Attachment 18086 Details for Bug 29278 – Update to reflect ssl, pam, tcpd as default USE flags

[patch] Update to reflect ssl, pam, tcpd as default USE flags

gentoo-security-1.16-tcp-wrappers.diff (text/plain), 3.14 KB, created by Sune Kloppenborg Jeppesen on 2003-09-21 11:42:14 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sune Kloppenborg Jeppesen

Created: 2003-09-21 11:42:14 UTC

Size: 3.14 KB

patch

obsolete

>--- gentoo-security-1.16.xml	2003-09-21 15:13:13.000000000 +0200
>+++ gentoo-security-1.16-tcp-wrappers.xml	2003-09-21 20:11:58.000000000 +0200
>@@ -365,21 +365,13 @@
> <chapter>
> <title>Tightening the security after/during installation</title>
> <section>
>-<title>/etc/make.conf</title>
>+<title>USE flags</title>
> <body>
> 
> 
>-The make.conf file contains all the options and extra libraries that you want to have support for when building ebuilds. In this file you must make sure that if the ebuild supports any security library like PAM (Pluggable Authentication Modules), tcp wrappers or SSL (Secure Socket Layer) it will add support for it. Your global USE variable should contain pam, tcpd and ssl.
>+The <path>make.conf</path> file contains user defined USE flags and <path>/etc/make.profile/make.defaults</path> contains the default USE flags for Gentoo Linux. For this guide the important flags are pam (Pluggable Authentication Modules), tcp (TCP wrappers) and ssl (Secure Socket Layer). These are all in the default USE flags.
> 
> 
>-
>-So add something like this:
>-
>-
>-<pre caption="USE settings to be added">
>-USE="tcpd pam ssl"
>-</pre>
>-
> </body>
> </section>
> 
>@@ -854,7 +846,7 @@
> </pre>
> 
> 
>-Here we set the default settings and a specific setting for the user <e>kn</e>. Limits are part of the shadow package and only applies for the shadow login program. It is not necessary to set any limitations in this file, if you have set the PAM setting in your make.conf and configured PAM properly.
>+Here we set the default settings and a specific setting for the user <e>kn</e>. Limits are part of the shadow package and only applies for the shadow login program. It is not necessary to set any limitations in this file, if you have did not disable pam in your <path>make.conf</path> and configured PAM properly.
> 
> 
> </body>
>@@ -1095,7 +1087,6 @@
> 
> PAM is a suite of shared libraries that provide an alternative way of making authentication in programs. The PAM settings of Gentoo Linux is pretty reasonable, but there is always room for improvement.
> 
>-<note>This chapter will have no effect if you did not include the PAM in your USE option in <path>/etc/make.conf</path></note>
> 
> Install cracklib
> 
>@@ -1152,7 +1143,7 @@
> 
> Is a way of controlling access to services normally run by inetd (which Gentoo does not have) but it can also be used by xinetd and other services.
> 
>-<note>The use in make.conf should contain tcpd and the service should be executing tcpd in its server argument (in xinetd). See the chapter on xinetd for more information</note>
>+<note>The service should be executing tcpd in its server argument (in xinetd). See the chapter on xinetd for more information</note>
> 
> <pre caption="/etc/hosts.deny">
> ALL:PARANOID
>@@ -1819,7 +1810,7 @@
> 
> 
> 
>-If you have added ssl to your <path>/etc/make.conf</path> before installing apache, you should have access to a ssl enabled server. Just add the following line to enable it.
>+If you did not disable ssl in your <path>/etc/make.conf</path> before installing apache, you should have access to a ssl enabled server. Just add the following line to enable it.
> 
> 
> <pre caption="/etc/conf.d/apache">

Actions: View | Diff

Attachments on bug 29278: 18084 | 18085 | 18086 | 18087 | 18088 | 18119 | 18120