primary>sandboxes</primary>
+	<primary>sandboxes</primary>
       </indexterm>
       <indexterm>
-        <primary><application>sshd</application></primary>
+	<primary><application>sshd</application></primary>
       </indexterm>
       <indexterm>
-        <primary><application>telnetd</application></primary>
+	<primary><application>telnetd</application></primary>
       </indexterm>
       <indexterm>
-        <primary><application>rshd</application></primary>
+	<primary><application>rshd</application></primary>
       </indexterm>
       <indexterm>
-        <primary><application>rlogind</application></primary>
+	<primary><application>rlogind</application></primary>
       </indexterm>
 
-      <para>The prudent sysadmin only runs the servers he needs to, no
-	more, no less.  Be aware that third party servers are often the
-	most bug-prone.  For example, running an old version of
-	<application>imapd</application> or
-	<application>popper</application> is like giving a universal
-	<username>root</username> ticket out to the entire world.
-	Never run a server that you have not checked out carefully.
-	Many servers do not need to be run as <username>root</username>.
-	For example, the <application>ntalk</application>,
-	<application>comsat</application>, and
-	<application>finger</application> daemons can be run in special

>>> TRUNCATED FOR MAIL (1000 lines) <<<

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801302240.m0UMeN76017464>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact