summaryrefslogtreecommitdiffstats
path: root/share
diff options
context:
space:
mode:
authordannyboy <dannyboy@FreeBSD.org>2004-05-18 17:50:08 +0000
committerdannyboy <dannyboy@FreeBSD.org>2004-05-18 17:50:08 +0000
commit569bfe2ef081e9c509b0d6ec3c530ac17fede525 (patch)
treedd4073eb627a3b1db6ae1b5c3cd32dfadda0bb5f /share
parent014551a39fadb5a57908960ce0a0c8b9dc2deec6 (diff)
downloadFreeBSD-src-569bfe2ef081e9c509b0d6ec3c530ac17fede525.zip
FreeBSD-src-569bfe2ef081e9c509b0d6ec3c530ac17fede525.tar.gz
Effect the correct use of "affect".
Use em dashes instead of " - ". Use .Em instead of *emphasis*. Note that securing root indirectly (by securing staff accounts) works only if direct root access has been limited. [1] s/hacker/attacker, as done in the handbook. (inspired by [1]) PR: 52878 [1] Submitted by: Brian Minard <bminard@flatfoot.ca> [1]
Diffstat (limited to 'share')
-rw-r--r--share/man/man7/security.755
1 files changed, 29 insertions, 26 deletions
diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index 3c1ad0e..cb21256 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -24,7 +24,7 @@ with the human necessity for convenience.
.Ux
systems,
in general, are capable of running a huge number of simultaneous processes
-and many of these processes operate as servers - meaning that external entities
+and many of these processes operate as servers \(em meaning that external entities
can connect and talk to them. As yesterday's mini-computers and mainframes
become today's desktops, and as computers become networked and internetworked,
security becomes an ever bigger issue.
@@ -40,9 +40,9 @@ flags
(see
.Xr chflags 1 )
on every system binary because while this may temporarily protect the
-binaries, it prevents a hacker who has broken in from making an
+binaries, it prevents an attacker who has broken in from making an
easily detectable change that may result in your security mechanisms not
-detecting the hacker at all.
+detecting the attacker at all.
.Pp
System security also pertains to dealing with various forms of attack,
including attacks that attempt to crash or otherwise make a system unusable
@@ -103,10 +103,10 @@ program that allows the attacker to break root once he has broken into a
user's account. If an attacker has found a way to break root on a machine,
the attacker may not have a need to install a backdoor.
Many of the root holes found and closed to date involve a considerable amount
-of work by the hacker to cleanup after himself, so most hackers do install
-backdoors. This gives you a convenient way to detect the hacker. Making
-it impossible for a hacker to install a backdoor may actually be detrimental
-to your security because it will not close off the hole the hacker found to
+of work by the attacker to cleanup after himself, so most attackers do install
+backdoors. This gives you a convenient way to detect the attacker. Making
+it impossible for an attacker to install a backdoor may actually be detrimental
+to your security because it will not close off the hole the attacker found to
break in the first place.
.Pp
Security remedies should always be implemented with a multi-layered
@@ -116,7 +116,7 @@ approach and can be categorized as follows:
.It
Securing root and staff accounts
.It
-Securing root - root-run servers and suid/sgid binaries
+Securing root \(em root-run servers and suid/sgid binaries
.It
Securing user accounts
.It
@@ -145,7 +145,7 @@ in the
file
so that direct root logins via telnet or rlogin are disallowed. If using
other login services such as sshd, make sure that direct root logins are
-disabled there as well. Consider every access method - services such as
+disabled there as well. Consider every access method \(em services such as
ftp often fall through the cracks. Direct root logins should only be allowed
via the system console.
.Pp
@@ -180,8 +180,9 @@ option.
An indirect way to secure the root account is to secure your staff accounts
by using an alternative login access method and *'ing out the crypted password
for the staff accounts. This way an intruder may be able to steal the password
-file but will not be able to break into any staff accounts (or, indirectly,
-root, even if root has a crypted password associated with it). Staff members
+file but will not be able to break into any staff accounts or root, even if
+root has a crypted password associated with it (assuming, of course, that
+you've limited root access to the console). Staff members
get into their staff accounts through a secure login mechanism such as
.Xr kerberos 1
or
@@ -218,7 +219,7 @@ servers.
.Pp
Using something like kerberos also gives you the ability to disable or
change the password for a staff account in one place and have it immediately
-effect all the machines the staff member may have an account on. If a staff
+affect all the machines the staff member may have an account on. If a staff
member's account gets compromised, the ability to instantly change his
password on all machines should not be underrated. With discrete passwords,
changing a password on N machines can be a mess. You can also impose
@@ -226,7 +227,7 @@ re-passwording restrictions with kerberos: not only can a kerberos ticket
be made to timeout after a while, but the kerberos system can require that
the user choose a new password after a certain period of time
(say, once a month).
-.Sh SECURING ROOT - ROOT-RUN SERVERS AND SUID/SGID BINARIES
+.Sh SECURING ROOT \(em ROOT-RUN SERVERS AND SUID/SGID BINARIES
The prudent sysadmin only runs the servers he needs to, no more, no less. Be
aware that third party servers are often the most bug-prone. For example,
running an old version of imapd or popper is like giving a universal root
@@ -352,7 +353,7 @@ will be enforced. You must also ensure
that the
.Sq schg
flag is set on critical startup binaries, directories, and
-script files - everything that gets run up to the point where the securelevel
+script files \(em everything that gets run up to the point where the securelevel
is set. This might be overdoing it, and upgrading the system is much more
difficult when you operate at a higher secure level. You may compromise and
run the system at a higher secure level but not set the schg flag for every
@@ -366,7 +367,7 @@ configuration and control files so much before the convenience factor
rears its ugly head. For example, using chflags to set the schg bit
on most of the files in / and /usr is probably counterproductive because
while it may protect the files, it also closes a detection window. The
-last layer of your security onion is perhaps the most important - detection.
+last layer of your security onion is perhaps the most important \(em detection.
The rest of your security is pretty much useless (or, worse, presents you with
a false sense of safety) if you cannot detect potential incursions. Half
the job of the onion is to slow down the attacker rather than stop him
@@ -378,13 +379,13 @@ unexpected files. The best
way to look for modified files is from another (often centralized)
limited-access system.
Writing your security scripts on the extra-secure limited-access system
-makes them mostly invisible to potential hackers, and this is important.
+makes them mostly invisible to potential attackers, and this is important.
In order to take maximum advantage you generally have to give the
limited-access box significant access to the other machines in the business,
usually either by doing a read-only NFS export of the other machines to the
limited-access box, or by setting up ssh keypairs to allow the limit-access
box to ssh to the other machines. Except for its network traffic, NFS is
-the least visible method - allowing you to monitor the file systems on each
+the least visible method \(em allowing you to monitor the file systems on each
client box virtually undetected. If your
limited-access server is connected to the client boxes through a switch,
the NFS method is often the better choice. If your limited-access server
@@ -453,7 +454,7 @@ actually broken into a system, assuming the file is still intact after
the break-in occurs.
.Pp
Finally, security scripts should process the log files and the logs themselves
-should be generated in as secure a manner as possible - remote syslog can be
+should be generated in as secure a manner as possible \(em remote syslog can be
very useful. An intruder tries to cover his tracks, and log files are critical
to the sysadmin trying to track down the time and method of the initial
break-in. One way to keep a permanent record of the log files is to run
@@ -461,12 +462,12 @@ the system console to a serial port and collect the information on a
continuing basis through a secure machine monitoring the consoles.
.Sh PARANOIA
A little paranoia never hurts. As a rule, a sysadmin can add any number
-of security features as long as they do not effect convenience, and
-can add security features that do effect convenience with some added
+of security features as long as they do not affect convenience, and
+can add security features that do affect convenience with some added
thought. Even more importantly, a security administrator should mix it up
-a bit - if you use recommendations such as those given by this manual
+a bit \(em if you use recommendations such as those given by this manual
page verbatim, you give away your methodologies to the prospective
-hacker who also has access to this manual page.
+attacker who also has access to this manual page.
.Sh SPECIAL SECTION ON D.O.S. ATTACKS
This section covers Denial of Service attacks. A DOS attack is typically
a packet attack. While there isn't much you can do about modern spoofed
@@ -541,7 +542,9 @@ saturation attacks from outside your LAN, not so much to protect internal
services from network-based root compromise. Always configure an exclusive
firewall, i.e.\&
.So
-firewall everything *except* ports A, B, C, D, and M-Z
+firewall everything
+.Em except
+ports A, B, C, D, and M-Z
.Sc .
This
way you can firewall off all of your low ports except for certain specific
@@ -550,7 +553,7 @@ services such as named
ntalkd, sendmail,
and other internet-accessible services.
If you try to configure the firewall the other
-way - as an inclusive or permissive firewall, there is a good chance that you
+way \(em as an inclusive or permissive firewall, there is a good chance that you
will forget to
.Sq close
a couple of services or that you will add a new internal
@@ -569,7 +572,7 @@ block everything under 4000 off in my firewall
(except for certain specific
internet-accessible ports, of course).
.Pp
-Another common DOS attack is called a springboard attack - to attack a server
+Another common DOS attack is called a springboard attack \(em to attack a server
in a manner that causes the server to generate responses which then overload
the server, the local network, or some other machine. The most common attack
of this nature is the ICMP PING BROADCAST attack. The attacker spoofs ping
@@ -633,7 +636,7 @@ What this means is that if you have a secure workstation holding
keys that give you access to the rest of the system, and you ssh to an
unsecure machine, your keys become exposed. The actual keys themselves are
not exposed, but ssh installs a forwarding port for the duration of your
-login and if a hacker has broken root on the unsecure machine he can utilize
+login and if an attacker has broken root on the unsecure machine he can utilize
that port to use your keys to gain access to any other machine that your
keys unlock.
.Pp
OpenPOWER on IntegriCloud