summaryrefslogtreecommitdiffstats
path: root/slackbook/html/security.html
diff options
context:
space:
mode:
Diffstat (limited to 'slackbook/html/security.html')
-rw-r--r--slackbook/html/security.html218
1 files changed, 0 insertions, 218 deletions
diff --git a/slackbook/html/security.html b/slackbook/html/security.html
deleted file mode 100644
index 34249a8b..00000000
--- a/slackbook/html/security.html
+++ /dev/null
@@ -1,218 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="generator" content="HTML Tidy, see www.w3.org" />
-<title>Security</title>
-<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
-<link rel="HOME" title="Slackware Linux Essentials" href="index.html" />
-<link rel="PREVIOUS" title="Talking to Other People"
-href="basic-network-commands-talk.html" />
-<link rel="NEXT" title="Host Access Control" href="security-host.html" />
-<link rel="STYLESHEET" type="text/css" href="docbook.css" />
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-</head>
-<body class="CHAPTER" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
-alink="#0000FF">
-<div class="NAVHEADER">
-<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<th colspan="3" align="center">Slackware Linux Essentials</th>
-</tr>
-
-<tr>
-<td width="10%" align="left" valign="bottom"><a href="basic-network-commands-talk.html"
-accesskey="P">Prev</a></td>
-<td width="80%" align="center" valign="bottom"></td>
-<td width="10%" align="right" valign="bottom"><a href="security-host.html"
-accesskey="N">Next</a></td>
-</tr>
-</table>
-
-<hr align="LEFT" width="100%" />
-</div>
-
-<div class="CHAPTER">
-<h1><a id="SECURITY" name="SECURITY"></a>Chapter 14 Security</h1>
-
-<div class="TOC">
-<dl>
-<dt><b>Table of Contents</b></dt>
-
-<dt>14.1 <a href="security.html#SECURITY-DISABLE">Disabling Services</a></dt>
-
-<dt>14.2 <a href="security-host.html">Host Access Control</a></dt>
-
-<dt>14.3 <a href="security-current.html">Keeping Current</a></dt>
-</dl>
-</div>
-
-<p>Security on any system is important; it can prevent people launching attacks from your
-machine, as well as protect sensitive data. This chapter is all about how to start
-securing your Slackware box against script kiddies, crackers and rogue hamsters alike.
-Bear in mind that this is only the start of securing a system; security is a process, not
-a state.</p>
-
-<div class="SECT1">
-<h1 class="SECT1"><a id="SECURITY-DISABLE" name="SECURITY-DISABLE">14.1 Disabling
-Services</a></h1>
-
-<p>The first step after installing Slackware should be to disable any services you don't
-need. Any services could potentially pose a security risk, so it is important to run as
-few services as possible (i.e. only those that are needed). Services are started from two
-main places - <tt class="COMMAND">inetd</tt> and init scripts.</p>
-
-<div class="SECT2">
-<h2 class="SECT2"><a id="AEN5081" name="AEN5081">14.1.1 Services started from <tt
-class="COMMAND">inetd</tt></a></h2>
-
-<p>A lot of the daemons that come with Slackware are run from <tt
-class="COMMAND">inetd</tt>(8). <tt class="COMMAND">inetd</tt> is a daemon that listens on
-all of the ports used by services configured to be started by it and spawns an instance
-of the relevant daemon when a connection attempt is made. Daemons started from <tt
-class="COMMAND">inetd</tt> can be disabled by commenting out the relevant lines in <tt
-class="FILENAME">/etc/inetd.conf</tt>. To do this, open this file in your favorite editor
-(e.g. <tt class="COMMAND">vi</tt>) and you should see lines similar to this:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
-</pre>
-</td>
-</tr>
-</table>
-
-<p>You can disable this service, and any others you don't need, by commenting them out
-(i.e. adding a <var class="LITERAL">#</var> (hash) symbol to the beginning of the line).
-The above line would then become:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
-</pre>
-</td>
-</tr>
-</table>
-
-<p>After <tt class="COMMAND">inetd</tt> has been restarted, this service will be
-disabled. You can restart <tt class="COMMAND">inetd</tt> with the command:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd
-class="USERINPUT">kill -HUP $(cat /var/run/inetd.pid)</kbd>
-</pre>
-</td>
-</tr>
-</table>
-</div>
-
-<div class="SECT2">
-<h2 class="SECT2"><a id="AEN5102" name="AEN5102">14.1.2 Services started from init
-scripts</a></h2>
-
-<p>The rest of the services started when the machine starts are started from the init
-scripts in <tt class="FILENAME">/etc/rc.d/</tt>. These can be disabled in two different
-ways, the first being to remove the execute permissions on the relevant init script and
-the second being to comment out the relevant lines in the init scripts.</p>
-
-<p>For example, SSH is started by its own init script at <tt
-class="FILENAME">/etc/rc.d/rc.sshd</tt>. You can disable this using:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">chmod -x /etc/rc.d/rc.sshd</kbd>
-</pre>
-</td>
-</tr>
-</table>
-
-<p>For services that don't have their own init script, you will need to comment out the
-relevant lines in the init scripts to disable them. For example, the portmap daemon is
-started by the following lines in <tt class="FILENAME">/etc/rc.d/rc.inet2</tt>:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-# This must be running in order to mount NFS volumes.
-# Start the RPC portmapper:
-if [ -x /sbin/rpc.portmap ]; then
- echo "Starting RPC portmapper: /sbin/rpc.portmap"
- /sbin/rpc.portmap
-fi
-# Done starting the RPC portmapper.
-</pre>
-</td>
-</tr>
-</table>
-
-<p>This can be disabled by adding <var class="LITERAL">#</var> symbols to the beginnings
-of the lines that don't already start with them, like so:</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="PROGRAMLISTING">
-# This must be running in order to mount NFS volumes.
-# Start the RPC portmapper:
-#if [ -x /sbin/rpc.portmap ]; then
-# echo "Starting RPC portmapper: /sbin/rpc.portmap"
-# /sbin/rpc.portmap
-#fi
-# Done starting the RPC portmapper.
-</pre>
-</td>
-</tr>
-</table>
-
-<p>These changes will only take effect after either a reboot or changing from and back to
-runlevel 3 or 4. You can do this by typing the following on the console (you will need to
-log in again after changing to runlevel 1):</p>
-
-<table border="0" bgcolor="#E0E0E0" width="100%">
-<tr>
-<td>
-<pre class="SCREEN">
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">telinit 1</kbd>
-<samp class="PROMPT">#</samp> <kbd class="USERINPUT">telinit 3</kbd>
-</pre>
-</td>
-</tr>
-</table>
-</div>
-</div>
-</div>
-
-<div class="NAVFOOTER">
-<hr align="LEFT" width="100%" />
-<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
-cellspacing="0">
-<tr>
-<td width="33%" align="left" valign="top"><a href="basic-network-commands-talk.html"
-accesskey="P">Prev</a></td>
-<td width="34%" align="center" valign="top"><a href="index.html"
-accesskey="H">Home</a></td>
-<td width="33%" align="right" valign="top"><a href="security-host.html"
-accesskey="N">Next</a></td>
-</tr>
-
-<tr>
-<td width="33%" align="left" valign="top">Talking to Other People</td>
-<td width="34%" align="center" valign="top">&nbsp;</td>
-<td width="33%" align="right" valign="top">Host Access Control</td>
-</tr>
-</table>
-</div>
-</body>
-</html>
-