| /trunk/blfs/postlfs/postlfs.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/config/autofs.xml |
|---|
| 0,0 → 1,242 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY autofs-download-http "http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-&autofs-version;.tar.bz2"> |
| <!ENTITY autofs-download-ftp "ftp://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-&autofs-version;.tar.bz2"> |
| <!ENTITY autofs-md5sum "f43a09e94c4bd512ec58ac06e9d42c60"> |
| <!ENTITY autofs-size "122 KB"> |
| <!ENTITY autofs-buildsize "1.4 MB"> |
| <!ENTITY autofs-time "0.01 SBU"> |
| ]> |
| <sect1 id="autofs" xreflabel="autofs-&autofs-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:36 $</date> |
| </sect1info> |
| <?dbhtml filename="autofs.html"?> |
| <title>Automate Mounting of File Systems</title> |
| <indexterm zone="autofs"> |
| <primary sortas="a-Autofs">Autofs</primary></indexterm> |
| <sect2> |
| <title>Introduction to <application>autofs</application></title> |
| <para>The <application>autofs</application> package contains userspace |
| tools that work with the kernel to mount and un-mount removable file |
| systems. This is useful for allowing users to mount floppies, cdroms and |
| other removable storage devices without requiring the system |
| administrator to mount the devices. This may not be ideal for all |
| installations, so be aware of the risks before implementing this feature.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing="compact"> |
| <listitem><para>Download (HTTP): |
| <ulink url="&autofs-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): |
| <ulink url="&autofs-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &autofs-md5sum;</para></listitem> |
| <listitem><para>Download size: &autofs-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &autofs-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &autofs-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional downloads</title> |
| <itemizedlist spacing="compact"> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-strict.patch"/></para> |
| </listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-bad_chdir.patch |
| "/></para> |
| </listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-mtab_lock.patch |
| "/></para> |
| </listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-non_block_ping.patch |
| "/></para> |
| </listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-signal-race-fix.patch |
| "/></para> |
| </listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-sock-leak-fix.patch |
| "/></para> |
| </listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-replicated_server_select.patch |
| "/></para> |
| </listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3-multi-over.patch |
| "/></para> |
| </listitem> |
| </itemizedlist> |
| </sect3> |
| <!--- |
| <sect3><title><application>template</application> dependencies</title> |
| <sect4><title>Required</title> |
| <para><xref linkend="BLFS DEPENDENCY"/></para> |
| </sect4> |
| <sect4><title>Optional</title> |
| <para><ulink url="http://www.some.url/">EXTERNAL DEPENDENCY</ulink></para> |
| </sect4> |
| </sect3> --> |
| </sect2> |
| <sect2 id="autofs-kernel"> |
| <title>Installation of <application>autofs</application></title> |
| <indexterm zone="autofs autofs-kernel"> |
| <primary sortas="d-Automounter">Automounter</primary></indexterm> |
| <para>Verify that kernel support has been compiled in or built as |
| modules in the following areas: |
| <screen>File systems |
| Kernel automounter version 4 support Y or M |
| Network File Systems |
| NFS file system support Y or M |
| SMB file system support Y or M</screen> |
| Recompile and install the new kernel, if necessary.</para> |
| <para>Install <application>autofs</application> by running the following |
| commands:</para> |
| <screen><userinput><command>patch -Np1 -i ../autofs-4.1.3-strict.patch && |
| patch -Np1 -i ../autofs-4.1.3-bad_chdir.patch && |
| patch -Np1 -i ../autofs-4.1.3-mtab_lock.patch && |
| patch -Np1 -i ../autofs-4.1.3-non_block_ping.patch && |
| patch -Np1 -i ../autofs-4.1.3-signal-race-fix.patch && |
| patch -Np1 -i ../autofs-4.1.3-sock-leak-fix.patch && |
| patch -Np1 -i ../autofs-4.1.3-replicated_server_select.patch && |
| patch -Np1 -i ../autofs-4.1.3-multi-over.patch && |
| ./configure --prefix=/ --mandir=/usr/share/man && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| rm /etc/rc.d/init.d/autofs</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><command>rm /etc/rc.d/init.d/autofs</command>: This command |
| removes the installed script which only works on specific distributions.</para> |
| </sect2> |
| <sect2> |
| <title>Configuring <application>autofs</application></title> |
| <sect3 id="autofs-config"><title>Config files</title> |
| <para><filename>/etc/sysconfig/autofs.conf</filename>, |
| <filename>/etc/auto.master</filename>, |
| <filename>/etc/auto.misc</filename>, and |
| <filename>/etc/auto.net</filename></para> |
| <indexterm zone="autofs autofs-config" > |
| <primary |
| sortas="e-etc-sysconfig-autofs.conf">/etc/sysconfig/autofs.conf</primary> |
| </indexterm> |
| <indexterm zone="autofs autofs-config"> |
| <primary sortas="e-etc-auto.master">/etc/auto.master</primary></indexterm> |
| <indexterm zone="autofs autofs-config"> |
| <primary sortas="e-etc-auto.misc">/etc/auto.misc</primary></indexterm> |
| <indexterm zone="autofs autofs-config"> |
| <primary sortas="e-etc-auto.net">/etc/auto.net</primary></indexterm> |
| </sect3> |
| <sect3><title>Configuration Information</title> |
| <para>The installation process creates <filename>auto.master</filename>, |
| <filename>auto.misc</filename> and <filename>auto.net</filename>. You |
| will replace the <filename>auto.master</filename> with the following |
| commands. |
| <screen><userinput role='root'><command>mv /etc/auto.master /etc/auto.master.bak && |
| cat > /etc/auto.master << "EOF"</command> |
| # Begin /etc/auto.master |
| /media /etc/auto.misc |
| # End /etc/auto.master |
| <command>EOF</command></userinput></screen></para> |
| <note><para>This file mounts a new media directory over the one created by |
| <acronym>LFS</acronym> and will therefore hide any mounts made by the |
| <filename>fstab</filename> file into that directory.</para></note> |
| <para>While this package could be used to mount <acronym>NFS</acronym> |
| shares and <acronym>SMB</acronym> shares, that feature is not configured |
| in these instructions. <acronym>NFS</acronym> shares are covered on the |
| next page. |
| </para> |
| <para>The <filename>auto.misc</filename> must be configured to your |
| working hardware. The loaded configuration file should load your cdrom |
| if <filename>/dev/cdrom</filename> is active or it can be edited to |
| match your device setup and examples for floppies are available in the file |
| and easily activated. Documentation for this file is available using the |
| <command>man 5 autofs</command> command.</para> |
| <para id="autofs-init">Install the |
| <filename>/etc/rc.d/init.d/autofs</filename> mount script and |
| <filename>/etc/sysconfig/autofs.conf</filename> support file |
| included with the <xref linkend="intro-important-bootscripts"/> |
| package.</para> |
| <indexterm zone="autofs autofs-init"> |
| <primary sortas="f-autofs-init">autofs</primary></indexterm> |
| <screen><userinput role='root'><command>make install-autofs</command></userinput></screen> |
| <para>The time-out variable is set in |
| <filename>/etc/sysconfig/autofs.conf</filename>. The installed file sets |
| a default of 60 seconds of inactivity before unmounting the device. A |
| much shorter time may be necessary to protect buffer writing to a |
| floppy if users tend to remove the media prior to the timeout |
| setting.</para> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Program</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <seglistitem> |
| <seg>automount</seg> |
| <seg>autofs modules</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="automount"> |
| <term><command>automount</command></term> |
| <listitem><para>is the daemon that performs the mounting when a request is |
| made for the device.</para> |
| <indexterm zone="autofs automount"> |
| <primary sortas="b-automount">automount</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/filesystems/xfs/xfs.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/xfs/xfs-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/xfs/xfs-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/xfs/xfs-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/reiser/reiser.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/reiser/reiser-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/reiser/reiser-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/reiser/reiser-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/reiser/reiser-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/filesystems/xfs.xml |
|---|
| 1,11 → 1,243 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY xfsprogs-download-http "http://mirrors.sunsite.dk/xfs/download/cmd_tars/xfsprogs-&xfsprogs-version;.src.tar.gz"> |
| <!ENTITY xfsprogs-download-ftp "ftp://oss.sgi.com/projects/xfs/download/cmd_tars/xfsprogs-&xfsprogs-version;.src.tar.gz"> |
| <!ENTITY xfsprogs-md5sum "65fbf692f348b57f21edd4813733d9ae"> |
| <!ENTITY xfsprogs-size "833 KB"> |
| <!ENTITY xfsprogs-buildsize "25.2 MB"> |
| <!ENTITY xfsprogs-time "0.59 SBU"> |
| ]> |
| <sect1 id="xfs" xreflabel="XFS-&xfsprogs-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: randy $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="xfsfs.html"?> |
| <title>XFS-&xfsprogs-version;</title> |
| <indexterm zone="xfs"> |
| <primary sortas="a-XFS">XFS</primary> |
| </indexterm> |
| &xfs-intro; |
| &xfs-inst; |
| &xfs-desc; |
| <sect2> |
| <title>Introduction to |
| <application><acronym>XFS</acronym></application></title> |
| <para>The <application>XFS</application> package contains administration |
| and debugging tools for the <acronym>XFS</acronym> file system.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&xfsprogs-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&xfsprogs-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &xfsprogs-md5sum;</para></listitem> |
| <listitem><para>Download size: &xfsprogs-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &xfsprogs-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &xfsprogs-time;</para></listitem></itemizedlist> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>XFS</application></title> |
| <note><para>If you did not install the |
| <ulink url="&lfs-root;/chapter06/e2fsprogs.html">E2fsprogs</ulink> package in |
| <acronym>LFS</acronym>, you must install it, or |
| <ulink url="http://pecl.php.net/get/uuid-1.0.tgz">UUID</ulink> before |
| proceeding with the installation of |
| <application>XFS</application>.</para></note> |
| <para>Install <application>XFS</application> by running the following |
| commands:</para> |
| <screen><userinput><command>sed -i 's/autoconf//' Makefile && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Library</segtitle> |
| <segtitle>Installed Directory</segtitle> |
| <seglistitem> |
| <seg>fsck.xfs, mkfs.xfs, xfs_admin, xfs_bmap, xfs_check, xfs_copy, xfs_db, |
| xfs_freeze, xfs_growfs, xfs_info, xfs_io, xfs_logprint, xfs_mkfile, |
| xfs_ncheck, xfs_repair and xfs_rtcp</seg> |
| <seg>libhandle.so</seg> |
| <seg>/usr/share/doc/xfsprogs</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="fsck.xfs"> |
| <term><command>fsck.xfs</command></term> |
| <listitem><para>simply exits with a zero status, since <acronym>XFS</acronym> |
| partitions are checked at mount time.</para> |
| <indexterm zone="xfs fsck.xfs"> |
| <primary sortas="b-fsck.xfs">fsck.xfs</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="mkfs.xfs"> |
| <term><command>mkfs.xfs</command></term> |
| <listitem><para>constructs an <acronym>XFS</acronym> file system.</para> |
| <indexterm zone="xfs mkfs.xfs"> |
| <primary sortas="b-mkfs.xfs">mkfs.xfs</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_admin"> |
| <term><command>xfs_admin</command></term> |
| <listitem><para>changes the parameters of an <acronym>XFS</acronym> file |
| system.</para> |
| <indexterm zone="xfs xfs_admin"> |
| <primary sortas="b-xfs_admin">xfs_admin</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_bmap"> |
| <term><command>xfs_bmap</command></term> |
| <listitem><para>prints block mapping for an <acronym>XFS</acronym> file.</para> |
| <indexterm zone="xfs xfs_bmap"> |
| <primary sortas="b-xfs_bmap">xfs_bmap</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_check"> |
| <term><command>xfs_check</command></term> |
| <listitem><para>checks <acronym>XFS</acronym> file system consistency.</para> |
| <indexterm zone="xfs xfs_check"> |
| <primary sortas="b-xfs_check">xfs_check</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_copy"> |
| <term><command>xfs_copy</command></term> |
| <listitem><para>copies the contents of an <acronym>XFS</acronym> file system |
| to one or more targets in parallel.</para> |
| <indexterm zone="xfs xfs_copy"> |
| <primary sortas="b-xfs_copy">xfs_copy</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_db"> |
| <term><command>xfs_db</command></term> |
| <listitem><para>is used to debug an <acronym>XFS</acronym> file system.</para> |
| <indexterm zone="xfs xfs_db"> |
| <primary sortas="b-xfs_db">xfs_db</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_freeze"> |
| <term><command>xfs_freeze</command></term> |
| <listitem><para>suspends access to an <acronym>XFS</acronym> file |
| system.</para> |
| <indexterm zone="xfs xfs_freeze"> |
| <primary sortas="b-xfs_freeze">xfs_freeze</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_growfs"> |
| <term><command>xfs_growfs</command></term> |
| <listitem><para>expands an <acronym>XFS</acronym> file system.</para> |
| <indexterm zone="xfs xfs_growfs"> |
| <primary sortas="b-xfs_growfs">xfs_growfs</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_info"> |
| <term><command>xfs_info</command></term> |
| <listitem><para>is equivalent to invoking <command>xfs_growfs</command>, but |
| specifying that no change to the file system is to be made.</para> |
| <indexterm zone="xfs xfs_info"> |
| <primary sortas="b-xfs_info">xfs_info</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_io"> |
| <term><command>xfs_io</command></term> |
| <listitem><para>is a debugging tool like <command>xfs_db</command>, but is |
| aimed at examining the regular file I/O path rather than the raw |
| <acronym>XFS</acronym> volume itself.</para> |
| <indexterm zone="xfs xfs_io"> |
| <primary sortas="b-xfs_io">xfs_io</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_logprint"> |
| <term><command>xfs_logprint</command></term> |
| <listitem><para>prints the log of an <acronym>XFS</acronym> file system.</para> |
| <indexterm zone="xfs xfs_logprint"> |
| <primary sortas="b-xfs_logprint">xfs_logprint</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_mkfile"> |
| <term><command>xfs_mkfile</command></term> |
| <listitem><para>creates an <acronym>XFS</acronym> file, padded with zeroes by |
| default.</para> |
| <indexterm zone="xfs xfs_mkfile"> |
| <primary sortas="b-xfs_mkfile">xfs_mkfile</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_ncheck"> |
| <term><command>xfs_ncheck</command></term> |
| <listitem><para>generates pathnames from inode numbers for an |
| <acronym>XFS</acronym> file system.</para> |
| <indexterm zone="xfs xfs_ncheck"> |
| <primary sortas="b-xfs_ncheck">xfs_ncheck</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_repair"> |
| <term><command>xfs_repair</command></term> |
| <listitem><para>repairs corrupt or damaged <acronym>XFS</acronym>file |
| systems.</para> |
| <indexterm zone="xfs xfs_repair"> |
| <primary sortas="b-xfs_repair">xfs_repair</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xfs_rtcp"> |
| <term><command>xfs_rtcp</command></term> |
| <listitem><para>copies a file to the real-time partition on an |
| <acronym>XFS</acronym> file system.</para> |
| <indexterm zone="xfs xfs_rtcp"> |
| <primary sortas="b-xfs_rtcp">xfs_rtcp</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libhandle"> |
| <term><filename class='libraryfile'>libhandle.so</filename></term> |
| <listitem><para>contains functions to map filesystem handles to a |
| corresponding open file descriptor for that filesystem.</para> |
| <indexterm zone="xfs libhandle"> |
| <primary sortas="c-libhandle">libhandle.so</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/filesystems/ext3.xml |
|---|
| 1,48 → 1,58 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| ]> |
| <sect1 id="postlfs-filesystems-ext3"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="ext3.html"?> |
| <title>Ext3</title> |
| <para>Ext3 est un système de fichiers journalisé qui est une extension du |
| système de fichiers ext2. La compatibilité descendante avec ext2 est là, et la |
| conversion de ext2 vers ext3 est trivial.</para> |
| <para>Ext3 is a journaling file system that is an extension to the ext2 |
| file system. It is backward compatible with ext2 and the conversion from ext2 |
| to ext3 is trivial.</para> |
| <para>Vous n'avez pas besoin d'installer quoi que ce soit pour utiliser ext3, |
| tous les packages requis étant disponible dans un système <acronym>LFS</acronym> |
| de base.</para> |
| <para>You don't need to install anything to use ext3, all the required |
| packages are available with a bare <acronym>LFS</acronym> system.</para> |
| <para>Lors de la construction du noyau, assurez-vous que vous avez compilé le |
| support ext3. Si vous voulez que votre partition root soit ext3, alors |
| compilez le support ext3 dans le noyau, sinon vous pouvez le compiler en tant |
| que module. Recompilez le noyau si nécessaire.</para> |
| <para>When building the kernel, ensure that you have compiled in ext3 |
| support. If you want your root partition to be ext3, then compile the ext3 |
| support in the kernel, else you may compile it as a module. Recompile the |
| kernel if needed.</para> |
| <para>Editez votre <filename>/etc/fstab</filename>. Pour chaque partition que |
| vous voulez convertir en ext3, éditez l'entrée de façon à ce qu'il ressemble à |
| la ligne suivante.</para> |
| <para>Edit your <filename>/etc/fstab</filename>. For each partition that you |
| want to convert into ext3, edit the entry so that it looks similar to the |
| following line.</para> |
| <screen>/dev/hd<replaceable>XX</replaceable> /mnt_point ext3 defaults 1 0</screen> |
| <para>Dans la ligne ci-dessus, remplacez |
| <filename>/dev/hd<replaceable>XX</replaceable></filename> par |
| votre partition (par exemple <filename>/dev/hda2</filename>), <filename |
| class="directory">/mnt_point</filename> par le point de montage (par exemple |
| <filename class="directory">/home</filename>). Le <option>0</option> dans le |
| dernier champ assure que la partition ne sera pas vérifiée pour sa consistence |
| lors du démarrage par le script <command>checkfs</command>. Vous pouvez |
| remplacer le type de système de fichiers <option>ext3</option> par |
| <option>auto</option> si vous voulez vous assurer que la partition sera montée |
| si vous avez accidentellement oublié d'activer le support ext3 dans le noyau. |
| </para> |
| <para>In the above line, replace |
| <filename>/dev/hd<replaceable>XX</replaceable></filename> by the |
| partition (e.g., <filename>/dev/hda2</filename>), |
| <filename class="directory">/mnt_point</filename> by the mount point (e.g., |
| <filename class="directory">/home</filename>). The <option>0</option> in the |
| last field ensures that the partition will not be checked for |
| consistency during the boot process by the <command>checkfs</command> script. |
| You may replace the <option>ext3</option> fs type in the above by |
| <option>auto</option> if you want to ensure that the partition is mounted |
| if you accidentally skip enabling the ext3 support in the kernel.</para> |
| <para>Pour chaque partition que vous voulez convertir en ext3 dans /etc/fstab, |
| activez le journal pour la partition en lançant la commande suivante.</para> |
| <para>For each partition that you have converted to ext3 in <filename> |
| /etc/fstab</filename>, enable the journal for the partition by running the |
| following command.</para> |
| <screen><userinput><command>tune2fs -j /dev/hd<replaceable>XX</replaceable></command></userinput></screen> |
| <screen><userinput role='root'><command>tune2fs -j /dev/hd<replaceable>XX</replaceable></command></userinput></screen> |
| <para>Remontez les partitions concernées, ou plus simplement, redémarrez si vous |
| avez recompilé le noyau pour activer le support ext3.</para> |
| <para>Remount the concerned partitions, or simply reboot if you have |
| recompiled the kernel to enable ext3 support.</para> |
| <para>Plus d'informations est disponible sur <ulink |
| url="http://www.zip.com.au/~akpm/linux/ext3/ext3-usage.html"/>.</para> |
| <para>More information is available at <ulink |
| url="http://www.zip.com.au/~akpm/linux/ext3/ext3-usage.html"/>. This |
| informaion is still relevant to the 2.6 kernels.</para> |
| </sect1> |
| /trunk/blfs/postlfs/filesystems/filesystems.xml |
|---|
| 1,16 → 1,27 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| ]> |
| <chapter id="postlfs-filesystems"> |
| <?dbhtml filename="filesystems.html"?> |
| <title>Systèmes de fichiers</title> |
| <title>File Systems</title> |
| <para>Les systèmes de fichiers journalisés réduisent le temps nécessaire pour |
| récupérer un système de fichier qui n'a pas été démonté propremement. Bien que |
| ceci soit particulièrement important pour les serveurs, ils sont devenus |
| populaires aussi sur les environnements de bureau. Ce chapitre contient un |
| ensemble varié de systèmes de fichiers journalisés.</para> |
| <para>Journaling file systems reduce the time needed to recover a |
| file system that was not unmounted properly. While this can be extremely |
| important in reducing downtime for servers, it has also become popular for |
| desktop environments. This chapter contains a variety of journaling |
| file systems.</para> |
| &postlfs-filesystems-ext3; |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ext3.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="reiser.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="xfs.xml"/> |
| <!-- &postlfs-filesystems-ext3; |
| &reiser; |
| &xfs; |
| --> |
| </chapter> |
| /trunk/blfs/postlfs/filesystems/reiser.xml |
|---|
| 1,12 → 1,151 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY reiser-download-http "http://ftp.namesys.com/pub/reiserfsprogs/reiserfsprogs-&reiser-version;.tar.gz"> |
| <!ENTITY reiser-download-ftp "ftp://ftp.namesys.com/pub/reiserfsprogs/reiserfsprogs-&reiser-version;.tar.gz"> |
| <!ENTITY reiser-md5sum "b42cf15f6651c3ceff5cb84996c0d539"> |
| <!ENTITY reiser-size "400 KB"> |
| <!ENTITY reiser-buildsize "7.9 MB"> |
| <!ENTITY reiser-time "0.16 SBU"> |
| ]> |
| <sect1 id="reiserfs" xreflabel="ReiserFS-&reiser-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: randy $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="reiserfs.html"?> |
| <title>ReiserFS-&reiser-version;</title> |
| <indexterm zone="reiserfs"> |
| <primary sortas="a-ReiserFS">ReiserFS</primary> |
| </indexterm> |
| &reiser-intro; |
| &reiser-inst; |
| &reiser-exp; |
| &reiser-desc; |
| <sect2> |
| <title>Introduction to <application>ReiserFS</application></title> |
| <para>The <application>ReiserFS</application> package contains various |
| utilities for use with the Reiser file system.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&reiser-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&reiser-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &reiser-md5sum;</para></listitem> |
| <listitem><para>Download size: &reiser-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &reiser-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &reiser-time;</para></listitem></itemizedlist> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>ReiserFS</application></title> |
| <para>Install <application>ReiserFS</application> by running the following |
| commands:</para> |
| <screen><userinput><command>./configure --prefix=/usr --sbindir=/sbin && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| ln -sf reiserfsck /sbin/fsck.reiserfs && |
| ln -sf mkreiserfs /sbin/mkfs.reiserfs</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><parameter>--prefix=/usr</parameter>: This ensures that |
| the manual pages are installed in the correct location while still |
| installing the programs in <filename class="directory">/sbin</filename> as |
| they should be.</para> |
| <para><parameter>--sbindir=/sbin</parameter>: This ensures that the |
| <application>ReiserFS</application> utilities are installed in |
| <filename class="directory">/sbin</filename> as they should be.</para> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>debugreiserfs, mkreiserfs, reiserfsck, reiserfstune and |
| resize_reiserfs</seg> |
| <seg>None</seg> |
| <seg>None</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="debugreiserfs"> |
| <term><command>debugreiserfs</command></term> |
| <listitem><para>can sometimes help to solve problems with |
| <application>ReiserFS</application> file systems. If it is called without |
| options, it prints the super block of any reiserfs file system found on the |
| device.</para> |
| <indexterm zone="reiserfs debugreiserfs"> |
| <primary sortas="b-debugreiserfs">debugreiserfs</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="mkreiserfs"> |
| <term><command>mkreiserfs</command></term> |
| <listitem><para>creates a <application>ReiserFS</application> file |
| system.</para> |
| <indexterm zone="reiserfs mkreiserfs"> |
| <primary sortas="b-mkreiserfs">mkreiserfs</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="reiserfsck"> |
| <term><command>reiserfsck</command></term> |
| <listitem><para>is used to check or repair a |
| <application>ReiserFS</application> file system.</para> |
| <indexterm zone="reiserfs reiserfsck"> |
| <primary sortas="b-reiserfsck">reiserfsck</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="reiserfstune"> |
| <term><command>reiserfstune</command></term> |
| <listitem><para>is used for tuning the <application>ReiserFS</application> |
| journal. <emphasis>WARNING</emphasis>: Don't use this utility without first |
| reading the man page thoroughly.</para> |
| <indexterm zone="reiserfs reiserfstune"> |
| <primary sortas="b-reiserfstune">reiserfstune</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="resize_reiserfs"> |
| <term><command>resize_reiserfs</command></term> |
| <listitem><para>is used to resize an unmounted |
| <application>ReiserFS</application> file system.</para> |
| <indexterm zone="reiserfs resize_reiserfs"> |
| <primary sortas="b-resize_reiserfs">resize_reiserfs</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/gnupg/gnupg-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/gnupg/gnupg-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/gnupg/gnupg-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/gnupg/gnupg-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/gnupg/gnupg.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/shadow/shadow.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/shadow/shadow-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/shadow/shadow-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/shadow/shadow-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/shadow/shadow-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/firewalling.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/busybox.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/disclaimer.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/credits.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/finale.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/extrainfo.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/kernel.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/masqrouter.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/status.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/writing.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/library.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/stop.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/firewalling/persfw.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/heimdal/heimdal-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/heimdal/heimdal-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/heimdal/heimdal-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/heimdal/heimdal-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/heimdal/heimdal-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/heimdal/heimdal.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/cracklib/cracklib.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/cracklib/cracklib-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/cracklib/cracklib-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/cracklib/cracklib-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/cracklib/cracklib-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/iptables/iptables.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/iptables/iptables-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/iptables/iptables-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/iptables/iptables-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/iptables/iptables-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/tripwire/tripwire-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/tripwire/tripwire-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/tripwire/tripwire-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/tripwire/tripwire-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/tripwire/tripwire-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/tripwire/tripwire.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/mitkrb/mitkrb-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/mitkrb/mitkrb-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/mitkrb/mitkrb-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/mitkrb/mitkrb-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/mitkrb/mitkrb-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/mitkrb/mitkrb.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/pam/linux_pam-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/pam/linux_pam.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/pam/linux_pam-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/pam/linux_pam-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/pam/linux_pam-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/pam/linux_pam-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/security/nessus.xml |
|---|
| 1,8 → 1,11 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-security-nessus"> |
| <sect1info> |
| <othername>$LastChangedBy: archaic $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="nessus.html"?> |
| <title>nessus</title> |
| <para>A ECRIRE - NOUVEAU</para> |
| <para>TO BE WRITTEN - NEW</para> |
| </sect1> |
| /trunk/blfs/postlfs/security/gnupg.xml |
|---|
| 1,13 → 1,140 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="gnupg" xreflabel="gnupg-&gnupg-version;"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY gnupg-download-http "http://public.ftp.planetmirror.com/pub/gnupg/gnupg-&gnupg-version;.tar.bz2"> |
| <!ENTITY gnupg-download-ftp "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-&gnupg-version;.tar.bz2"> |
| <!ENTITY gnupg-md5 "8c303606aaf73b7756b9fe6f3d8b58c2"> |
| <!ENTITY gnupg-size "2.7 MB"> |
| <!ENTITY gnupg-buildsize "25 MB"> |
| <!ENTITY gnupg-time "0.44 SBU"> |
| ]> |
| <sect1 id="gnupg" xreflabel="GnuPG-&gnupg-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="gnupg.html"?> |
| <title>gnupg-&gnupg-version;</title> |
| <title>GnuPG-&gnupg-version;</title> |
| <indexterm zone="gnupg"> |
| <primary sortas="a-GnuPG">GnuPG</primary></indexterm> |
| &gnupg-intro; |
| &gnupg-inst; |
| &gnupg-exp; |
| <!-- &gnupg-config; --> |
| &gnupg-desc; |
| <sect2> |
| <title>Introduction to <application>GnuPG</application></title> |
| <para>The <application>GnuPG</application> package contains a public/private |
| key encryptor. This is becoming useful for signing files or emails as proof |
| of identity and preventing tampering with contents of the file or email.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&gnupg-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&gnupg-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 Sum: &gnupg-md5;</para></listitem> |
| <listitem><para>Download size: &gnupg-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &gnupg-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &gnupg-time;</para></listitem></itemizedlist> |
| </sect3> |
| <!-- <sect3><title>Additional downloads</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Required Patch: <ulink |
| url="&patch-root;/gnupg-&gnupg-version;-po_install_fix-1.patch"/> |
| </para></listitem> |
| </itemizedlist> |
| </sect3> --> |
| <sect3><title><application>GnuPG</application> dependencies</title> |
| <sect4><title>Optional</title> |
| <para><xref linkend="openldap"/>, |
| <ulink url="../server/mail.html">MTA</ulink>, |
| <xref linkend="docbook-utils"/> and <ulink |
| url="http://www.oasis-open.org/docbook/tools/dtm/">docbook-to-man</ulink> |
| </para></sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>GnuPG</application></title> |
| <para>Install <application>GnuPG</application> by running the following |
| commands:</para> |
| <screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/lib && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| chmod 4755 /usr/bin/gpg</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><parameter>--libexecdir=/usr/lib</parameter>: This command |
| creates a <filename class="directory">gnupg</filename> directory in |
| <filename class="directory">/usr/lib</filename> instead of |
| <filename class="directory">/usr/libexec</filename>.</para> |
| <para><command>chmod 4755 /usr/bin/gpg</command>: <command>gpg</command> |
| is installed setuid root to avoid swapping out sensitive data.</para> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>gpg, gpgsplit and gpgv</seg> |
| <seg>None</seg> |
| <seg>/usr/lib/gnupg and /usr/share/gnupg</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="gpg"> |
| <term><command>gpg</command></term> |
| <listitem><para>is the backend (command-line interface) for |
| this Open<acronym>PGP</acronym> implementation.</para> |
| <indexterm zone="gnupg gpg"> |
| <primary sortas="b-gpg">gpg</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="gpgsplit"> |
| <term><command>gpgsplit</command></term> |
| <listitem><para>separates key rings.</para> |
| <indexterm zone="gnupg gpgsplit"> |
| <primary sortas="b-gpgsplit">gpgsplit</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="gpgv"> |
| <term><command>gpgv</command></term> |
| <listitem><para>is a verify only version of <command>gpg</command>.</para> |
| <indexterm zone="gnupg gpgv"> |
| <primary sortas="b-gpgv">gpgv</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/syslog.xml |
|---|
| 1,8 → 1,11 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-security-syslog"> |
| <sect1info> |
| <othername>$LastChangedBy: archaic $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="syslog.html"?> |
| <title>Configurer syslog</title> |
| <title>Configuring syslog</title> |
| <para>A ECRIRE - NOUVEAU</para> |
| <para>TO BE WRITTEN - NEW</para> |
| </sect1> |
| /trunk/blfs/postlfs/security/iptables.xml |
|---|
| 1,19 → 1,182 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-security-iptables"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2"> |
| <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2"> |
| <!ENTITY iptables-md5sum "c3358a3bd0d7755df0b64a5063db296b"> |
| <!ENTITY iptables-size "177 KB"> |
| <!ENTITY iptables-buildsize "3.8 MB"> |
| <!ENTITY iptables-time "0.14 SBU"> |
| ]> |
| <sect1 id="iptables" xreflabel="iptables-&iptables-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: bdubbs $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="iptables.html"?> |
| <title>iptables-&iptables-version;</title> |
| <para>La prochaine partie de ce chapitre s'occupe des pare-feux. L'outil de |
| pare-feu principal pour Linux, pour la série du noyau 2.4, est |
| <application>iptables</application>. Il remplace |
| <application>ipchains</application> de la série 2.2 et |
| <application>ipfwadm</application> de la série 2.0. Vous aurez besoin |
| d'installer <application>iptables</application> si vous avez l'intention |
| d'utiliser une quelconque forme de pare-feu.</para> |
| <indexterm zone="iptables"> |
| <primary sortas="a-Iptables">Iptables</primary> |
| </indexterm> |
| &iptables-intro; |
| &iptables-inst; |
| &iptables-exp; |
| &iptables-desc; |
| <para>The next part of this chapter deals with firewalls. The principal |
| firewall tool for Linux, as of the 2.4 kernel series, is |
| <application>iptables</application>. It replaces |
| <application>ipchains</application> from the 2.2 series and |
| <application>ipfwadm</application> from the 2.0 series. You will need to |
| install <application>iptables</application> if you intend on using any form of |
| a firewall.</para> |
| <sect2 id='iptables-kernel'> |
| <title>Introduction to <application>iptables</application></title> |
| <para>A firewall in Linux is accomplished through a portion of the kernel |
| called netfilter. The interface to netfilter is <application>iptables</application>. |
| To use it, the appropriate kernel configuration parameters are found in |
| Device Drivers -> Networking Support -> Networking Options -> |
| Network Packet Filtering -> IP: Netfilter Configuration. |
| <indexterm zone="iptables iptables-kernel"> |
| <primary sortas="d-iptables">Iptables</primary> |
| </indexterm> |
| </para> |
| <sect3> |
| <title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink url="&iptables-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink url="&iptables-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &iptables-md5sum;</para></listitem> |
| <listitem><para>Download size: &iptables-size;</para></listitem> |
| <listitem><para>Estimated disk space required: &iptables-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: &iptables-time;</para></listitem> |
| </itemizedlist> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>iptables</application></title> |
| <note> |
| <para>Installation of <application>iptables</application> will fail if raw |
| kernel headers are found in <filename |
| class='directory'>/usr/src/linux</filename> either as actual files or a |
| symlink. As of the Linux 2.6 kernel series, this directory should no longer |
| exist because appropriate headers were installed in the linux-libc-headers |
| package during the base <acronym>LFS</acronym> installation. </para> |
| <para>For some non-x86 architectures, the raw kernel headers may be required. |
| In that case, add the environment variable KERNEL_DIR=/usr/src/linux to the |
| make commands below.</para> |
| </note> |
| <para>Install <application>iptables</application> by running the following |
| commands:</para> |
| <screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles |
| and installs <application>iptables</application> libraries into |
| <filename class="directory">/lib</filename>, binaries into |
| <filename class="directory">/sbin</filename> and the remainder into the |
| <filename class="directory">/usr</filename> hierarchy instead of |
| <filename class="directory">/usr/local</filename>. Firewalls are |
| generally activated during the boot process and |
| <filename class="directory">/usr</filename> may not be mounted at that |
| time.</para> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directory</segtitle> |
| <seglistitem> |
| <seg>iptables, iptables-restore, iptables-save and ip6tables</seg> |
| <seg>libip6t_*.so and libipt_*.so</seg> |
| <seg>/lib/iptables</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="iptables-prog"> |
| <term><command>iptables</command></term> |
| <listitem><para>is used to set up, maintain, and inspect the tables of |
| <acronym>IP</acronym> packet filter rules in the Linux kernel.</para> |
| <indexterm zone="iptables iptables-prog"> |
| <primary sortas="b-iptables">iptables</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="iptables-restore"> |
| <term><command>iptables-restore</command></term> |
| <listitem><para>is used to restore <acronym>IP</acronym> Tables from data |
| specified on <acronym>STDIN</acronym>. Use I/O redirection provided by your |
| shell to read from a file.</para> |
| <indexterm zone="iptables iptables-restore"> |
| <primary sortas="b-iptables-restore">iptables-restore</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="iptables-save"> |
| <term><command>iptables-save</command></term> |
| <listitem><para>is used to dump the contents of an <acronym>IP</acronym> Table |
| in easily parseable format to <acronym>STDOUT</acronym>. Use I/O-redirection |
| provided by your shell to write to a file.</para> |
| <indexterm zone="iptables iptables-save"> |
| <primary sortas="b-iptables-save">iptables-save</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="ip6tables"> |
| <term><command>ip6tables</command></term> |
| <listitem><para>is used to set up, maintain, and inspect the tables of |
| <acronym>IP</acronym>v6 packet filter rules in the Linux kernel. Several |
| different tables may be defined. Each table contains a number of built-in |
| chains and may also contain user-defined chains.</para> |
| <indexterm zone="iptables ip6tables"> |
| <primary sortas="b-ip6tables">ip6tables</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="libip-iptables"> |
| <term><filename class='libraryfile'>libip*.so</filename></term> |
| <listitem><para>library modules are various modules (implemented as dynamic |
| libraries) which extend the core functionality of |
| <command>iptables</command>.</para> |
| <indexterm zone="iptables libip-iptables"> |
| <primary sortas="c-libip-iptables">libip*.so</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/heimdal.xml |
|---|
| 1,12 → 1,851 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY heimdal-download-http "http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-&heimdal-version;.tar.gz"> |
| <!ENTITY heimdal-download-ftp "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-&heimdal-version;.tar.gz"> |
| <!ENTITY heimdal-md5sum "2265fd2d4573dd3a8da45ce62519e48b"> |
| <!ENTITY heimdal-size "3.3 MB"> |
| <!ENTITY heimdal-buildsize "70 MB"> |
| <!ENTITY heimdal-time "2.18 SBU"> |
| ]> |
| <sect1 id="heimdal" xreflabel="Heimdal-&heimdal-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: randy $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="heimdal.html"?> |
| <title>Heimdal-&heimdal-version;</title> |
| <indexterm zone="heimdal"> |
| <primary sortas="a-Heimdal">Heimdal</primary> |
| </indexterm> |
| &heimdal-intro; |
| &heimdal-inst; |
| &heimdal-exp; |
| &heimdal-config; |
| &heimdal-desc; |
| <sect2> |
| <title>Introduction to <application>Heimdal</application></title> |
| <para><application>Heimdal</application> is a free implementation of Kerberos |
| 5, that aims to be compatible with <acronym>MIT</acronym> krb5 and is backwards |
| compatible with krb4. Kerberos is a network authentication protocol. Basically |
| it preserves the integrity of passwords in any untrusted network (like the |
| Internet). Kerberized applications work hand-in-hand with sites that support |
| Kerberos to ensure that passwords cannot be stolen. A Kerberos installation |
| will make changes to the authentication mechanisms on your network and will |
| overwrite several programs and daemons from the |
| <application>Coreutils</application>, <application>Inetutils</application>, |
| <application>Qpopper</application> and <application>Shadow</application> |
| packages.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): |
| <ulink url="&heimdal-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): |
| <ulink url="&heimdal-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &heimdal-md5sum;</para></listitem> |
| <listitem><para>Download size: &heimdal-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &heimdal-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &heimdal-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional downloads</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Required Patch: <ulink |
| url="&patch-root;/heimdal-&heimdal-version;-fhs_compliance-1.patch"/></para> |
| </listitem> |
| <listitem><para>Required patch for cracklib: <ulink |
| url="&patch-root;/heimdal-&heimdal-version;-cracklib-1.patch"/></para> |
| </listitem> |
| </itemizedlist> |
| </sect3> |
| <sect3><title><application>Heimdal</application> dependencies</title> |
| <sect4><title>Required</title> |
| <para><xref linkend="openssl"/> and |
| <xref linkend="db"/></para> |
| </sect4> |
| <sect4><title>Optional</title> |
| <para><xref linkend="Linux_PAM"/>, |
| <xref linkend="openldap"/>, |
| X (<xref linkend="xorg"/> or <xref linkend="xfree86"/>), |
| <xref linkend="cracklib"/> and |
| <ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink></para> |
| <note><para>Some sort of time synchronization facility on your system (like |
| <xref linkend="ntp"/>) is required since Kerberos won't authenticate if the |
| time differential between a kerberized client and the |
| <acronym>KDC</acronym> server is more than 5 minutes.</para></note> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>Heimdal</application></title> |
| <para>Before installing the package, you may want to preserve the |
| <command>ftp</command> program from the <application>Inetutils</application> |
| package. This is because using the <application>Heimdal</application> |
| <command>ftp</command> program to connect to non-kerberized ftp servers may |
| not work properly. It will allow you to connect (letting you know that |
| transmission of the password is clear text) but will have problems doing puts |
| and gets. Issue the following command as the root user.</para> |
| <screen><userinput role='root'><command>mv /usr/bin/ftp /usr/bin/ftpn</command></userinput></screen> |
| <para>If you wish the <application>Heimdal</application> package to link |
| against the <application>cracklib</application> library, you must apply a |
| patch:</para> |
| <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-cracklib-1.patch</command></userinput></screen> |
| <para>Install <application>Heimdal</application> by running the following |
| commands:</para> |
| <screen><userinput><command>patch -Np1 -i ../heimdal-&heimdal-version;-fhs_compliance-1.patch && |
| ./configure --prefix=/usr --sysconfdir=/etc/heimdal \ |
| --datadir=/var/lib/heimdal --localstatedir=/var/lib/heimdal \ |
| --libexecdir=/usr/sbin --enable-shared \ |
| --with-openssl=/usr --with-readline=/usr && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| mv /bin/login /bin/login.shadow && |
| mv /bin/su /bin/su.shadow && |
| mv /usr/bin/{login,su} /bin && |
| ln -sf ../../bin/login /usr/bin && |
| mv /usr/lib/lib{otp.so.0*,kafs.so.0*,krb5.so.17*,asn1.so.6*} \ |
| /usr/lib/lib{roken.so.16*,crypto.so.0*,db-4.3.so} /lib && |
| ln -sf ../../lib/lib{otp.so.0{,.1.4},kafs.so.0{,.4.0},db-4.3.so} \ |
| /usr/lib && |
| ln -sf ../../lib/lib{krb5.so.17{,.3.0},asn1.so.6{,.0.2}} \ |
| /usr/lib && |
| ln -sf ../../lib/lib{roken.so.16{,.0.3},crypto.so.0{,.9.7}} \ |
| /usr/lib && |
| ldconfig</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><parameter>--libexecdir=/usr/sbin</parameter>: This switch puts the |
| daemon programs into <filename class="directory">/usr/sbin</filename>. |
| </para> |
| <note><para> |
| If you want to preserve all your existing <application>Inetutils</application> |
| package daemons, install the <application>Heimdal</application> daemons into |
| <filename class="directory">/usr/sbin/heimdal</filename> (or wherever you |
| want). Since these programs will be called from <command>(x)inetd</command> or |
| <filename>rc</filename> scripts, it really doesn't matter where they are |
| installed, as long as they are correctly specified in the |
| <filename>/etc/(x)inetd.conf</filename> file and <filename>rc</filename> |
| scripts. If you choose something other than |
| <filename class="directory">/usr/sbin</filename>, you may want to move some of |
| the user programs (such as <command>kadmin</command>) to |
| <filename class="directory">/usr/sbin</filename> manually so they'll be in the |
| privileged user's default path.</para></note> |
| <para><command>mv ... .shadow; mv ... /bin; ln -sf ../../bin...</command>: The |
| <command>login</command> and <command>su</command> programs installed by |
| <application>Heimdal</application> belong in the |
| <filename class="directory">/bin</filename> directory. The |
| <command>login</command> program is symlinked because |
| <application>Heimdal</application> is expecting to find it in |
| <filename class="directory">/usr/bin</filename>. The old executables are |
| preserved before the move to keep things sane should breaks occur.</para> |
| <para><command>mv ... /lib; ln -sf ../../lib/lib... /usr/lib</command>: The |
| <command>login</command> and <command>su</command> programs installed by |
| <application>Heimdal</application> link against |
| <application>Heimdal</application> libraries as well as libraries provided by |
| the <application>Open<acronym>SSL</acronym></application> and |
| <application>Berkeley <acronym>DB</acronym></application> packages. These |
| libraries are moved to <filename class="directory">/lib</filename> to be |
| <acronym>FHS</acronym> compliant and also in case |
| <filename class="directory">/usr</filename> is located on a separate partition |
| which may not always be mounted.</para> |
| </sect2> |
| <sect2> |
| <title>Configuring <application>Heimdal</application></title> |
| <sect3 id="heimdal-config"><title>Config files</title> |
| <para><filename>/etc/heimdal/*</filename></para> |
| <indexterm zone="heimdal heimdal-config"> |
| <primary sortas="e-etc-heimdal">/etc/heimdal/*</primary> |
| </indexterm> |
| </sect3> |
| <sect3><title>Configuration Information</title> |
| <sect4><title>Master <acronym>KDC</acronym> Server Configuration</title> |
| <para>Create the Kerberos configuration file with the following |
| commands:</para> |
| <screen><userinput role='root'><command>install -d /etc/heimdal && |
| cat > /etc/heimdal/krb5.conf << "EOF"</command> |
| # Begin /etc/heimdal/krb5.conf |
| [libdefaults] |
| default_realm = <replaceable>[EXAMPLE.COM]</replaceable> |
| encrypt = true |
| [realms] |
| <replaceable>[EXAMPLE.COM]</replaceable> = { |
| kdc = <replaceable>[hostname.example.com]</replaceable> |
| admin_server = <replaceable>[hostname.example.com]</replaceable> |
| kpasswd_server = <replaceable>[hostname.example.com]</replaceable> |
| } |
| [domain_realm] |
| .<replaceable>[example.com]</replaceable> = <replaceable>[EXAMPLE.COM]</replaceable> |
| [logging] |
| kdc = FILE:/var/log/kdc.log |
| admin_server = FILE:/var/log/kadmin.log |
| default = FILE:/var/log/krb.log |
| # End /etc/heimdal/krb5.conf |
| <command>EOF</command></userinput></screen> |
| <para>You will need to substitute your domain and proper hostname for the |
| occurrences of the <replaceable>[hostname]</replaceable> and |
| <replaceable>[EXAMPLE.COM]</replaceable> names.</para> |
| <para><userinput>default_realm</userinput> should be the name of your domain |
| changed to ALL CAPS. This isn't required, but both |
| <application>Heimdal</application> and <application><acronym>MIT</acronym> |
| krb5</application> recommend it.</para> |
| <para><userinput>encrypt = true</userinput> provides encryption of all traffic |
| between kerberized clients and servers. It's not necessary and can be left |
| off. If you leave it off, you can encrypt all traffic from the client to the |
| server using a switch on the client program instead.</para> |
| <para>The <userinput>[realms]</userinput> parameters tell the client programs |
| where to look for the <acronym>KDC</acronym> authentication services.</para> |
| <para>The <userinput>[domain_realm]</userinput> section maps a domain to a |
| realm.</para> |
| <para>Store the master password in a key file using the following |
| commands:</para> |
| <screen><userinput role='root'><command>install -d -m 755 /var/lib/heimdal && |
| kstash</command></userinput></screen> |
| <para>Create the <acronym>KDC</acronym> database:</para> |
| <screen><userinput role='root'><command>kadmin -l</command></userinput></screen> |
| <para>Choose the defaults for now. You can go in later and change the |
| defaults, should you feel the need. At the |
| <userinput>kadmin></userinput> prompt, issue the following statement:</para> |
| <screen><userinput role='root'><command>init <replaceable>[EXAMPLE.COM]</replaceable></command></userinput></screen> |
| <para>The database must now be populated with at least one principle (user). |
| For now, just use your regular login name or root. You may create as few, or |
| as many principles as you wish using the following statement:</para> |
| <screen><userinput role='root'><command>add <replaceable>[loginname]</replaceable></command></userinput></screen> |
| <para>The <acronym>KDC</acronym> server and any machine running kerberized |
| server daemons must have a host key installed:</para> |
| <screen><userinput role='root'><command>add --random-key host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> |
| <para>After choosing the defaults when prompted, you will have to export the |
| data to a keytab file:</para> |
| <screen><userinput role='root'><command>ext host/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> |
| <para>This should have created two files in |
| <filename class="directory">/etc/heimdal</filename>: |
| <filename>krb5.keytab</filename> (Kerberos 5) and |
| <filename>srvtab</filename> (Kerberos 4). Both files should have 600 |
| (root rw only) permissions. Keeping the keytab files from public access |
| is crucial to the overall security of the Kerberos installation.</para> |
| <para>Eventually, you'll want to add server daemon principles to the database |
| and extract them to the keytab file. You do this in the same way you created |
| the host principles. Below is an example:</para> |
| <screen><userinput role='root'><command>add --random-key ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> |
| <para>(choose the defaults)</para> |
| <screen><userinput role='root'><command>ext ftp/<replaceable>[hostname.example.com]</replaceable></command></userinput></screen> |
| <para>Exit the <command>kadmin</command> program (use <command>quit</command> |
| or <command>exit</command>) and return back to the shell prompt. Start |
| the <acronym>KDC</acronym> daemon manually, just to test out the |
| installation:</para> |
| <screen><userinput role='root'><command>/usr/sbin/kdc &</command></userinput></screen> |
| <para>Attempt to get a <acronym>TGT</acronym> (ticket granting ticket) with |
| the following command:</para> |
| <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen> |
| <para>You will be prompted for the password you created. After you get your |
| ticket, you should list it with the following command:</para> |
| <screen><userinput><command>klist</command></userinput></screen> |
| <para>Information about the ticket should be displayed on the screen.</para> |
| <para>To test the functionality of the keytab file, issue the following |
| command:</para> |
| <screen><userinput><command>ktutil list</command></userinput></screen> |
| <para>This should dump a list of the host principals, along with the encryption |
| methods used to access the principals.</para> |
| <para>At this point, if everything has been successful so far, you can feel |
| fairly confident in the installation and configuration of the package.</para> |
| <para id="heimdal-init">Install the |
| <filename>/etc/rc.d/init.d/heimdal</filename> init script included in the |
| <xref linkend="intro-important-bootscripts"/> package:</para> |
| <indexterm zone="heimdal heimdal-init"> |
| <primary sortas="f-heimdal">heimdal</primary> |
| </indexterm> |
| <screen><userinput role='root'><command>make install-heimdal</command></userinput></screen> |
| </sect4> |
| <sect4><title>Using Kerberized Client Programs</title> |
| <para>To use the kerberized client programs (<command>telnet</command>, |
| <command>ftp</command>, <command>rsh</command>, |
| <command>rxterm</command>, <command>rxtelnet</command>, |
| <command>rcp</command>, <command>xnlock</command>), you first must get |
| a <acronym>TGT</acronym>. Use the <command>kinit</command> program to |
| get the ticket. After you've acquired the ticket, you can use the |
| kerberized programs to connect to any kerberized server on the network. |
| You will not be prompted for authentication until your ticket expires |
| (default is one day), unless you specify a different user as a command |
| line argument to the program.</para> |
| <para>The kerberized programs will connect to non-kerberized daemons, warning |
| you that authentication is not encrypted. As mentioned earlier, only the |
| <command>ftp</command> program gives any trouble connecting to |
| non-kerberized daemons.</para> |
| <para>In order to use the <application>Heimdal</application> |
| <application>X</application> programs, you'll need to add a service port |
| entry to the <filename>/etc/services</filename> file for the |
| <command>kxd</command> server. There is no 'standardized port number' for |
| the 'kx' service in the <acronym>IANA</acronym> database, so you'll have to |
| pick an unused port number. Add an entry to the <filename>services</filename> |
| file similar to the entry below (substitute your chosen port number for |
| <replaceable>[49150]</replaceable>):</para> |
| <screen><userinput role='root'>kx <replaceable>[49150]</replaceable>/tcp # Heimdal kerberos X |
| kx <replaceable>[49150]</replaceable>/udp # Heimdal kerberos X</userinput></screen> |
| <para>For additional information consult <ulink |
| url="http://www.linuxfromscratch.org/hints/downloads/files/heimdal.txt">the |
| Heimdal hint</ulink> on which the above instructions are based.</para> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>afslog, dump_log, ftp, ftpd, hprop, hpropd, ipropd-master, ipropd-slave, |
| kadmin, kadmind, kauth, kdc, kdestroy, kf, kfd, kgetcred, kinit, klist, |
| kpasswd, kpasswdd, krb5-config, kstash, ktutil, kx, kxd, login, mk_cmds, otp, |
| otpprint, pagsh, pfrom, popper, push, rcp, replay_log, rsh, rshd, rxtelnet, |
| rxterm, string2key, su, telnet, telnetd, tenletxr, truncate-log, |
| verify_krb5_conf and xnlock</seg> |
| <seg>libasn1.[so,a], libeditline.a, libgssapi.[so,a], libhdb.[so,a], |
| libkadm5clnt.[so,a], libkadm5srv.[so,a], libkafs.[so,a], libkrb5.[so,a], |
| libotp.[so,a], libroken.[so,a], libsl.[so,a] and libss.[so,a]</seg> |
| <seg>/etc/heimdal, /usr/include/kadm5, /usr/include/ss and |
| /var/lib/heimdal</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="afslog"> |
| <term><command>afslog</command></term> |
| <listitem><para>obtains <acronym>AFS</acronym> tokens for a number of |
| cells.</para> |
| <indexterm zone="heimdal afslog"> |
| <primary sortas="b-afslog">afslog</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ftp"> |
| <term><command>ftp</command></term> |
| <listitem><para>is a kerberized <acronym>FTP</acronym> client.</para> |
| <indexterm zone="heimdal ftp"> |
| <primary sortas="b-ftp">ftp</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ftpd"> |
| <term><command>ftpd</command></term> |
| <listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para> |
| <indexterm zone="heimdal ftpd"> |
| <primary sortas="b-ftpd">ftpd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="hprop"> |
| <term><command>hprop</command></term> |
| <listitem><para> takes a principal database in a specified format and converts |
| it into a stream of <application>Heimdal</application> database records.</para> |
| <indexterm zone="heimdal hprop"> |
| <primary sortas="b-hprop">hprop</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="hpropd"> |
| <term><command>hpropd</command></term> |
| <listitem><para>is a server that receives a database sent by |
| <command>hprop</command> and writes it as a local database.</para> |
| <indexterm zone="heimdal hpropd"> |
| <primary sortas="b-hpropd">hpropd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ipropd-master"> |
| <term><command>ipropd-master</command></term> |
| <listitem><para>is a daemon which runs on the master <acronym>KDC</acronym> |
| server which incrementally propogates changes to the <acronym>KDC</acronym> |
| database to the slave <acronym>KDC</acronym> servers.</para> |
| <indexterm zone="heimdal ipropd-master"> |
| <primary sortas="b-ipropd-master">ipropd-master</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ipropd-slave"> |
| <term><command>ipropd-slave</command></term> |
| <listitem><para>is a daemon which runs on the slave <acronym>KDC</acronym> |
| servers which incrementally propogates changes to the <acronym>KDC</acronym> |
| database from the master <acronym>KDC</acronym> server.</para> |
| <indexterm zone="heimdal ipropd-slave"> |
| <primary sortas="b-ipropd-slave">ipropd-slave</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kadmin"> |
| <term><command>kadmin</command></term> |
| <listitem><para>is a utility used to make modifications to the Kerberos |
| database.</para> |
| <indexterm zone="heimdal kadmin"> |
| <primary sortas="b-kadmin">kadmin</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kadmind"> |
| <term><command>kadmind</command></term> |
| <listitem><para>is a server for administrative access to the Kerberos |
| database.</para> |
| <indexterm zone="heimdal kadmind"> |
| <primary sortas="b-kadmind">kadmind</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kauth"> |
| <term><command>kauth</command></term> |
| <listitem><para>is a symbolic link to the <command>kinit</command> |
| program.</para> |
| <indexterm zone="heimdal kauth"> |
| <primary sortas="g-kauth">kauth</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kdc"> |
| <term><command>kdc</command></term> |
| <listitem><para>is a Kerberos 5 server.</para> |
| <indexterm zone="heimdal kdc"> |
| <primary sortas="b-kdc">kdc</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kdestroy"> |
| <term><command>kdestroy</command></term> |
| <listitem><para>removes a principle's current set of tickets.</para> |
| <indexterm zone="heimdal kdestroy"> |
| <primary sortas="b-kdestroy">kdestroy</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kf"> |
| <term><command>kf</command></term> |
| <listitem><para>is a program which forwards tickets to a remote host through |
| an authenticated and encrypted stream.</para> |
| <indexterm zone="heimdal kf"> |
| <primary sortas="b-kf">kf</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kfd"> |
| <term><command>kfd</command></term> |
| <listitem><para>is a server used to receive forwarded tickets.</para> |
| <indexterm zone="heimdal kfd"> |
| <primary sortas="b-kfd">kfd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kgetcred"> |
| <term><command>kgetcred</command></term> |
| <listitem><para>obtains a ticket for a service.</para> |
| <indexterm zone="heimdal kgetcred"> |
| <primary sortas="b-kgetcred">kgetcred</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kinit"> |
| <term><command>kinit</command></term> |
| <listitem><para>is used to authenticate to the Kerberos server as a principal |
| and acquire a ticket granting ticket that can later be used to obtain tickets |
| for other services.</para> |
| <indexterm zone="heimdal kinit"> |
| <primary sortas="b-kinit">kinit</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="klist"> |
| <term><command>klist</command></term> |
| <listitem><para>reads and displays the current tickets in the credential |
| cache.</para> |
| <indexterm zone="heimdal klist"> |
| <primary sortas="b-klist">klist</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kpasswd"> |
| <term><command>kpasswd</command></term> |
| <listitem><para>is a program for changing Kerberos 5 passwords.</para> |
| <indexterm zone="heimdal kpasswd"> |
| <primary sortas="b-kpasswd">kpasswd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kpasswdd"> |
| <term><command>kpasswdd</command></term> |
| <listitem><para>is a Kerberos 5 password changing server.</para> |
| <indexterm zone="heimdal kpasswdd"> |
| <primary sortas="b-kpasswdd">kpasswdd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="krb5-config-prog"> |
| <term><command>krb5-config</command></term> |
| <listitem><para>gives information on how to link programs against |
| <application>Heimdal</application> libraries.</para> |
| <indexterm zone="heimdal krb5-config-prog"> |
| <primary sortas="b-krb5-config">krb5-config</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kstash"> |
| <term><command>kstash</command></term> |
| <listitem><para>stores the <acronym>KDC</acronym> master password in a |
| file.</para> |
| <indexterm zone="heimdal kstash"> |
| <primary sortas="b-kstash">kstash</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ktutil"> |
| <term><command>ktutil</command></term> |
| <listitem><para>is a program for managing Kerberos keytabs.</para> |
| <indexterm zone="heimdal ktutil"> |
| <primary sortas="b-ktutil">ktutil</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kx"> |
| <term><command>kx</command></term> |
| <listitem><para>is a program which securely forwards |
| <application>X</application> connections.</para> |
| <indexterm zone="heimdal kx"> |
| <primary sortas="b-kx">kx</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kxd"> |
| <term><command>kxd</command></term> |
| <listitem><para>is the daemon for <command>kx</command>.</para> |
| <indexterm zone="heimdal kxd"> |
| <primary sortas="b-kxd">kxd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="login"> |
| <term><command>login</command></term> |
| <listitem><para>is a kerberized login program.</para> |
| <indexterm zone="heimdal login"> |
| <primary sortas="b-login">login</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="otp"> |
| <term><command>otp</command></term> |
| <listitem><para>manages one-time passwords.</para> |
| <indexterm zone="heimdal otp"> |
| <primary sortas="b-otp">otp</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="otpprint"> |
| <term><command>otpprint</command></term> |
| <listitem><para>prints lists of one-time passwords.</para> |
| <indexterm zone="heimdal otpprint"> |
| <primary sortas="b-otpprint">otpprint</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="pfrom"> |
| <term><command>pfrom</command></term> |
| <listitem><para>is a script that runs <command>push --from</command>.</para> |
| <indexterm zone="heimdal pfrom"> |
| <primary sortas="b-pfrom">pfrom</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="popper"> |
| <term><command>popper</command></term> |
| <listitem><para>is a kerberized <acronym>POP</acronym>-3 server.</para> |
| <indexterm zone="heimdal popper"> |
| <primary sortas="b-popper">popper</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="push"> |
| <term><command>push</command></term> |
| <listitem><para>is a kerberized <acronym>POP</acronym> mail retreival |
| client.</para> |
| <indexterm zone="heimdal push"> |
| <primary sortas="b-push">push</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rcp"> |
| <term><command>rcp</command></term> |
| <listitem><para>is a kerberized rcp client program.</para> |
| <indexterm zone="heimdal rcp"> |
| <primary sortas="b-rcp">rcp</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rsh"> |
| <term><command>rsh</command></term> |
| <listitem><para>is a kerberized rsh client program.</para> |
| <indexterm zone="heimdal rsh"> |
| <primary sortas="b-rsh">rsh</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rshd"> |
| <term><command>rshd</command></term> |
| <listitem><para>is a kerberized rsh server.</para> |
| <indexterm zone="heimdal rshd"> |
| <primary sortas="b-rshd">rshd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rxtelnet"> |
| <term><command>rxtelnet</command></term> |
| <listitem><para>starts a secure <command>xterm</command> window with a |
| <command>telnet</command> to a given host and forwards |
| <application>X</application> connections.</para> |
| <indexterm zone="heimdal rxtelnet"> |
| <primary sortas="b-rxtelnet">rxtelnet</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rxterm"> |
| <term><command>rxterm</command></term> |
| <listitem><para>starts a secure remote <command>xterm</command>.</para> |
| <indexterm zone="heimdal rxterm"> |
| <primary sortas="b-rxterm">rxterm</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="string2key"> |
| <term><command>string2key</command></term> |
| <listitem><para>maps a password into a key.</para> |
| <indexterm zone="heimdal string2key"> |
| <primary sortas="b-string2key">string2key</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="su"> |
| <term><command>su</command></term> |
| <listitem><para>is a kerberized su client program.</para> |
| <indexterm zone="heimdal su"> |
| <primary sortas="b-su">su</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="telnet"> |
| <term><command>telnet</command></term> |
| <listitem><para>is a kerberized telnet client program.</para> |
| <indexterm zone="heimdal telnet"> |
| <primary sortas="b-telnet">telnet</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="telnetd"> |
| <term><command>telnetd</command></term> |
| <listitem><para>is a kerberized telnet server.</para> |
| <indexterm zone="heimdal telnetd"> |
| <primary sortas="b-telnetd">telnetd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="tenletxr"> |
| <term><command>tenletxr</command></term> |
| <listitem><para>forwards <application>X</application> connections |
| backwards.</para> |
| <indexterm zone="heimdal tenletxr"> |
| <primary sortas="b-tenletxr">tenletxr</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="verify_krb5_conf"> |
| <term><command>verify_krb5_conf</command></term> |
| <listitem><para>checks <filename>krb5.conf</filename> file for obvious |
| errors.</para> |
| <indexterm zone="heimdal verify_krb5_conf"> |
| <primary sortas="b-verify_krb5_conf">verify_krb5_conf</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="xnlock"> |
| <term><command>xnlock</command></term> |
| <listitem><para>is a program that acts as a secure screen saver for |
| workstations running <application>X</application>.</para> |
| <indexterm zone="heimdal xnlock"> |
| <primary sortas="b-xnlock">xnlock</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libasn1"> |
| <term><filename class='libraryfile'>libasn1.[so,a]</filename></term> |
| <listitem><para>provides the ASN.1 and DER functions to encode and decode |
| the Kerberos TGTs.</para> |
| <indexterm zone="heimdal libasn1"> |
| <primary sortas="c-libasn1">libasn1.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libeditline"> |
| <term><filename class='libraryfile'>libeditline.a</filename></term> |
| <listitem><para>is a command-line editing library with history.</para> |
| <indexterm zone="heimdal libeditline"> |
| <primary sortas="c-libeditline">libeditline.a</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libgssapi"> |
| <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term> |
| <listitem><para>contain the Generic Security Service Application Programming |
| Interface (<acronym>GSSAPI</acronym>) functions which provides security |
| services to callers in a generic fashion, supportable with a range of |
| underlying mechanisms and technologies and hence allowing source-level |
| portability of applications to different environments.</para> |
| <indexterm zone="heimdal libgssapi"> |
| <primary sortas="c-libgssapi">libgssapi.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libhdb"> |
| <term><filename class='libraryfile'>libhdb.[so,a]</filename></term> |
| <listitem><para>is a <application>Heimdal</application> Kerberos 5 |
| authentication/authorization database access library.</para> |
| <indexterm zone="heimdal libhdb"> |
| <primary sortas="c-libhdb">libhdb.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkadm5clnt"> |
| <term><filename class='libraryfile'>libkadm5clnt.[so,a]</filename></term> |
| <listitem><para>contains the administrative authentication and password |
| checking functions required by Kerberos 5 client-side programs.</para> |
| <indexterm zone="heimdal libkadm5clnt"> |
| <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkadm5srv"> |
| <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term> |
| <listitem><para>contain the administrative authentication and password |
| checking functions required by Kerberos 5 servers.</para> |
| <indexterm zone="heimdal libkadm5srv"> |
| <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkafs"> |
| <term><filename class='libraryfile'>libkafs.[so,a]</filename></term> |
| <listitem><para>contains the functions required to authenticated to AFS.</para> |
| <indexterm zone="heimdal libkafs"> |
| <primary sortas="c-libkafs">libkafs.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkrb5"> |
| <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term> |
| <listitem><para>is an all-purpose Kerberos 5 library.</para> |
| <indexterm zone="heimdal libkrb5"> |
| <primary sortas="c-libkrb5">libkrb5.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libotp"> |
| <term><filename class='libraryfile'>libotp.[so,a]</filename></term> |
| <listitem><para>contains the functions required to handle authenticating |
| one time passwords.</para> |
| <indexterm zone="heimdal libotp"> |
| <primary sortas="c-libotp">libotp.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libroken"> |
| <term><filename class='libraryfile'>libroken.[so,a]</filename></term> |
| <listitem><para>is a library containing Kerberos 5 compatibility |
| functions.</para> |
| <indexterm zone="heimdal libroken"> |
| <primary sortas="c-libroken">libroken.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/firewalling.xml |
|---|
| 1,17 → 1,535 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-security-fw-firewall" xreflabel="Firewalling"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| ]> |
| <sect1 id="fw-firewall" xreflabel="Firewalling"> |
| <sect1info> |
| <othername>$LastChangedBy: bdubbs $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="firewall.html"?> |
| <title>Mettre en place un pare-feu réseau</title> |
| <title>Setting up a network firewall</title> |
| <para>Avant de lire cette partie du chapitre, notez que nous assumons que |
| vous avez déjà installé iptables comme décrit dans la section précédente.</para> |
| <para>Before you read this part of the chapter, you should |
| have already installed iptables as described in the previous section.</para> |
| &postlfs-security-fw-intro; |
| &postlfs-security-fw-disclaimer; |
| &postlfs-security-fw-kernel; |
| &postlfs-security-fw-writing; |
| &postlfs-security-fw-finale; |
| &postlfs-security-fw-extrainfo; |
| <sect2 id="fw-intro" xreflabel="Firewalling Introduction"> |
| <title>Introduction to Firewall Creation</title> |
| <para>The general purpose of a firewall is to protect a computer or a network |
| against malicious access.</para> |
| <para>In a perfect world, every daemon or service |
| on every machine is perfectly configured and immune to flaws such as |
| buffer overflows or other problems regarding its |
| security. Furthermore, you trust every user accessing your services. |
| In this world, you do not need to have a firewall.</para> |
| <para>In the real world however, daemons may be misconfigured |
| and exploits against essential services are freely available. You |
| may wish to choose which services are accessible by certain machines or |
| you may wish to limit which machines or applications are allowed external |
| access. Alternatively, you may simply not trust some of your |
| applications or users. You are probably connected to the Internet. In this |
| world, a firewall is essential.</para> |
| <para>Don't assume however, that having a firewall makes careful configuration |
| redundant, or that it makes any negligent misconfiguration harmless. It doesn't |
| prevent anyone from exploiting a service you intentionally offer but haven't |
| recently updated or patched after an exploit went public. Despite having a |
| firewall, you need to keep applications and daemons on your system properly |
| configured and up to date. A firewall is not a cure all, but should be an |
| essential part of your overall security startegy.</para> |
| </sect2> |
| <sect2> |
| <title>Meaning of the word "firewall"</title> |
| <para>The word firewall can have several different meanings.</para> |
| <sect3><title><xref linkend="fw-persFw"/></title> |
| <para>This is a hardware device or software program commercially sold by |
| companies such as Symantec which claims that it |
| secures a home or desktop computer with Internet access. This type of firewall is |
| highly relevant for users who do not know how their computers |
| might be accessed via the Internet or how to disable that access, |
| especially if they are always online and connected via |
| broadband links.</para></sect3> |
| <sect3> |
| <title><xref linkend="fw-masqRouter"/></title> |
| <para>This is a system placed between the Internet and an intranet. To minimize |
| the risk of compromising the firewall itself, it should generally have only one |
| role—that of protecting the intranet. Although not completely risk free, |
| the tasks of doing the routing and IP masquerading (rewriting IP headers of |
| the packets it routes from clients with private IP addresses onto the Internet |
| so that they seem to come from the firewall itself) are commonly considered |
| relatively secure.</para> |
| </sect3> |
| <sect3> |
| <title><xref linkend="fw-busybox"/></title> |
| <para>This is often an old computer you may have retired and nearly forgotten, |
| performing masquerading or routing functions, but offering non-firewall |
| services such as a web-cache or mail. This may be used for home |
| networks, but is not be considered as secure as a firewall only |
| machine because the combination of server and router/firewall on one machine |
| raises the complexity of the setup.</para> |
| </sect3> |
| <sect3> |
| <title>Firewall with a demilitarized zone [not further described here]</title> |
| <para>This box performs masquerading or routing, but grants public access to |
| some branch of your network which, because of public IP's and a physically |
| separated structure, is essentially a separate network with direct Internet access. |
| The servers on this network are those which must be easily accessible |
| from both the Internet and intranet. The firewall protects |
| both networks. This type of firewall has a minimum of three network interfaces.</para> |
| </sect3> |
| <sect3> |
| <title>Packetfilter</title> |
| <para>This type of firewall does routing or masquerading, but does not maintain |
| a state table of ongoing communication streams. It is fast, but quite limited |
| in its ability to block inappropriate packets without blocking desired |
| packets.</para> |
| </sect3> |
| </sect2> |
| <sect2 id="fw-writing" xreflabel="writing the firewalling-setup-scripts"> |
| <title>Now you can start to build your Firewall</title> |
| <caution><para>This introduction on how to setup a firewall |
| is not a complete guide to securing systems. Firewalling is a complex issue |
| that requires careful configuration. The scripts quoted here are simply |
| intended to give examples of how a firewall works. They are not intended to |
| fit into any particular configuration and may not provide complete protection |
| from an attack.</para> |
| <para>Customization of these scripts for your specific situation will |
| be necessary for an optimal configuration, but you should make a serious |
| study of the iptables documentation and creating firewalls in general before |
| hacking away. Have a look at the list of |
| <xref linkend="fw-library"/> at the end of this section for |
| more details. There you will find a list of URLs that contain quite |
| comprehensive information about building your own firewall.</para> |
| </caution> |
| <para>The firewall configuration script installed in the last section differs |
| from the standard configuration script. It only has two of the standard |
| targets: start and status. The other targets are clear and lock. For instance when you |
| run: |
| <screen><userinput><command>/etc/rc.d/init.d/iptables start</command></userinput></screen> |
| the firewall will be restarted just as it is upon system startup. The status target |
| will present a list of all currently implemented rules. The clear target turns off all |
| firewall rules and the lock target will block all packets in and out of the computer |
| with the exception of the loopback interface.</para> |
| <para>The main startup firewall is located in the file |
| <filename>/etc/rc.d/rc.iptables</filename>. The sections below provide three different |
| approaches that can be used for a system.</para> |
| <note><para>You should always run your firewall rules from a script. This ensures |
| consistency and a record of what was done. It also allows retention of comments |
| that are essential for understanding the rules long after they were written. |
| </para></note> |
| <sect3 id="fw-persFw" xreflabel="Personal Firewall"> |
| <title>Personal Firewall</title> |
| <para>A Personal Firewall is designed to let you access all the services |
| offered on the Internet, but keep your box secure and your data private.</para> |
| <para>Below is a slightly modified version of Rusty Russell's recommendation |
| from the |
| <ulink url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html"> |
| Linux 2.4 Packet Filtering HOWTO</ulink>. It is still applicable to the Linux 2.6 kernels.</para> |
| <screen><userinput><command>cat > /etc/rc.d/rc.iptables << "EOF"</command> |
| #!/bin/sh |
| # Begin $rc_base/rc.iptables |
| # Insert connection-tracking modules |
| # (not needed if built into the kernel) |
| modprobe ip_tables |
| modprobe iptable_filter |
| modprobe ip_conntrack |
| modprobe ip_conntrack_ftp |
| modprobe ipt_state |
| modprobe ipt_LOG |
| # Enable broadcast echo Protection |
| echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts |
| # Disable Source Routed Packets |
| echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route |
| # Enable TCP SYN Cookie Protection |
| echo 1 > /proc/sys/net/ipv4/tcp_syncookies |
| # Disable ICMP Redirect Acceptance |
| echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects |
| # Don¹t send Redirect Messages |
| echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects |
| # Drop Spoofed Packets coming in on an interface, where responses |
| # would result in the reply going out a different interface. |
| echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter |
| # Log packets with impossible addresses. |
| echo 1 > /proc/sys/net/ipv4/conf/all/log_martians |
| # be verbose on dynamic ip-addresses (not needed in case of static IP) |
| echo 2 > /proc/sys/net/ipv4/ip_dynaddr |
| # disable Explicit Congestion Notification |
| # too many routers are still ignorant |
| echo 0 > /proc/sys/net/ipv4/tcp_ecn |
| # Set a known state |
| iptables -P INPUT DROP |
| iptables -P FORWARD DROP |
| iptables -P OUTPUT DROP |
| # These lines are here in case rules are already in place and the |
| # script is ever rerun on the fly. We want to remove all rules and |
| # pre-exisiting user defined chains before we implement new rules. |
| iptables -F |
| iptables -X |
| iptables -Z |
| iptables -t nat -F |
| # Allow local-only connections |
| iptables -A INPUT -i lo -j ACCEPT |
| # Free output on any interface to any ip for any service |
| # (equal to -P ACCEPT) |
| iptables -A OUTPUT -j ACCEPT |
| # Permit answers on already established connections |
| # and permit new connections related to established ones |
| # (e.g. port mode ftp) |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
| # Log everything else. What's Windows' latest exploitable vulnerability? |
| iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " |
| # End $rc_base/rc.iptables |
| <command>EOF</command></userinput></screen> |
| <para>This script is quite simple, it drops all traffic coming in into your |
| computer that wasn't initiated from your box, but as long as you are simply |
| surfing the Internet you are unlikely to exceed its limits.</para> |
| <para>If you frequently encounter certain delays at accessing ftp-servers, |
| take a look at <xref linkend="fw-BB-4"/>.</para> |
| <para>Even if you have daemons or services running on your system, these |
| will be inaccessible everywhere but from your computer itself. |
| If you want to allow access to services on your machine, such as ssh or |
| ping, take a look at <xref linkend="fw-busybox"/>.</para> |
| </sect3> |
| <sect3 id="fw-masqRouter" xreflabel="Masquerading Router"> |
| <title>Masquerading Router</title> |
| <para>A true Firewall has two interfaces, one connected to an intranet, in this |
| example <emphasis role="strong">eth0</emphasis>, and one connected to the |
| Internet, here <emphasis role="strong">ppp0</emphasis>. To provide the |
| maximum security for the firewall itself, make sure that there |
| are no unnecessary servers running on it such as <application>X11</application> et |
| al. As a general principle, the firewall itself should not access any |
| untrusted service (Think of a remote server giving answers that makes a daemon on |
| your system |
| crash, or, even worse, that implements a worm via a buffer-overflow).</para> |
| <screen><userinput><command>cat > /etc/rc.d/rc.iptables << "EOF"</command> |
| #!/bin/sh |
| # Begin $rc_base/rc.iptables |
| echo |
| echo "You're using the example configuration for a setup of a firewall" |
| echo "from Beyond Linux From Scratch." |
| echo "This example is far from being complete, it is only meant" |
| echo "to be a reference." |
| echo "Firewall security is a complex issue, that exceeds the scope" |
| echo "of the configuration rules below." |
| echo "You can find additional information" |
| echo "about firewalls in Chapter 4 of the BLFS book." |
| echo "http://www.linuxfromscratch.org/blfs" |
| echo |
| # Insert iptables modules (not needed if built into the kernel). |
| modprobe ip_tables |
| modprobe iptable_filter |
| modprobe ip_conntrack |
| modprobe ip_conntrack_ftp |
| modprobe ipt_state |
| modprobe iptable_nat |
| modprobe ip_nat_ftp |
| modprobe ipt_MASQUERADE |
| modprobe ipt_LOG |
| modprobe ipt_REJECT |
| # Enable broadcast echo Protection |
| echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts |
| # Disable Source Routed Packets |
| echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route |
| # Enable TCP SYN Cookie Protection |
| echo 1 > /proc/sys/net/ipv4/tcp_syncookies |
| # Disable ICMP Redirect Acceptance |
| echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects |
| # Don¹t send Redirect Messages |
| echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects |
| # Drop Spoofed Packets coming in on an interface where responses |
| # would result in the reply going out a different interface. |
| echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter |
| # Log packets with impossible addresses. |
| echo 1 > /proc/sys/net/ipv4/conf/all/log_martians |
| # Be verbose on dynamic ip-addresses (not needed in case of static IP) |
| echo 2 > /proc/sys/net/ipv4/ip_dynaddr |
| # Disable Explicit Congestion Notification |
| # Too many routers are still ignorant |
| echo 0 > /proc/sys/net/ipv4/tcp_ecn |
| # Set a known state |
| iptables -P INPUT DROP |
| iptables -P FORWARD DROP |
| iptables -P OUTPUT DROP |
| # These lines are here in case rules are already in place and the |
| # script is ever rerun on the fly. We want to remove all rules and |
| # pre-exisiting user defined chains before we implement new rules. |
| iptables -F |
| iptables -X |
| iptables -Z |
| iptables -t nat -F |
| # Allow local connections |
| iptables -A INPUT -i lo -j ACCEPT |
| iptables -A OUTPUT -o lo -j ACCEPT |
| # Allow forwarding if the initiated on the intranet |
| iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
| iptables -A FORWARD -i ! ppp+ -m state --state NEW -j ACCEPT |
| # Do masquerading |
| # (not needed if intranet is not using private ip-addresses) |
| iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE |
| # Log everything for debugging |
| # (last of all rules, but before policy rules) |
| iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " |
| iptables -A FORWARD -j LOG --log-prefix "FIREWALL:FORWARD" |
| iptables -A OUTPUT -j LOG --log-prefix "FIREWALL:OUTPUT " |
| # Enable IP Forwarding |
| echo 1 > /proc/sys/net/ipv4/ip_forward |
| <command>EOF</command></userinput></screen> |
| <para>With this script your intranet should be reasonably secure against |
| external attacks. No one should be able to setup a new connection to any |
| internal service and, if it's masqueraded, makes your intranet invisible to the |
| Internet. Furthermore, your firewall should be relatively safe because there |
| are no services running that a cracker could attack.</para> |
| <note><para>If the interface you're connecting to the Internet doesn't connect |
| via ppp, you will need to change <replaceable>ppp+</replaceable> to the name of |
| the interface, e.g. <emphasis role="strong">eth1</emphasis>, which you are using. |
| </para></note> |
| </sect3> |
| <sect3 id="fw-busybox" xreflabel="BusyBox"> |
| <title>BusyBox</title> |
| <para>This scenario isn't too different from the <xref linkend="fw-masqRouter"/>, |
| but additionally offers some services to your intranet. |
| Examples of this can be when you want to administer your firewall from another host |
| on your intranet or use it as a proxy or a name server.</para> |
| <note><para>Outlining a true concept of how to protect a server that offers |
| services on the Internet goes far beyond the scope of this document. See the references |
| at the end of this section for more information.</para></note> |
| <para>Be cautious. Every service you have enabled makes your |
| setup more complex and your firewall less secure. You are exposed to the risks of |
| misconfigured services or running a service with an exploitable bug. A |
| firewall should generally not run any extra services. See the introduction to |
| the <xref linkend="fw-masqRouter"/> for some more details.</para> |
| <para>If you want to add services such as internal samba or name servers that do not |
| need to access the Internet themselves, the additional statements are quite |
| simple and should still be acceptable from a security standpoint. |
| Just add the following lines |
| into the script <emphasis>before</emphasis> the logging rules.</para> |
| <screen>iptables -A INPUT -i ! ppp+ -j ACCEPT |
| iptables -A OUTPUT -o ! ppp+ -j ACCEPT</screen> |
| <para>If daemons, such as squid, have to access the Internet themselves, |
| you could open OUTPUT generally and restrict INPUT.</para> |
| <screen>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
| iptables -A OUTPUT -j ACCEPT</screen> |
| <para>However, it is generally not advisable to leave OUTPUT unrestricted. You |
| lose any control over trojans who would like to "call home", and a bit of |
| redundancy in case you've (mis-)configured a service so that it broadcasts |
| its existence to the world.</para> |
| <para>To accomplish this, you should restrict INPUT and OUTPUT |
| on all ports except those that it's absolutely necessary to have open. |
| Which ports you have to open depends on your needs: mostly you will find them |
| by looking for failed accesses in your log files.</para> |
| <itemizedlist spacing="compact" role='iptables'> |
| <title>Have a look at the following examples:</title> |
| <listitem><para>Squid is caching the web:</para> |
| <screen>iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT |
| iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED \ |
| -j ACCEPT</screen> |
| </listitem> |
| <listitem><para>Your caching name server (e.g., named) does its |
| lookups via udp:</para> |
| <screen>iptables -A OUTPUT -p udp --dport 53 -j ACCEPT</screen> |
| </listitem> |
| <listitem><para>You want to be able to ping your box to |
| ensure it's still alive:</para> |
| <screen>iptables -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT |
| iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT</screen> |
| </listitem> |
| <listitem><para><anchor id='fw-BB-4' xreflabel="BusyBox example number 4"/>If you are |
| frequently accessing ftp servers or enjoy chatting, you might notice certain |
| delays because some implementations of these daemons have the feature of |
| querying an identd on your system to obtain usernames. Although there's really |
| little harm in this, having an identd running is not recommended because many |
| security experts feel the service gives out too much additional information.</para> |
| <para>To avoid these delays you could reject the requests |
| with a 'tcp-reset':</para> |
| <screen>iptables -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset</screen> |
| </listitem> |
| <listitem><para>To log and drop invalid packets (packets |
| that came in after netfilter's timeout or some types of network scans):</para> |
| <screen>iptables -I INPUT -p tcp -m state --state INVALID \ |
| -j LOG --log-prefix "FIREWALL:INVALID" |
| iptables -I INPUT -p tcp -m state --state INVALID -j DROP</screen></listitem> |
| <listitem><para>Anything coming from the outside should not have a |
| private address, this is a common attack called IP-spoofing: |
| <screen>iptables -A INPUT -i ppp+ -s 10.0.0.0/8 -j DROP |
| iptables -A INPUT -i ppp+ -s 172.16.0.0/12 -j DROP |
| iptables -A INPUT -i ppp+ -s 192.168.0.0/16 -j DROP</screen> |
| There are other addresses that you may also want to drop: 0.0.0.0/8, |
| 127.0.0.0/8, 224.0.0.0/3 (multicast and experimental), 169.254.0.0/16 (Link |
| Local Networks), and 192.0.2.0/24 (IANA defined test network).</para> |
| </listitem> |
| <listitem><para>If your firewall is a DHCP client, you need to allow |
| those packets:</para> |
| <screen>iptables -A INPUT -i ppp0 -p udp -s 0.0.0.0 --sport 67 \ |
| -d 255.255.255.255 --dport 68 -j ACCEPT</screen> |
| </listitem> |
| <listitem><para>To simplify debugging and be fair to anyone who'd like to |
| access a service you have disabled, purposely or by mistake, you could REJECT |
| those packets that are dropped.</para> |
| <para>Obviously this must be done directly after logging as the very |
| last lines before the packets are dropped by policy:</para> |
| <screen>iptables -A INPUT -j REJECT</screen> |
| </listitem> |
| </itemizedlist> |
| <para>These are only examples to show you some of the capabilities of the |
| firewall code in Linux. Have a look at the man page of iptables. |
| There you will find much more information. The port numbers needed for this can be |
| found in <filename>/etc/services</filename>, in case you didn't find them by |
| trial and error in your log file.</para> |
| </sect3> |
| </sect2> |
| <sect2 id="fw-finale" xreflabel="Conclusion"> |
| <title>Conclusion</title> |
| <para>Finally, there is one fact you must not forget: The effort spent |
| attacking a system corresponds to the value the cracker expects to gain from |
| it. If you are responsible for valuable information, you need to spend the |
| time to protect it properly.</para> |
| </sect2> |
| <sect2 id="postlfs-security-fw-extra" xreflabel="Extra Information"> |
| <title>Extra Information</title> |
| <sect3 id="fw-library" xreflabel="Links for further reading"> |
| <title>Where to start with further reading on firewalls.</title> |
| <para><blockquote><literallayout> |
| <ulink url="http://www.netfilter.org/">www.netfilter.org - Homepage of the netfilter/iptables project</ulink> |
| <ulink url="http://www.netfilter.org/documentation/FAQ/netfilter-faq.html">Netfilter related FAQ</ulink> |
| <ulink url="http://www.netfilter.org/documentation/index.html#HOWTO">Netfilter related HOWTO's</ulink> |
| <ulink url="http://en.tldp.org/LDP/nag2/x-087-2-firewall.html">en.tldp.org/LDP/nag2/x-087-2-firewall.html</ulink> |
| <ulink url="http://en.tldp.org/HOWTO/Security-HOWTO.html">en.tldp.org/HOWTO/Security-HOWTO.html</ulink> |
| <ulink url="http://en.tldp.org/HOWTO/Firewall-HOWTO.html">en.tldp.org/HOWTO/Firewall-HOWTO.html</ulink> |
| <ulink url="http://www-106.ibm.com/developerworks/security/library/s-fire.html">www.ibm.com/developerworks/security/library/s-fire.html</ulink> |
| <ulink url="http://www-106.ibm.com/developerworks/security/library/s-fire2.html">www.ibm.com/developerworks/security/library/s-fire2.html</ulink> |
| <ulink url="http://www.interhack.net/pubs/fw-faq/">www.interhack.net/pubs/fw-faq/</ulink> |
| <ulink url="http://www.linuxsecurity.com/docs/">www.linuxsecurity.com/docs/</ulink> |
| <ulink url="http://www.little-idiot.de/firewall">www.little-idiot.de/firewall (German & outdated, but very comprehensive)</ulink> |
| <ulink url="http://www.linuxgazette.com/issue65/stumpel.html">www.linuxgazette.com/issue65/stumpel.html</ulink> |
| <ulink url="http://linux.oreillynet.com/pub/a/linux/2000/03/10/netadmin/ddos.html">linux.oreillynet.com/pub/a/linux/2000/03/10/netadmin/ddos.html</ulink> |
| <ulink url="http://staff.washington.edu/dittrich/misc/ddos">staff.washington.edu/dittrich/misc/ddos</ulink> |
| <ulink url="http://www.e-infomax.com/ipmasq">www.e-infomax.com/ipmasq</ulink> |
| <ulink url="http://www.circlemud.org/~jelson/writings/security/index.htm">www.circlemud.org/~jelson/writings/security/index.htm</ulink> |
| <ulink url="http://www.securityfocus.com">www.securityfocus.com</ulink> |
| <ulink url="http://www.cert.org/tech_tips/">www.cert.org - tech_tips</ulink> |
| <ulink url="http://security.ittoolbox.com/">security.ittoolbox.com</ulink> |
| <ulink url="http://www.linux-firewall-tools.com/linux/">www.linux-firewall-tools.com/linux/</ulink> |
| <ulink url="http://logi.cc/linux/athome-firewall.php3">logi.cc/linux/athome-firewall.php3</ulink> |
| <ulink url="http://www.insecure.org/reading.html">www.insecure.org/reading.html</ulink> |
| <ulink url="http://www.robertgraham.com/pubs/firewall-seen.html">www.robertgraham.com/pubs/firewall-seen.html</ulink> |
| </literallayout></blockquote></para> |
| </sect3> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/shadow.xml |
|---|
| 1,28 → 1,299 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="shadow"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY shadow-download-http " "> |
| <!ENTITY shadow-download-ftp "ftp://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2"> |
| <!ENTITY shadow-md5sum "3a3d17d3d7c630b602baf66ae7434c61"> |
| <!ENTITY shadow-size "814 KB"> |
| <!ENTITY shadow-buildsize "14.1 MB"> |
| <!ENTITY shadow-time "0.42 SBU"> |
| ]> |
| <sect1 id="shadow" xreflabel="Shadow-&shadow-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: randy $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="shadow.html"?> |
| <title>shadow-&shadow-version;</title> |
| <title>Shadow-&shadow-version;</title> |
| <indexterm zone="shadow"> |
| <primary sortas="a-Shadow">Shadow</primary></indexterm> |
| <!-- |
| <para>Fichier de configuration pour Shadow</para> |
| <sect2> |
| <title>Configuring shadow</title> |
| <para>Shadow's Configuration File</para> |
| <para><userinput>/etc/login.defs</userinput></para> |
| <para>Activer les mots de passe MD5</para> |
| <para>Enabling <acronym>MD</acronym>5 Passwords</para> |
| <para>Pour activer les mots de passe MD5, modifiez la ligne du fichier |
| login.defs indiquant: |
| <screen><userinput>#MD5_CRYPT_ENABLE no</userinput></screen> |
| par |
| <screen><userinput>MD5_CRYPT_ENABLE yes</userinput></screen></para> |
| <para>Les mots de passe créés après cette modification seront cryptés en |
| utilisant MD5 au lieu du cryptage DES.</para> |
| <para>To enable <acronym>MD</acronym>5 Passwords, modify the line in the |
| <filename>login.defs</filename> file that reads: |
| <screen><userinput>#MD5_CRYPT_ENAB no</userinput></screen> |
| to read: |
| <screen><userinput>MD5_CRYPT_ENAB yes</userinput></screen> |
| Passwords created after this change will be encrypted using |
| <acronym>MD</acronym>5 (Message-Digest Algorithm) instead of using |
| <acronym>DES</acronym> encryption. |
| </para> |
| </sect2> |
| --> |
| &shadow-intro; |
| &shadow-inst; |
| &shadow-exp; |
| &shadow-config; |
| <sect2> |
| <title>Introduction to <application>Shadow</application></title> |
| <para>Shadow was indeed installed in <acronym>LFS</acronym> and there is |
| no reason to reinstall it unless you installed |
| <application>Linux-<acronym>PAM</acronym></application>. If you did, |
| this will allow programs like <command>login</command> and |
| <command>su</command> to utilize |
| <acronym>PAM</acronym>.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing="compact"> |
| <listitem><para>Download (HTTP): |
| <ulink url="&shadow-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): |
| <ulink url="&shadow-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: |
| &shadow-md5sum;</para></listitem> |
| <listitem><para>Download size: |
| &shadow-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &shadow-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &shadow-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional downloads</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Patch to fix linking against PAM: |
| <ulink url="&patch-root;/shadow-&shadow-version;-pam-1.patch"/></para> |
| </listitem> |
| </itemizedlist> |
| </sect3> |
| <sect3><title><application>Shadow</application> dependencies</title> |
| <sect4><title>Required</title> |
| <para><xref linkend="Linux_PAM"/></para></sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>Shadow</application></title> |
| <para>Reinstall <application>Shadow</application> by running the following |
| commands:</para> |
| <screen><userinput><command>patch -Np1 -i ../shadow-&shadow-version;-pam-1.patch && |
| LIBS="-lpam -lpam_misc" ./configure --libdir=/usr/lib \ |
| --enable-shared --with-libpam --without-libcrack && |
| echo '#define HAVE_SETLOCALE 1' >> config.h && |
| sed -i '/extern char/d' libmisc/xmalloc.c && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| mv /bin/sg /usr/bin && |
| mv /bin/vigr /usr/sbin && |
| mv /usr/bin/passwd /bin && |
| rm /bin/groups && |
| mv /usr/lib/lib{misc,shadow}.so.0* /lib && |
| ln -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so && |
| ln -sf ../../lib/libmisc.so.0 /usr/lib/libmisc.so</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><parameter>--without-libcrack</parameter>: This switch tells |
| <application>Shadow</application> not to use |
| <filename class='libraryfile'>libcrack</filename>. This is desired as |
| <application>Linux-<acronym>PAM</acronym></application> already contains |
| <filename class='libraryfile'>libcrack</filename>.</para> |
| <para><command>sed -i '/extern char/d' libmisc/xmalloc.c</command>: This |
| fixes a compilation problem when using <application>GCC</application>-3.4.x. |
| </para> |
| </sect2> |
| <sect2> |
| <title>Configuring <application>Linux-<acronym>PAM</acronym></application> to |
| work with <application>Shadow</application></title> |
| <sect3 id="pam.d"><title>Config files</title> |
| <para><filename>/etc/pam.d/login</filename>, |
| <filename>/etc/pam.d/passwd</filename>, |
| <filename>/etc/pam.d/su</filename>, |
| <filename>/etc/pam.d/shadow</filename>, |
| <filename>/etc/pam.d/useradd</filename>, and |
| <filename>/etc/pam.d/chage</filename> – |
| alternatively, <filename>/etc/pam.conf</filename></para> |
| <indexterm zone="shadow pam.d"> |
| <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary></indexterm> |
| <indexterm zone="shadow pam.d"> |
| <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary></indexterm> |
| </sect3> |
| <sect3><title>Configuration Information</title> |
| <para>Add the following <application>Linux-<acronym>PAM</acronym></application> |
| configuration files to <filename class="directory">/etc/pam.d/</filename> (or |
| add them to <filename>/etc/pam.conf</filename> with the additional field for |
| the program).</para> |
| <screen><userinput><command>cat > /etc/pam.d/login << "EOF"</command> |
| # Begin /etc/pam.d/login |
| auth requisite pam_securetty.so |
| auth requisite pam_nologin.so |
| auth required pam_env.so |
| auth required pam_unix.so |
| account required pam_access.so |
| account required pam_unix.so |
| session required pam_motd.so |
| session required pam_limits.so |
| session optional pam_mail.so dir=/var/mail standard |
| session optional pam_lastlog.so |
| session required pam_unix.so |
| # End /etc/pam.d/login |
| <command>EOF |
| cat > /etc/pam.d/passwd << "EOF"</command> |
| # Begin /etc/pam.d/passwd |
| password required pam_unix.so md5 shadow |
| # End /etc/pam.d/passwd |
| <command>EOF |
| cat > /etc/pam.d/shadow << "EOF"</command> |
| # Begin /etc/pam.d/shadow |
| auth sufficient pam_rootok.so |
| auth required pam_unix.so |
| account required pam_unix.so |
| session required pam_unix.so |
| password required pam_permit.so |
| # End /etc/pam.d/shadow |
| <command>EOF |
| cat > /etc/pam.d/su << "EOF"</command> |
| # Begin /etc/pam.d/su |
| auth sufficient pam_rootok.so |
| auth required pam_unix.so |
| account required pam_unix.so |
| session required pam_unix.so |
| # End /etc/pam.d/su |
| <command>EOF |
| cat > /etc/pam.d/useradd << "EOF"</command> |
| # Begin /etc/pam.d/useradd |
| auth sufficient pam_rootok.so |
| auth required pam_unix.so |
| account required pam_unix.so |
| session required pam_unix.so |
| password required pam_permit.so |
| # End /etc/pam.d/useradd |
| <command>EOF |
| cat > /etc/pam.d/chage << "EOF"</command> |
| # Begin /etc/pam.d/chage |
| auth sufficient pam_rootok.so |
| auth required pam_unix.so |
| account required pam_unix.so |
| session required pam_unix.so |
| password required pam_permit.so |
| # End /etc/pam.d/chage |
| <command>EOF</command></userinput></screen> |
| <note><para>If you've installed <application>cracklib</application>, replace |
| <filename>/etc/pam.d/passwd</filename> with the following:</para></note> |
| <screen><userinput><command>cat > /etc/pam.d/passwd << "EOF"</command> |
| # Begin /etc/pam.d/passwd |
| password required pam_cracklib.so \ |
| retry=3 difok=8 minlen=5 dcredit=3 ocredit=3 ucredit=2 lcredit=2 |
| password required pam_unix.so md5 shadow use_authtok |
| # End /etc/pam.d/passwd |
| <command>EOF</command></userinput></screen> |
| <warning><para>At this point, you should do a simple test to see if |
| <application>Shadow</application> is |
| working as expected. Open another term and login as a user, then su to |
| to root. If you do not see any errors, then all is well and you should |
| proceed with the rest of the configuration. If you did |
| receive errors, stop now and double check the above configuration files |
| manually. If you cannot find, and fix the error, you should recompile |
| shadow replacing <envar>--with-libpam</envar> with |
| <envar>--without-libpam</envar> in the above |
| instructions. If you fail to do this and the errors remain, you |
| will be unable to log into your system.</para></warning> |
| <para>Currently, <filename>/etc/pam.d/other</filename> is configured to |
| allow anyone with an account on the machine to use programs |
| that do not specifically have a configuration file of their own. After |
| testing <application>Linux-<acronym>PAM</acronym></application> for proper |
| configuration, it can be changed to the following:</para> |
| <screen><userinput><command>cat > /etc/pam.d/other << "EOF"</command> |
| # Begin /etc/pam.d/other |
| auth required pam_deny.so |
| auth required pam_warn.so |
| account required pam_deny.so |
| session required pam_deny.so |
| password required pam_deny.so |
| password required pam_warn.so |
| # End /etc/pam.d/other |
| <command>EOF</command></userinput></screen> |
| <para>Finally, edit <filename>/etc/login.defs</filename> by adding '#' |
| to the beginning of the following lines:</para> |
| <screen>LASTLOG_ENAB |
| MAIL_CHECK_ENAB |
| PORTTIME_CHECKS_ENAB |
| CONSOLE |
| MOTD_FILE |
| NOLOGINS_FILE |
| PASS_MIN_LEN |
| SU_WHEEL_ONLY |
| MD5_CRYPT_ENAB |
| CONSOLE_GROUPS |
| ENVIRON_FILE</screen> |
| <para>This stops <command>login</command> from performing these functions, as |
| they will now be performed by <acronym>PAM</acronym> modules. Additionally, |
| add a '#' to the beginning of the following lines if you've installed |
| <application>cracklib</application>:</para> |
| <screen>OBSCURE_CHECKS_ENAB |
| CRACKLIB_DICTPATH |
| PASS_CHANGE_TRIES |
| PASS_ALWAYS_WARN</screen> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <para>A list of the installed files, along with their short descriptions can |
| be found at |
| <ulink url="&lfs-root;/chapter06/shadow.html#contents-shadow"/>.</para> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/tripwire.xml |
|---|
| 1,13 → 1,248 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="tripwire" xreflabel="tripwire-&tripwire-version;"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY tripwire-download-http "http://www.frenchfries.net/paul/tripwire/tripwire-&tripwire-version;.tar.gz"> |
| <!ENTITY tripwire-download-ftp " "> |
| <!ENTITY tripwire-md5sum "02610d0593fe04d35d809ff6c5becc02"> |
| <!ENTITY tripwire-size "869 KB"> |
| <!ENTITY tripwire-buildsize "22 MB"> |
| <!ENTITY tripwire-time "2.96 SBU"> |
| ]> |
| <sect1 id="tripwire-portable" xreflabel="Tripwire-&tripwire-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="tripwire.html"?> |
| <title>tripwire-&tripwire-version;</title> |
| <title>Tripwire-&tripwire-version;</title> |
| <indexterm zone="tripwire-portable"> |
| <primary sortas="a-Tripwire">Tripwire</primary> |
| </indexterm> |
| &tripwire-intro; |
| &tripwire-inst; |
| &tripwire-exp; |
| &tripwire-config; |
| &tripwire-desc; |
| <sect2> |
| <title>Introduction to <application>Tripwire</application></title> |
| <para>The <application>Tripwire</application> package contains programs used |
| to verify the integrity of the files on a given system.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&tripwire-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&tripwire-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &tripwire-md5sum;</para></listitem> |
| <listitem><para>Download size: &tripwire-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &tripwire-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &tripwire-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title><application>Tripwire</application> dependencies</title> |
| <sect4><title>Optional</title> |
| <para><acronym>MTA</acronym> (See <xref linkend="server-mail"/>)</para> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>Tripwire</application></title> |
| <para>Compile <application>Tripwire</application> by running the following |
| commands:</para> |
| <screen><userinput><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg && |
| ./configure --prefix=/usr --sysconfdir=/etc/tripwire && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| cp policy/*.txt /usr/share/doc/tripwire</command></userinput></screen> |
| <para>The default configuration is to use a local <acronym>MTA</acronym>. If |
| you don't have an <acronym>MTA</acronym> installed and have no wish to install |
| one, modify <filename>install.cfg</filename> to use an <acronym>SMTP</acronym> |
| server instead.</para> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><command>sed -i -e 's@TWDB="${prefix}@TWDB="/var@' |
| install/install.cfg</command>: This command tells the package to install the |
| program database and reports in |
| <filename>/var/lib/tripwire</filename>.</para> |
| <para><command>make install</command>: This command creates the |
| <application>Tripwire</application> security keys as well as installing the |
| binaries. There are two keys: a site key and a local key which are stored in |
| <filename class="directory">/etc/tripwire/</filename>.</para> |
| <para><command>cp policy/*.txt /usr/share/doc/tripwire</command>: This command |
| installs the documentation.</para> |
| </sect2> |
| <sect2> |
| <title>Configuring <application>Tripwire</application></title> |
| <sect3 id="tripwire-config"><title>Config files</title> |
| <para><filename>/etc/tripwire/*</filename></para> |
| <indexterm zone="tripwire-portable tripwire-config"> |
| <primary sortas="e-etc-tripwire">/etc/tripwire/*</primary> |
| </indexterm> |
| </sect3> |
| <sect3><title>Configuration Information</title> |
| <para><application>Tripwire</application> uses a policy file to determine which |
| files are integrity checked. The default policy file |
| (<filename>/etc/tripwire/twpol.txt</filename>) is for a default |
| installation Redhat and will need to be updated for your system.</para> |
| <para>Policy files should be tailored to each individual distribution and/or |
| installation. Some custom policy files can be found below: </para> |
| <screen><ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt"/> |
| Checks integrity of all files |
| <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt"/> |
| Custom policy file for Base LFS 3.0 system |
| <ulink url="http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt"/> |
| Custom policy file for SuSE 7.2 system</screen> |
| <para>Download the custom policy file you'd like to try, copy it into |
| <filename class="directory">/etc/tripwire/</filename>, and use it instead of |
| <filename>twpol.txt</filename>. It is, however, recommended that you make |
| your own policy file. Get ideas from the examples above and read |
| <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for additional |
| information. <filename>twpol.txt</filename> is a good policy file for beginners |
| as it will note any changes to the file system and can even be used as an |
| annoying way of keeping track of changes for uninstallation of software.</para> |
| <para>After your policy file has been transferred to |
| <filename class="directory">/etc/tripwire/</filename> you may begin the |
| configuration steps:</para> |
| <screen><userinput role='root'><command>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \ |
| /etc/tripwire/twpol.txt && |
| tripwire --init</command></userinput></screen> |
| </sect3> |
| <sect3><title>Usage Information</title> |
| <para>To use <application>Tripwire</application> after creating a policy file |
| to run a report, use the following command:</para> |
| <screen><userinput role='root'><command>tripwire --check > /etc/tripwire/report.txt</command></userinput></screen> |
| <para>View the output to check the integrity of your files. An automatic |
| integrity report can be produced by using a cron facility to schedule |
| the runs.</para> |
| <para>Please note that after you run an integrity check, you must examine |
| the report (or email) and then modify the <application>Tripwire</application> |
| database to reflect the changed files on your system. This is so that |
| <application>Tripwire</application> will not continually notify you that |
| files you intentionally changed are a security violation. To do this you |
| must first <command>ls -l /var/lib/tripwire/report/</command> and note |
| the name of the newest file which starts with <filename>linux-</filename> and |
| ends in <filename>.twr</filename>. This encrypted file was created during the |
| last report creation and is needed to update the |
| <application>Tripwire</application> database of your |
| system. Then, type in the following command making the appropriate |
| substitutions for <replaceable>[?]</replaceable>:</para> |
| <screen><userinput role='root'><command>tripwire --update -twrfile \ |
| /var/lib/tripwire/report/linux-<replaceable>[???????]</replaceable>-<replaceable>[??????]</replaceable>.twr</command></userinput></screen> |
| <para>You will be placed into <application>vim</application> with a copy of |
| the report in front of you. If all the changes were good, then just type |
| <command>:x</command> and after entering your local key, the database will be |
| updated. If there are files which you still want to be warned about, remove the |
| 'x' before the filename in the report and type <command>:x</command>.</para> |
| </sect3> |
| <sect3><title>Changing the Policy File</title> |
| <para>If you are unhappy with your policy file and would like to modify it or |
| use a new one, modify the policy file and then execute the following |
| commands:</para> |
| <screen><userinput role='root'><command>twadmin --create-polfile /etc/tripwire/twpol.txt && |
| tripwire --init</command></userinput></screen> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>siggen, tripwire, twadmin and twprint.</seg> |
| <seg>None</seg> |
| <seg>/etc/tripwire, /usr/share/doc/tripwire and /var/lib/tripwire</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="siggen"> |
| <term><command>siggen</command></term> |
| <listitem><para>is a signature gathering utility that displays |
| the hash function values for the specified files.</para> |
| <indexterm zone="tripwire-portable siggen"> |
| <primary sortas="b-siggen">siggen</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id='tripwire'> |
| <term><command>tripwire</command></term> |
| <listitem><para>is the main file integrity checking program.</para> |
| <indexterm zone="tripwire-portable tripwire"> |
| <primary sortas="b-tripwire">tripwire</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id='twadmin'> |
| <term><command>twadmin</command></term> |
| <listitem><para>administrative and utility tool used to perform |
| certain administrative functions related to |
| <application>Tripwire</application> files and configuration |
| options.</para> |
| <indexterm zone="tripwire-portable twadmin"> |
| <primary sortas="b-twadmin">twadmin</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id='twprint'> |
| <term><command>twprint</command></term> |
| <listitem><para>prints <application>Tripwire</application> |
| database and report files in clear text format.</para> |
| <indexterm zone="tripwire-portable twprint"> |
| <primary sortas="b-twprint">twprint</primary> |
| </indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/security.xml |
|---|
| 1,39 → 1,47 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| ]> |
| <chapter id="postlfs-security"> |
| <?dbhtml filename="security.html"?> |
| <title>Securité</title> |
| <title>Security</title> |
| <para>La sécurité prend différentes formes en informatique. Ce chapitre donne des |
| exemples provenant de trois types différents de sécurité : accès, prévention |
| et détection.</para> |
| <para>Security takes many forms in a computing environment. This chapter |
| gives examples of three different types of security: access, prevention |
| and detection.</para> |
| <para>L'accès pour les utilisateurs est généralement géré par |
| <command>login</command> ou par une application conçue pour gérer la fonction de |
| connexion. Dans ce chapitre, nous montrons comment améliorer |
| <command>login</command> en mettant en place des politiques avec les modules |
| <application><acronym>PAM</acronym></application>. L'accès via le réseau peut |
| aussi être sécurisé par des politiques initialisées avec |
| <application>iptables</application>, ce qui est généralement appelé un pare-feu. |
| </para> |
| <para>Access for users is usually handled by <command>login</command> or an |
| application designed to handle the login function. In this chapter, we show |
| how to enhance <command>login</command> by setting policies with |
| <application><acronym>PAM</acronym></application> modules. Access via networks |
| can also be secured by policies set by <application>iptables</application>, |
| commonly referred to as a firewall. For applications that don't offer the |
| best security, you can use the <application>Stunnel</application> package to |
| wrap an application daemon inside an <acronym>SSL</acronym> tunnel.</para> |
| <para>En prévention des brèches, comme un cheval de troie, des applications comme |
| <application>GnuPG</application> vous aident, par exemple en vous donnant la |
| possibilité de confirmer des paquetages signés en reconnaissant des modifications |
| d'archives <acronym>TAR</acronym> après que le mainteneur l'ait créé.</para> |
| <para>Prevention of breaches, like a trojan, are assisted by applications like |
| <application>GnuPG</application>, specifically the ability to confirm signed |
| packages, which recognizes modifications of the <acronym>TAR</acronym> ball |
| after the packager creates it.</para> |
| <para>Enfin, nous arrivons à la détection avec un paquetage qui stocke les |
| "signatures" de fichiers critiques (définis par l'administrateur), et regénère les |
| "signatures" et les compare aux fichiers qui ont été modifiés.</para> |
| <para> Finally, we touch on detection with a package that stores "signatures" |
| of critical files (defined by the administrator) and then regenerates those |
| "signatures" and compares for files that have been changed.</para> |
| &cracklib; |
| &Linux_PAM; |
| &shadow; |
| &iptables; |
| &postlfs-security-fw; |
| &gnupg; |
| &tripwire; |
| &heimdal; |
| &mitkrb; |
| <!--&postlfs-security-syslog;--> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cracklib.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="linux_pam.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="shadow.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iptables.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="firewalling.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tripwire.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="heimdal.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mitkrb.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cyrus-sasl.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="stunnel.xml"/> |
| </chapter> |
| /trunk/blfs/postlfs/security/mitkrb.xml |
|---|
| 1,12 → 1,694 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY mitkrb-download-http "http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-&mitkrb-version;-signed.tar"> |
| <!ENTITY mitkrb-download-ftp " "> |
| <!ENTITY mitkrb-md5sum "2fa56607677544e3a27b42f7cfa1155b"> |
| <!ENTITY mitkrb-size "6.6 MB"> |
| <!ENTITY mitkrb-buildsize "55 MB"> |
| <!ENTITY mitkrb-time "2.55 SBU"> |
| ]> |
| <sect1 id="mitkrb" xreflabel="MIT krb5-&mitkrb-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="mitkrb.html"?> |
| <title>MIT krb5-&mitkrb-version;</title> |
| <title><acronym>MIT</acronym> krb5-&mitkrb-version;</title> |
| <indexterm zone="mitkrb"> |
| <primary sortas="a-Kerberos-MIT">Kerberos5(MIT)</primary></indexterm> |
| &mitkrb-intro; |
| &mitkrb-inst; |
| &mitkrb-exp; |
| &mitkrb-config; |
| &mitkrb-desc; |
| <sect2> |
| <title>Introduction to <application><acronym>MIT</acronym> |
| krb5</application></title> |
| <para> |
| <application><acronym>MIT</acronym> krb5</application> is a free |
| implementation of Kerberos 5. Kerberos is a network authentication |
| protocol. It centralizes the authentication database and uses kerberized |
| applications to work with servers or services that support Kerberos |
| allowing single logins and encrypted communication over internal |
| networks or the Internet. |
| </para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): |
| <ulink url="&mitkrb-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): |
| <ulink url="&mitkrb-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &mitkrb-md5sum;</para></listitem> |
| <listitem><para>Download size: &mitkrb-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &mitkrb-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &mitkrb-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title><application><acronym>MIT</acronym> krb5</application> |
| dependencies</title> |
| <sect4><title>Optional</title> |
| <para> |
| <xref linkend="xinetd"/> (services servers only), |
| <xref linkend="Linux_PAM"/> (for <command>xdm</command> based logins) and |
| <xref linkend="openldap"/> (alternative for <command>krb5kdc</command> |
| password database) |
| </para> |
| <note><para> |
| Some sort of time synchronization facility on your system (like |
| <xref linkend="ntp"/>) is required since Kerberos won't authenticate if there |
| is a time difference between a kerberized client and the |
| <acronym>KDC</acronym> server.</para></note> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application><acronym>MIT</acronym> |
| krb5</application></title> |
| <para> |
| <application><acronym>MIT</acronym> krb5</application> is distributed in a |
| <acronym>TAR</acronym> file containing a compressed <acronym>TAR</acronym> |
| package and a detached <acronym>PGP</acronym> |
| <filename class="extension">ASC</filename> file. |
| </para> |
| <para> |
| If you have installed <xref linkend="gnupg"/>, you can |
| authenticate the package with the following command: |
| </para> |
| <screen><userinput><command>gpg --verify krb5-&mitkrb-version;.tar.gz.asc</command></userinput></screen> |
| <para> |
| Build <application><acronym>MIT</acronym> krb5</application> by running the |
| following commands: |
| </para> |
| <screen><userinput><command>cd src && |
| ./configure --prefix=/usr --sysconfdir=/etc \ |
| --localstatedir=/var/lib --enable-dns \ |
| --enable-static --mandir=/usr/share/man && |
| make</command></userinput></screen> |
| <para> |
| Install <application><acronym>MIT</acronym> krb5</application> by |
| running the following commands as root: |
| </para> |
| <screen><userinput role='root'><command>make install && |
| mv /bin/login /bin/login.shadow && |
| cp /usr/sbin/login.krb5 /bin/login && |
| mv /usr/bin/ksu /bin && |
| mv /usr/lib/libkrb5.so.3* /lib && |
| mv /usr/lib/libkrb4.so.2* /lib && |
| mv /usr/lib/libdes425.so.3* /lib && |
| mv /usr/lib/libk5crypto.so.3* /lib && |
| mv /usr/lib/libcom_err.so.3* /lib && |
| ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so && |
| ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so && |
| ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so && |
| ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so && |
| ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so && |
| ldconfig</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para> |
| <parameter>--enable-dns</parameter>: This switch allows realms to |
| be resolved using the <acronym>DNS</acronym> server. |
| </para> |
| <para> |
| <parameter>--enable-static</parameter>: This switch builds static |
| libraries in addition to the shared libraries. |
| </para> |
| <para> |
| <screen><command>mv /bin/login /bin/login.shadow |
| cp /usr/sbin/login.krb5 /bin/login |
| mv /usr/bin/ksu /bin</command></screen> |
| Preserves <application>Shadow</application>'s <command>login</command> |
| command, moves <command>ksu</command> and <command>login</command> to |
| the <filename class="directory">/bin</filename> directory. |
| </para> |
| <para> |
| <screen><command>mv /usr/lib/libkrb5.so.3* /lib |
| mv /usr/lib/libkrb4.so.2* /lib |
| mv /usr/lib/libdes425.so.3* /lib |
| mv /usr/lib/libk5crypto.so.3* /lib |
| mv /usr/lib/libcom_err.so.3* /lib |
| ln -sf ../../lib/libkrb5.so.3 /usr/lib/libkrb5.so |
| ln -sf ../../lib/libkrb4.so.2 /usr/lib/libkrb4.so |
| ln -sf ../../lib/libdes425.so.3 /usr/lib/libdes425.so |
| ln -sf ../../lib/libk5crypto.so.3 /usr/lib/libk5crypto.so |
| ln -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so</command></screen> |
| The <command>login</command> and <command>ksu</command> programs |
| are linked against these libraries, therefore we move these libraries to |
| <filename class="directory">/lib</filename> to allow logins without mounting |
| <filename class="directory">/usr</filename>. |
| </para> |
| </sect2> |
| <sect2> |
| <title>Configuring <application><acronym>MIT</acronym> krb5</application></title> |
| <sect3 id="krb5-config"><title>Config files</title> |
| <para> |
| <filename>/etc/krb5.conf</filename> and |
| <filename>/var/lib/krb5kdc/kdc.conf</filename> |
| </para> |
| <indexterm zone="mitkrb krb5-config"> |
| <primary sortas="e-etc-krb5.conf">/etc/krb5.conf</primary></indexterm> |
| <indexterm zone="mitkrb krb5-config"> |
| <primary sortas="e-var-lib-krb5kdc-kdc.conf">/var/lib/krb5kdc/kdc.conf</primary> |
| </indexterm> |
| </sect3> |
| <sect3><title>Configuration Information</title> |
| <sect4><title>Kerberos Configuration</title> |
| <para> |
| Create the Kerberos configuration file with the following command: |
| </para> |
| <screen><userinput role='root'><command>cat > /etc/krb5.conf << "EOF"</command> |
| # Begin /etc/krb5.conf |
| [libdefaults] |
| default_realm = <replaceable>[LFS.ORG]</replaceable> |
| encrypt = true |
| [realms] |
| <replaceable>[LFS.ORG]</replaceable> = { |
| kdc = <replaceable>[belgarath.lfs.org]</replaceable> |
| admin_server = <replaceable>[belgarath.lfs.org]</replaceable> |
| } |
| [domain_realm] |
| .<replaceable>[lfs.org]</replaceable> = <replaceable>[LFS.ORG]</replaceable> |
| [logging] |
| kdc = SYSLOG[:INFO[:AUTH]] |
| admin_server = SYSLOG[INFO[:AUTH]] |
| default = SYSLOG[[:SYS]] |
| # End /etc/krb5.conf |
| <command>EOF</command></userinput></screen> |
| <para> |
| You will need to substitute your domain and proper hostname for the |
| occurances of the <replaceable>[belgarath]</replaceable> and |
| <replaceable>[lfs.org]</replaceable> names. |
| </para> |
| <para> |
| <userinput>default_realm</userinput> should be the name of your domain changed |
| to ALL CAPS. This isn't required, but both <application>Heimdal</application> |
| and <acronym>MIT</acronym> recommend it. |
| </para> |
| <para> |
| <userinput>encrypt = true</userinput> provides encryption of all traffic |
| between kerberized clients and servers. It's not necessary and can be left |
| off. If you leave it off, you can encrypt all traffic from the client to the |
| server using a switch on the client program instead. |
| </para> |
| <para> |
| The <userinput>[realms]</userinput> parameters tell the client programs where |
| to look for the <acronym>KDC</acronym> authentication services. |
| </para> |
| <para> |
| The <userinput>[domain_realm]</userinput> section maps a domain to a realm. |
| </para> |
| <para> |
| Create the <acronym>KDC</acronym> database: |
| </para> |
| <screen><userinput role='root'><command>kdb5_util create -r <replaceable>[LFS.ORG]</replaceable> -s </command></userinput></screen> |
| <para> |
| Now you should populate the database with principles (users). For now, |
| just use your regular login name or root. |
| </para> |
| <screen><userinput role='root'><command>kadmin.local</command></userinput> |
| <prompt>kadmin:</prompt><userinput><command>addprinc <replaceable>[loginname]</replaceable></command></userinput></screen> |
| <para> |
| The <acronym>KDC</acronym> server and any machine running kerberized |
| server daemons must have a host key installed: |
| </para> |
| <screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> |
| <para> |
| After choosing the defaults when prompted, you will have to export the |
| data to a keytab file: |
| </para> |
| <screen><prompt>kadmin:</prompt><userinput role='root'><command>ktadd host/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> |
| <para> |
| This should have created a file in <filename class="directory">/etc</filename> |
| named <filename>krb5.keytab</filename> (Kerberos 5). This file should have 600 |
| (root rw only) permissions. Keeping the keytab files from public access |
| is crucial to the overall security of the Kerberos installation. |
| </para> |
| <para> |
| Eventually, you'll want to add server daemon principles to the database |
| and extract them to the keytab file. You do this in the same way you |
| created the host principles. Below is an example: |
| </para> |
| <screen><prompt>kadmin:</prompt><userinput role='root'><command>addprinc -randkey ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput> |
| <prompt>kadmin:</prompt><userinput role='root'><command>ktadd ftp/<replaceable>[belgarath.lfs.org]</replaceable></command></userinput></screen> |
| <para> |
| Exit the <command>kadmin</command> program (use <command>quit</command> |
| or <command>exit</command>) and return back to the shell prompt. Start |
| the <acronym>KDC</acronym> daemon manually, just to test out the |
| installation: |
| </para> |
| <screen><userinput role='root'><command>/usr/sbin/krb5kdc &</command></userinput></screen> |
| <para> |
| Attempt to get a ticket with the following command: |
| </para> |
| <screen><userinput><command>kinit <replaceable>[loginname]</replaceable></command></userinput></screen> |
| <para> |
| You will be prompted for the password you created. After you get your |
| ticket, you can list it with the following command: |
| </para> |
| <screen><userinput><command>klist</command></userinput></screen> |
| <para> |
| Information about the ticket should be displayed on the screen. |
| </para> |
| <para> |
| To test the functionality of the keytab file, issue the following |
| command: |
| </para> |
| <screen><userinput><command>ktutil</command></userinput> |
| <prompt>ktutil:</prompt><userinput><command>rkt /etc/krb5.keytab</command></userinput> |
| <prompt>ktutil:</prompt><userinput><command>l</command></userinput></screen> |
| <para> |
| This should dump a list of the host principal, along with the encryption |
| methods used to access the principal. |
| </para> |
| <para> |
| At this point, if everything has been successful so far, you can feel |
| fairly confident in the installation and configuration of the package. |
| </para> |
| <para> |
| Install the <filename>/etc/rc.d/init.d/kerberos</filename> init script |
| included in the <xref linkend="intro-important-bootscripts"/> package. |
| </para> |
| <screen><userinput role='root'><command>make install-kerberos</command></userinput></screen> |
| </sect4> |
| <sect4><title>Using Kerberized Client Programs</title> |
| <para> |
| To use the kerberized client programs (<command>telnet</command>, |
| <command>ftp</command>, <command>rsh</command>, |
| <command>rcp</command>, <command>rlogin</command>), you first must get |
| an authentication ticket. Use the <command>kinit</command> program to |
| get the ticket. After you've acquired the ticket, you can use the |
| kerberized programs to connect to any kerberized server on the network. |
| You will not be prompted for authentication until your ticket expires |
| (default is one day), unless you specify a different user as a command |
| line argument to the program. |
| </para> |
| <para> |
| The kerberized programs will connect to non kerberized daemons, warning |
| you that authentication is not encrypted. |
| </para> |
| </sect4> |
| <sect4><title>Using Kerberized Server Programs</title> |
| <para> |
| Using kerberized server programs (<command>telnetd</command>, |
| <command>kpropd</command>, <command>klogind</command> and |
| <command>kshd</command>) requires two additional configuration steps. |
| First the <filename>/etc/services</filename> file must be updated to |
| include eklogin and krb5_prop. Second, the <filename>inetd.conf</filename> |
| or <filename>xinetd.conf</filename> must be modified for each server that will |
| be activated, usually replacing the server from <xref linkend="inetutils"/>. |
| </para> |
| </sect4> |
| <sect4><title>Additional Information</title> |
| <para> |
| For additional information consult <ulink |
| url="http://web.mit.edu/kerberos/www/krb5-1.4/#documentation">Documentation |
| for krb-&mitkrb-version;</ulink> on which the above instructions are based. |
| </para> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>compile-et, ftp, ftpd, gss-client, gss-server, k5srvutil, kadmin, |
| kadmin.local, kadmind, kadmind4, kdb5_util, kdestroy, kinit, klist, |
| klogind, kpasswd, kprop, kpropd, krb5-send-pr, krb5-config, krb524d, |
| krb524init, krb5kdc, kshd, ksu, ktutil, kvno, login.krb5, rcp, rlogin, |
| rsh, sclient, sim_client, sim_server, sserver, |
| telnet, telnetd, uuclient, uuserver, v5passwd, v5passwdd</seg> |
| <seg>libcom_err.[so,a], libdes425.[so,a], libgssapi.[so,a], libgssrpc.[so,a], |
| libkadm5clnt.[so,a], libkadm5srv.[so,a], libkdb5.[so,a], libkrb5.[so,a], |
| libkrb4.[so,a]</seg> |
| <seg>/usr/include/kerberosIV and /var/lib/krb5kdc</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="compile_et"> |
| <term><command>compile_et</command></term> |
| <listitem><para>converts the table listing |
| error-code names into a <application>C</application> source file..</para> |
| <indexterm zone="mitkrb compile_et"> |
| <primary sortas="b-compile_et">compile_et</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ftp-mitkrb"> |
| <term><command>ftp</command></term> |
| <listitem><para>is a kerberized <acronym>FTP</acronym> client.</para> |
| <indexterm zone="mitkrb ftp"> |
| <primary sortas="b-ftp">ftp</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ftpd-mitkrb"> |
| <term><command>ftpd</command></term> |
| <listitem><para>is a kerberized <acronym>FTP</acronym> daemon.</para> |
| <indexterm zone="mitkrb ftpd"> |
| <primary sortas="b-ftpd">ftpd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="k5srvutil"> |
| <term><command>k5srvutil</command></term> |
| <listitem><para>is a host keytable manipulation utility.</para> |
| <indexterm zone="mitkrb k5srvutil"> |
| <primary sortas="b-k5srvutil">k5srvutil</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kadmin-mitkrb"> |
| <term><command>kadmin</command></term> |
| <listitem><para>is an utility used to make modifications |
| to the Kerberos database.</para> |
| <indexterm zone="mitkrb kadmin-mitkrb"> |
| <primary sortas="b-kadmin">kadmin</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kadmind-mitkrb"> |
| <term><command>kadmind</command></term> |
| <listitem><para>is a server for administrative access |
| to a Kerberos database.</para> |
| <indexterm zone="mitkrb kadmind-mitkrb"> |
| <primary sortas="b-kadmind">kadmind</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kdb5_util"> |
| <term><command>kdb5_util</command></term> |
| <listitem><para>is the <acronym>KDC</acronym> database utility.</para> |
| <indexterm zone="mitkrb kdb5_util"> |
| <primary sortas="b-kdb5_util">kdb5_util</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kdestroy-mitkrb"> |
| <term><command>kdestroy</command></term> |
| <listitem><para>removes the current set of tickets.</para> |
| <indexterm zone="mitkrb kdestroy-mitkrb"> |
| <primary sortas="b-kdestroy">kdestroy</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kinit-mitkrb"> |
| <term><command>kinit</command></term> |
| <listitem><para>is used to authenticate to the Kerberos server as |
| a principal and acquire a ticket granting ticket that can later be used |
| to obtain tickets for other services.</para> |
| <indexterm zone="mitkrb kinit-mitkrb"> |
| <primary sortas="b-kinit">kinit</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="klist-mitkrb"> |
| <term><command>klist</command></term> |
| <listitem><para>reads and displays the current tickets in |
| the credential cache.</para> |
| <indexterm zone="mitkrb klist-mitkrb"> |
| <primary sortas="b-klist">klist</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="klogind"> |
| <term><command>klogind</command></term> |
| <listitem><para>is the server that responds to |
| <command>rlogin</command> requests.</para> |
| <indexterm zone="mitkrb klogind"> |
| <primary sortas="b-klogind">klogind</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kpasswd-mitkrb"> |
| <term><command>kpasswd</command></term> |
| <listitem><para>is a program for changing Kerberos 5 passwords.</para> |
| <indexterm zone="mitkrb kpasswd-mitkrb"> |
| <primary sortas="b-kpasswd">kpasswd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kprop"> |
| <term><command>kprop</command></term> |
| <listitem><para>takes a principal database in a specified |
| format and converts it into a stream of database |
| records.</para> |
| <indexterm zone="mitkrb kprop"> |
| <primary sortas="b-kprop">kprop</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kpropd"> |
| <term><command>kpropd</command></term> |
| <listitem><para>receives a database sent by |
| <command>kprop</command> and writes it as a local database.</para> |
| <indexterm zone="mitkrb kpropd"> |
| <primary sortas="b-kpropd">kpropd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="krb5-config-1"> |
| <term><command>krb5-config</command></term> |
| <listitem><para>gives information on how to link |
| programs against libraries.</para> |
| <indexterm zone="mitkrb krb5-config-prog"> |
| <primary sortas="b-krb5-config-1">krb5-config</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="krb5kdc"> |
| <term><command>krb5kdc</command></term> |
| <listitem><para>is a Kerberos 5 server.</para> |
| <indexterm zone="mitkrb krb5kdc"> |
| <primary sortas="b-krb5kdc">krb5kdc</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kshd"> |
| <term><command>kshd</command></term> |
| <listitem><para>is the server that responds to |
| <command>rsh</command> requests.</para> |
| <indexterm zone="mitkrb kshd"> |
| <primary sortas="b-kshd">kshd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ksu"> |
| <term><command>ksu</command></term> |
| <listitem><para>is the super user program using Kerberos protocol. |
| Requires a properly configured |
| <filename class="directory">/etc/shells</filename> and |
| <filename>~/.k5login</filename> containing principals authorized to |
| become super users.</para> |
| <indexterm zone="mitkrb ksu"> |
| <primary sortas="b-ksu">ksu</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="ktutil-mitkrb"> |
| <term><command>ktutil</command></term> |
| <listitem><para>is a program for managing Kerberos keytabs.</para> |
| <indexterm zone="mitkrb ktutil-mitkrb"> |
| <primary sortas="b-ktutil">ktutil</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="kvno"> |
| <term><command>kvno</command></term> |
| <listitem><para>prints keyversion numbers of Kerberos principals.</para> |
| <indexterm zone="mitkrb kvno"> |
| <primary sortas="b-kvno">kvno</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="login.krb5"> |
| <term><command>login.krb5</command></term> |
| <listitem><para>is a kerberized login program.</para> |
| <indexterm zone="mitkrb login"> |
| <primary sortas="b-login.krb5">login.krb5</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rcp-mitkrb"> |
| <term><command>rcp</command></term> |
| <listitem><para>is a kerberized rcp client program.</para> |
| <indexterm zone="mitkrb rcp"> |
| <primary sortas="b-rcp">rcp</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rlogin"> |
| <term><command>rlogin</command></term> |
| <listitem><para>is a kerberized rlogin client program.</para> |
| <indexterm zone="mitkrb rlogin"> |
| <primary sortas="b-rlogin">rlogin</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="rsh-mitkrb"> |
| <term><command>rsh</command></term> |
| <listitem><para>is a kerberized rsh client program.</para> |
| <indexterm zone="mitkrb rsh"> |
| <primary sortas="b-rsh">rsh</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="telnet-mitkrb"> |
| <term><command>telnet</command></term> |
| <listitem><para>is a kerberized telnet client program.</para> |
| <indexterm zone="mitkrb telnet"> |
| <primary sortas="b-telnet">telnet</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="telnetd-mitkrb"> |
| <term><command>telnetd</command></term> |
| <listitem><para>is a kerberized telnet server.</para> |
| <indexterm zone="mitkrb telnetd"> |
| <primary sortas="b-telnetd">telnetd</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libcom_err"> |
| <term><filename class='libraryfile'>libcom_err.[so,a]</filename></term> |
| <listitem><para>implements the Kerberos library error code.</para> |
| <indexterm zone="mitkrb libcom_err"> |
| <primary sortas="c-libcom_err">libcom_err.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libgssapi-mitkrb"> |
| <term><filename class='libraryfile'>libgssapi.[so,a]</filename></term> |
| <listitem><para>contain the Generic Security Service Application |
| Programming |
| Interface (<acronym>GSSAPI</acronym>) functions which provides security |
| services to callers in a generic fashion, supportable with a range of |
| underlying mechanisms and technologies and hence allowing source-level |
| portability of applications to different environments.</para> |
| <indexterm zone="mitkrb libgssapi"> |
| <primary sortas="c-libgssapi">libgssapi.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkadm5clnt-mitkrb"> |
| <term><filename |
| class='libraryfile'>libkadm5clnt.[so,a]</filename></term> |
| <listitem><para>contains the administrative authentication and password |
| checking functions required by Kerberos 5 client-side programs.</para> |
| <indexterm zone="mitkrb libkadm5clnt"> |
| <primary sortas="c-libkadm5clnt">libkadm5clnt.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkadm5srv-mitkrb"> |
| <term><filename class='libraryfile'>libkadm5srv.[so,a]</filename></term> |
| <listitem><para>contain the administrative authentication and password |
| checking functions required by Kerberos 5 servers.</para> |
| <indexterm zone="mitkrb libkadm5srv"> |
| <primary sortas="c-libkadm5srv">libkadm5srv.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkdb5"> |
| <term><filename class='libraryfile'>libkdb5.[so,a]</filename></term> |
| <listitem><para>is a Kerberos 5 |
| authentication/authorization database access library.</para> |
| <indexterm zone="mitkrb libkdb5"> |
| <primary sortas="c-libkdb5">libkdb5.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| <varlistentry id="libkrb5-mitkrb"> |
| <term><filename class='libraryfile'>libkrb5.[so,a]</filename></term> |
| <listitem><para>is an all-purpose Kerberos 5 library.</para> |
| <indexterm zone="mitkrb libkrb5"> |
| <primary sortas="c-libkrb5">libkrb5.[so,a]</primary> |
| </indexterm></listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/cracklib.xml |
|---|
| 1,10 → 1,155 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY cracklib-download-http "http://www.crypticide.com/users/alecm/security/cracklib,&cracklib-version;.tar.gz"> |
| <!ENTITY cracklib-download-ftp "ftp://ftp.cerias.purdue.edu/pub/tools/unix/libs/cracklib/cracklib.&cracklib-version;.tar.gz"> |
| <!ENTITY cracklib-http-md5sum "0c84ad7413d9dd3e5c2eaa5f97d53c4a"> |
| <!ENTITY cracklib-ftp-md5sum "7f810e310c7f2df33d1eaa2b41ab2435"> |
| <!ENTITY cracklib-size "21 KB"> |
| <!ENTITY cracklib-buildsize "17 MB"> |
| <!ENTITY cracklib-time "0.10 SBU"> |
| <!ENTITY crackdict-size "15.6MB"> |
| <!ENTITY alldict-size "466KB"> |
| ]> |
| <sect1 id="cracklib" xreflabel="cracklib-&cracklib-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: randy $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="cracklib.html"?> |
| <title>cracklib-&cracklib-version;</title> |
| <indexterm zone="cracklib"> |
| <primary sortas="a-Cracklib">Cracklib</primary></indexterm> |
| &cracklib-intro; |
| &cracklib-inst; |
| &cracklib-desc; |
| <sect2> |
| <title>Introduction to <application>cracklib</application></title> |
| <para>The <application>cracklib</application> package contains a library used |
| to enforce strong passwords by comparing user selected passwords to words in a |
| chosen wordlist.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&cracklib-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&cracklib-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum (HTTP): |
| &cracklib-http-md5sum;</para></listitem> |
| <listitem><para>Download MD5 sum (FTP): |
| &cracklib-ftp-md5sum;</para></listitem> |
| <listitem><para>Download size: &cracklib-size;</para></listitem> |
| <listitem><para>Estimated disk space required (with cracklib wordlist): |
| &cracklib-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &cracklib-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional downloads</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Required Patch: <ulink |
| url="&patch-root;/cracklib,&cracklib-version;-blfs-1.patch"/></para></listitem> |
| <listitem><para>Recommended Patch: <ulink |
| url="&patch-root;/cracklib,&cracklib-version;-heimdal-1.patch"/></para> |
| </listitem> |
| </itemizedlist> |
| <para>You will also need to download a wordlist for use with |
| <application>cracklib</application>. There are two wordlists to choose from at |
| the following location. Use the <filename>cracklib</filename> word list for |
| good security, or opt for the <filename>allwords</filename> word list for |
| lightweight machines short on <acronym>RAM</acronym>. You can of course choose |
| any other word list that you have at your disposal.</para> |
| <itemizedlist spacing='compact'> |
| <listitem><para>cracklib (&crackdict-size;) at <ulink |
| url="http://www.cotse.com/tools/wordlists.htm"/></para></listitem> |
| <listitem><para>allwords (&alldict-size;) at <ulink |
| url="http://www.cotse.com/tools/wordlists.htm"/></para></listitem> |
| </itemizedlist> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>cracklib</application></title> |
| <para>First, as the root user, install the chosen word list for |
| <application>cracklib</application>:</para> |
| <screen><userinput role='root'><command>install -d -m755 /usr/share/dict && |
| install -m644 ../<replaceable>[wordlist]</replaceable> /usr/share/dict && |
| ln -sf <replaceable>[wordlist]</replaceable> /usr/share/dict/words && |
| echo $(hostname) >> /usr/share/dict/extra.words</command></userinput></screen> |
| <para>The wordlist is linked to <filename>/usr/share/dict/words</filename> as |
| historically, <filename>words</filename> is the primary wordlist in the |
| <filename class="directory">/usr/share/dict</filename> directory. Additionally, |
| the value of <command>hostname</command> is echoed to a file called |
| <filename>extra.words</filename>. This extra file is intended to be a site |
| specific list which includes easy to guess passwords such as company or |
| department names, user's names, product names, computer names, domain names, |
| etc.</para> |
| <para>Now apply the <acronym>BLFS</acronym> patch:</para> |
| <screen><userinput><command>patch -Np1 -i ../cracklib,&cracklib-version;-blfs-1.patch</command></userinput></screen> |
| <para>If necessary, apply the <application>Heimdal</application> patch:</para> |
| <screen><userinput><command>cp -R cracklib cracklib_krb5 && |
| patch -Np1 -i ../cracklib,&cracklib-version;-heimdal-1.patch</command></userinput></screen> |
| <para>Finally, as the root user, install the package:</para> |
| <screen><userinput role='root'><command>make install && |
| rm /lib/libcrack.so && |
| ln -sf ../../lib/libcrack.so.2.7 /usr/lib/libcrack.so</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><command>rm /lib/libcrack.so; ln -sf ... /usr/lib/libcrack.so</command>: |
| These two commands move the <filename class='symlink'>libcrack.so</filename> |
| symlink from <filename class='directory'>/lib</filename> to |
| <filename class='directory'>/usr/lib</filename>.</para> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directory</segtitle> |
| <seglistitem> |
| <seg>create-cracklib-dict, mkdict and packer</seg> |
| <seg>libcrack.so and optionally, libcrack_krb5.so</seg> |
| <seg>/usr/share/dict</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="libcrack"> |
| <term><filename class='libraryfile'>libcrack.so</filename></term> |
| <listitem><para> libraries provide a fast dictionary lookup method for strong |
| password enforcement.</para> |
| <indexterm zone="cracklib libcrack"> |
| <primary sortas="c-libcrack">libcrack.so</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/security/linux_pam.xml |
|---|
| 1,13 → 1,223 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="Linux_PAM" xreflabel="Linux_PAM-&Linux_PAM-version;"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY Linux_PAM-download-http "http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&Linux_PAM-version;.tar.bz2"> |
| <!ENTITY Linux_PAM-download-ftp "ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&Linux_PAM-version;.tar.bz2"> |
| <!ENTITY Linux_PAM-md5sum "34938b4f2449d4d3b2ffdbf354257205"> |
| <!ENTITY Linux_PAM-size "364 KB"> |
| <!ENTITY Linux_PAM-buildsize "6.1 MB"> |
| <!ENTITY Linux_PAM-time "0.07 SBU"> |
| ]> |
| <sect1 id="Linux_PAM" xreflabel="Linux-PAM-&Linux_PAM-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: dj $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="linux_pam.html"?> |
| <title>Linux_PAM-&Linux_PAM-version;</title> |
| <title>Linux-PAM-&Linux_PAM-version;</title> |
| <indexterm zone="Linux_PAM"> |
| <primary sortas="a-PAM_linux">PAM(Linux)</primary></indexterm> |
| &Linux_PAM-intro; |
| &Linux_PAM-inst; |
| &Linux_PAM-exp; |
| &Linux_PAM-config; |
| &Linux_PAM-desc; |
| <sect2> |
| <title>Introduction to <application>Linux-<acronym>PAM</acronym></application> |
| </title> |
| <para>The <application>Linux-<acronym>PAM</acronym></application> package |
| contains Pluggable Authentication Modules. This is useful to enable the local |
| system administrator to choose how applications authenticate users.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&Linux_PAM-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&Linux_PAM-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &Linux_PAM-md5sum;</para></listitem> |
| <listitem><para>Download size: &Linux_PAM-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &Linux_PAM-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &Linux_PAM-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional download</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Required Patch: <ulink |
| url="&patch-root;/Linux-PAM-&Linux_PAM-version;-linkage-2.patch"/></para> |
| </listitem></itemizedlist> |
| </sect3> |
| <sect3><title><application>Linux-<acronym>PAM</acronym></application> |
| dependencies</title> |
| <sect4><title>Recommended</title> |
| <para><xref linkend="cracklib"/></para> |
| </sect4> |
| <sect4><title>Optional</title> |
| <para><ulink |
| url="http://sourceforge.net/projects/sgmltools-lite/">sgmltools-lite</ulink> |
| and <xref linkend="db"/> (for pam_userdb module)</para> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of |
| <application>Linux-<acronym>PAM</acronym></application></title> |
| <para>Install <application>Linux-<acronym>PAM</acronym></application> by |
| running the following commands:</para> |
| <screen><userinput><command>patch -Np1 -i ../Linux-PAM-&Linux_PAM-version;-linkage-2.patch && |
| autoconf && |
| sed -i 's/(mandir)/(MANDIR)/g' modules/Simple.Rules && |
| ./configure --enable-static-libpam --with-mailspool=/var/mail \ |
| --enable-read-both-confs --sysconfdir=/etc && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib && |
| rm /lib/libpam{,c,_misc}.so && |
| ln -sf ../../lib/libpam.so.&Linux_PAM-version; /usr/lib/libpam.so && |
| ln -sf ../../lib/libpam_misc.so.&Linux_PAM-version; /usr/lib/libpam_misc.so && |
| ln -sf ../../lib/libpamc.so.&Linux_PAM-version; /usr/lib/libpamc.so</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><command>autoconf</command>: This is necessary because the patch |
| changes where <acronym>PAM</acronym> looks for the |
| <application>cracklib</application> libraries, requiring regeneration of the |
| configure script.</para> |
| <para><command>sed -i 's/(mandir)/(MANDIR)/g' |
| modules/Simple.Rules</command>: This command puts the module manpages |
| with the rest of the manpages in |
| <filename>/usr/share/man</filename>.</para> |
| <para><option>--enable-static-libpam</option>: This switch builds |
| static <acronym>PAM</acronym> libraries as well as the dynamic libraries.</para> |
| <para><parameter>--with-mailspool=/var/mail</parameter>: This switch makes |
| the mailspool directory <acronym>FHS</acronym> compliant.</para> |
| <para><option>--enable-read-both-confs</option>: This switch lets the local |
| administrator choose which configuration file setup to use.</para> |
| <para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a |
| /usr/lib</command>: This command moves the static libraries to |
| <filename>/usr/lib</filename> to comply with <acronym>FHS</acronym> |
| guidelines.</para> |
| <para><command>rm /lib/libpam{,c,_misc}.so; ln -sf ... /usr/lib/...</command>: |
| These commands move the <filename class='symlink'>.so</filename> symlinks from |
| <filename class='directory'>/lib</filename> to |
| <filename class='directory'>/usr/lib</filename>.</para> |
| </sect2> |
| <sect2> |
| <title>Configuring |
| <application>Linux-<acronym>PAM</acronym></application></title> |
| <sect3 id="pam-config"><title>Config files</title> |
| <para><filename>/etc/pam.d/*</filename> or |
| <filename>/etc/pam.conf</filename></para> |
| <indexterm zone="Linux_PAM pam-config"> |
| <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary></indexterm> |
| <indexterm zone="Linux_PAM pam-config"> |
| <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary></indexterm> |
| </sect3> |
| <sect3><title>Configuration Information</title> |
| <para>Configuration information is placed in |
| <filename class='directory'>/etc/pam.d/</filename> or |
| <filename>/etc/pam.conf</filename> depending on user preference. Below are |
| example files of each type:</para> |
| <screen># Begin /etc/pam.d/other |
| auth required pam_unix.so nullok |
| account required pam_unix.so |
| session required pam_unix.so |
| password required pam_unix.so nullok |
| # End /etc/pam.d/other |
| # Begin /etc/pam.conf |
| other auth required pam_unix.so nullok |
| other account required pam_unix.so |
| other session required pam_unix.so |
| other password required pam_unix.so nullok |
| # End /etc/pam.conf</screen> |
| <para>The <application><acronym>PAM</acronym></application> man page |
| (<command>man pam</command>) provides a good starting point for descriptions |
| of fields and allowable entries. The |
| <ulink url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html"> |
| Linux-PAM guide for system administrators</ulink> |
| is recommended for further reading.</para> |
| <para>Refer to |
| <ulink url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/> |
| for a list of various modules available.</para> |
| <note><para>You should now reinstall the <xref linkend="shadow"/> |
| package.</para></note> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Program</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>unix_chkpwd and pam_tally</seg> |
| <seg>libpam.[so,a], libpamc.[so,a] and libpam_misc.[so,a]</seg> |
| <seg>/etc/pam.d, /etc/security, /lib/security and /usr/include/security</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="unix_chkpwd"> |
| <term><command>unix_chkpwd</command></term> |
| <listitem><para>checks user passwords that are stored |
| in read protected databases.</para> |
| <indexterm zone="Linux_PAM unix_chkpwd"> |
| <primary sortas="b-unix_chkpwd">unix_chkpwd</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="libpam"> |
| <term><filename class='libraryfile'>libpam.[so,a]</filename></term> |
| <listitem><para>provide the interfaces between applications and the |
| <acronym>PAM</acronym> modules.</para> |
| <indexterm zone="Linux_PAM libpam"> |
| <primary sortas="c-libpam">libpam.[so,a]</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/editors/nano/nano-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/nano/nano.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/nano/nano-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/nano/nano-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/nano/nano-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/emacs/emacs.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/emacs/emacs-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/emacs/emacs-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/emacs/emacs-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/vim/vim-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/vim/vim-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/vim/vim.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/vim/vim-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/vim/vim-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/joe/joe-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/joe/joe.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/joe/joe-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/joe/joe-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/joe/joe-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/editors/emacs.xml |
|---|
| 1,10 → 1,213 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-editors-emacs" xreflabel="Emacs-&emacs-version;"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY emacs-download-http "http://ftp.gnu.org/pub/gnu/emacs/emacs-&emacs-version;.tar.gz"> |
| <!ENTITY emacs-download-ftp "ftp://ftp.gnu.org/pub/gnu/emacs/emacs-&emacs-version;.tar.gz"> |
| <!ENTITY emacs-md5sum "8f9d97cbd126121bd5d97e5e31168a87"> |
| <!ENTITY emacs-size "20 MB"> |
| <!ENTITY emacs-buildsize "96.8 MB"> |
| <!ENTITY emacs-time "4.20 SBU"> |
| ]> |
| <sect1 id="emacs" xreflabel="Emacs-&emacs-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: bdubbs $</othername> |
| <date>$Date: 2005-06-16 06:20:36 $</date> |
| </sect1info> |
| <?dbhtml filename="emacs.html"?> |
| <title>Emacs-&emacs-version;</title> |
| &emacs-intro; |
| &emacs-inst; |
| &emacs-desc; |
| <indexterm zone="emacs"> |
| <primary sortas="a-Emacs">Emacs</primary> |
| </indexterm> |
| <sect2> |
| <title>Introduction to <application>Emacs</application></title> |
| <para>The <application>Emacs</application> package contains the extensible, |
| customizable, self-documenting real-time display editor.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink url="&emacs-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink url="&emacs-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &emacs-md5sum;</para></listitem> |
| <listitem><para>Download size: &emacs-size;</para></listitem> |
| <listitem><para>Estimated disk space required: &emacs-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: &emacs-time;</para></listitem> |
| </itemizedlist> |
| </sect3> |
| <sect3> |
| <title><application>Emacs</application> dependencies</title> |
| <sect4> |
| <title>Optional</title> |
| <para>X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>), |
| <xref linkend="libjpeg"/>, |
| <xref linkend="libpng"/>, |
| <xref linkend="libtiff"/> and |
| <xref linkend="libungif"/> or <xref linkend="giflib"/></para> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>Emacs</application></title> |
| <para>Install <application>Emacs</application> by running the following |
| commands:</para> |
| <screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/sbin && |
| make bootstrap</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>b2m, ctags, ebrowse, emacs, emacsclient, etags, grep-changelog and rcs-checkin</seg> |
| <seg>None</seg> |
| <seg>/usr/sbin/emacs and /usr/share/emacs</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="b2m"> |
| <term><filename>b2m</filename></term> |
| <listitem><para>is a program to convert mail files from RMAIL |
| format to Unix <quote>mbox</quote> format.</para> |
| <indexterm zone="emacs b2m"> |
| <primary sortas="b-b2m">b2m</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="ctags"> |
| <term><filename>b2m</filename></term> |
| <listitem><para>creates cross-reference tagfile database files |
| for source code.</para> |
| <indexterm zone="emacs ctags"> |
| <primary sortas="b-ctags">ctags</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="ebrowse"> |
| <term><filename>ebrowse</filename></term> |
| <listitem><para>permits browsing of C++ class hierarchies from |
| within emacs.</para> |
| <indexterm zone="emacs ebrowse"> |
| <primary sortas="b-ebrowse">ebrowse</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="emacs-prog"> |
| <term><filename>emacs</filename></term> |
| <listitem><para>is an editor.</para> |
| <indexterm zone="emacs emacs-prog"> |
| <primary sortas="b-emacs">emacs</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="emacsclient"> |
| <term><filename>emacsclient</filename></term> |
| <listitem><para>attaches an emacs session to an already |
| running emacsserver instance.</para> |
| <indexterm zone="emacs emacsclient"> |
| <primary sortas="b-emacsclient">emacsclient</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="etags"> |
| <term><filename>etags</filename></term> |
| <listitem><para>is another program to generate source code |
| cross-reference tagfiles.</para> |
| <indexterm zone="emacs etags"> |
| <primary sortas="b-etags">etags</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="grep-changelog"> |
| <term><filename>grep-changelog</filename></term> |
| <listitem><para>prints entries in Change Logs matching |
| various criteria.</para> |
| <indexterm zone="emacs grep-changelog"> |
| <primary sortas="b-grep-changelog">grep-changelog</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="rcs-checkin"> |
| <term><filename>rcs-checkin</filename></term> |
| <listitem><para>is a shell script used to check |
| files into <acronym>RCS</acronym>.</para> |
| <indexterm zone="emacs rcs-checkin"> |
| <primary sortas="b-rcs-checkin">rcs-checkin</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <!-- |
| <sect3><title>cvt-mail</title> |
| <para><command>cvt-mail</command> converts old style goslings emacs mail |
| directories into gnu-rmail format.</para></sect3> |
| <sect3><title>digest-doc</title> |
| <para><command>digest-doc</command> is a filter to create nroff output for man |
| pages.</para></sect3> |
| <sect3><title>emacsserver</title> |
| <para><command>emacserver</command> allows other applications/shells to access |
| an already running emacs instance and share buffers with it.</para></sect3> |
| <sect3><title>fakemail</title> |
| <para><command>fakemail</command> is a sendmail-like interface to |
| <filename>/bin/mail</filename>.</para></sect3> |
| <sect3><title>hexl</title> |
| <para><command>hexl</command> converts files for editing with emacs hexl-mode |
| binary file editing mode.</para></sect3> |
| <sect3><title>movemail</title> |
| <para><command>movemail</command> provides access to |
| <acronym>POP</acronym>3 mailboxes.</para></sect3> |
| <sect3><title>profile</title> |
| <para><command>profile</command> generates periodic events for profiling of |
| Emacs Lisp code.</para></sect3> |
| <sect3><title>rcs2log</title> |
| <para><command>rcs2log</command> generates change log prefixes from |
| <acronym>RCS</acronym> files.</para></sect3> |
| <sect3><title>sorted-doc</title> |
| <para><command>sorted-doc</command> is a filter to generate texinfo |
| files.</para></sect3> |
| <sect3><title>vcdiff</title> |
| <para><command>vcdiff</command> compares <acronym>SCCS</acronym> |
| files.</para></sect3> |
| <sect3><title>yow</title> |
| <para><command>yow</command> prints a quotation from Zippy the |
| Pinhead.</para></sect3> --> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/editors/ed.xml |
|---|
| 0,0 → 1,135 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY ed-download-http "http://ftp.gnu.org/pub/gnu/ed/ed-&ed-version;.tar.gz"> |
| <!ENTITY ed-download-ftp "ftp://ftp.gnu.org/pub/gnu/ed/ed-&ed-version;.tar.gz"> |
| <!ENTITY ed-md5sum "ddd57463774cae9b50e70cd51221281b"> |
| <!ENTITY ed-size "182 KB"> |
| <!ENTITY ed-buildsize "3.1 MB"> |
| <!ENTITY ed-time "0.10 SBU"> |
| ]> |
| <sect1 id="ed" xreflabel="Ed-&ed-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:36 $</date> |
| </sect1info> |
| <?dbhtml filename="ed.html"?> |
| <title>Ed-&ed-version;</title> |
| <indexterm zone="ed"><primary |
| sortas="a-Ed">Ed</primary></indexterm> |
| <sect2> |
| <title>Introduction to <application>Ed</application></title> |
| <para><application>Ed</application> is a line-oriented text editor. It |
| is used to create, display, modify and otherwise manipulate text files, |
| both interactively and via shell scripts. Ed isn't something which many |
| people use. It's described here because it can be used by the patch |
| program if you encounter an ed-based patch file. This happens rarely |
| because diff-based patches are preferred these days.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing="compact"> |
| <listitem><para>Download (HTTP): |
| <ulink url="&ed-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): |
| <ulink url="&ed-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &ed-md5sum;</para></listitem> |
| <listitem><para>Download size: &ed-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &ed-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &ed-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional downloads</title> |
| <itemizedlist spacing="compact"> |
| <listitem><para>Required Patch: <ulink |
| url="&patch-root;/ed-&ed-version;-mkstemp-1.patch"/></para></listitem> |
| </itemizedlist></sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>Ed</application></title> |
| <para><application>Ed</application> normally uses the |
| <emphasis>mktemp</emphasis> function to create temporary files in |
| <filename class="directory">/tmp</filename>, but this function contains |
| a vulnerability (see the section on Temporary Files at |
| <ulink url="http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html"/>). |
| Apply the following patch to make <application>Ed</application> use |
| <emphasis>mkstemp</emphasis> instead, a secure way to create temporary |
| files:</para> |
| <screen><userinput><command>patch -Np1 -i ../ed-&ed-version;-mkstemp-1.patch</command></userinput></screen> |
| <para>Install <application>Ed</application> by running the following |
| commands:</para> |
| <screen><userinput><command>./configure --prefix=/usr --exec-prefix="" && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><parameter>--exec-prefix=""</parameter>: This forces the programs |
| to be installed into the <filename class="directory">/bin</filename> |
| directory. Having the programs available there is useful in the event of |
| the <filename class="directory">/usr</filename> partition being |
| unavailable.</para> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>ed and red</seg> |
| <seg>None</seg> |
| <seg>None</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="ed-prog"> |
| <term><filename>ed</filename></term> |
| <listitem><para>is a line-oriented text editor.</para> |
| <indexterm zone="ed ed-prog"> |
| <primary sortas="b-ed">ed</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="red"> |
| <term><filename>red</filename></term> |
| <listitem><para>is a restricted ed—it can only edit files in the |
| current directory and cannot execute shell commands. |
| </para> |
| <indexterm zone="ed red"> |
| <primary sortas="b-red">red</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/editors/editors.xml |
|---|
| 1,18 → 1,25 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| ]> |
| <chapter id="postlfs-editors"> |
| <?dbhtml filename="editors.html"?> |
| <title>Editeurs</title> |
| <title>Editors</title> |
| <para>Ce chapitre est référencé dans le livre <acronym>LFS</acronym> pour ceux |
| qui souhaitent utiliser d'autres éditeurs sur leur système |
| <acronym>LFS</acronym>. Nous avons aussi l'opportunité de montrer le bénéfice |
| que tirent certains programmes déjà installés par <acronym>LFS</acronym> à être |
| recompilés après l'installation des bibliothèques <acronym>GUI</acronym>.</para> |
| <para>This chapter is referenced in the <acronym>LFS</acronym> book for |
| those wishing to use other editors on their <acronym>LFS</acronym> system. |
| You're also shown how some <acronym>LFS</acronym> installed programs |
| benefit from being recompiled after <acronym>GUI</acronym> libraries have |
| been installed.</para> |
| &postlfs-editors-vim; |
| &postlfs-editors-emacs; |
| &postlfs-editors-nano; |
| &postlfs-editors-joe; |
| &postlfs-editors-pico; |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="vim.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="emacs.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="nano.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="joe.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="pico.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ed.xml"/> |
| </chapter> |
| /trunk/blfs/postlfs/editors/pico.xml |
|---|
| 1,9 → 1,19 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| ]> |
| <sect1 id="pico"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:36 $</date> |
| </sect1info> |
| <?dbhtml filename="pico.html"?> |
| <title>Pico</title> |
| <para><application>pico</application> est installé comme partie de |
| <para><command>pico</command> is installed as a part of |
| <xref linkend="pine"/>.</para> |
| </sect1> |
| /trunk/blfs/postlfs/editors/nano.xml |
|---|
| 1,11 → 1,135 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-editors-nano"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY nano-download-http "http://www.nano-editor.org/dist/v1.2/nano-&nano-version;.tar.gz"> |
| <!ENTITY nano-download-ftp "ftp://ftp.uni-koeln.de/editor/nano-&nano-version;.tar.gz"> |
| <!ENTITY nano-md5sum "2c513310ec5e8b63abaecaf48670ac7a"> |
| <!ENTITY nano-size "897 KB"> |
| <!ENTITY nano-buildsize "4.3 MB"> |
| <!ENTITY nano-time "0.08 SBU"> |
| ]> |
| <sect1 id="nano"> |
| <sect1info> |
| <othername>$LastChangedBy: bdubbs $</othername> |
| <date>$Date: 2005-06-16 06:20:36 $</date> |
| </sect1info> |
| <?dbhtml filename="nano.html"?> |
| <title>nano-&nano-version;</title> |
| <indexterm zone="nano"><primary |
| sortas="a-nano">Nano</primary></indexterm> |
| &nano-intro; |
| &nano-inst; |
| &nano-config; |
| &nano-desc; |
| <sect2> |
| <title>Introduction to <application>nano</application></title> |
| <para>The <application>nano</application> package contains a small, simple |
| text editor which aims to replace <application>Pico</application>, the default |
| editor in the <application>Pine</application> package.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&nano-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&nano-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &nano-md5sum;</para></listitem> |
| <listitem><para>Download size: &nano-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &nano-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &nano-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title><application>nano</application> dependencies</title> |
| <sect4><title>Optional</title> |
| <para><xref linkend="slang"/></para> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>nano</application></title> |
| <para>Install <application>nano</application> by running the following |
| commands:</para> |
| <screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \ |
| --enable-color --enable-multibuffer --enable-nanorc && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| mkdir -p /usr/share/doc/nano/examples && |
| cp nanorc.sample /usr/share/doc/nano/examples</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Configuring nano</title> |
| <sect3 id="nano-config"><title>Config files</title> |
| <para><filename>/etc/nanorc</filename>, <filename>~/.nanorc</filename></para> |
| <indexterm zone="nano nano-config"> |
| <primary sortas="e-etc-nanorc">/etc/nanorc</primary> |
| </indexterm> |
| <indexterm zone="nano nano-config"> |
| <primary sortas="e-AA.nanorc">~/.nanorc</primary> |
| </indexterm> |
| <para>Example Configuration</para> |
| <screen><userinput>set autoindent |
| set const |
| set fill 72 |
| set historylog |
| set multibuffer |
| set nohelp |
| set regexp |
| set smooth |
| set suspend</userinput></screen> |
| <para>Another example is in the |
| <filename class="directory">/usr/share/doc/nano/examples</filename> directory |
| in the <filename>nanorc.sample</filename> file. It includes color |
| configurations and has some documentation included in the comments.</para> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directory</segtitle> |
| <seglistitem> |
| <seg>nano</seg> |
| <seg>None</seg> |
| <seg>/usr/share/doc/nano</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="nano-prog"> |
| <term><filename>nano</filename></term> |
| <listitem><para>is a small, simple text editor which aims to |
| replace <application>Pico</application>, the default editor in the |
| <application>Pine</application> package.</para> |
| <indexterm zone="nano nano-prog"> |
| <primary sortas="b-nano">nano</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/editors/vim.xml |
|---|
| 1,11 → 1,192 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-editors-vim" xreflabel="Vim-&vim-version;"> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY vim-download-http "http://ftp.at.vim.org/pub/vim/unix/vim-&vim-version;.tar.bz2"> |
| <!ENTITY vim-download-ftp "ftp://ftp.vim.org/pub/vim/unix/vim-&vim-version;.tar.bz2"> |
| <!ENTITY vim-md5sum "821fda8f14d674346b87e3ef9cb96389"> |
| <!ENTITY vim-size "3.7 MB"> |
| <!ENTITY vim-buildsize "48 MB"> |
| <!ENTITY vim-time "0.59 SBU"> |
| ]> |
| <sect1 id="vim" xreflabel="Vim-&vim-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: bdubbs $</othername> |
| <date>$Date: 2005-06-16 06:20:36 $</date> |
| </sect1info> |
| <?dbhtml filename="vim.html"?> |
| <title>Vim-&vim-version;</title> |
| <indexterm zone="vim"><primary |
| sortas="a-Vim">Vim</primary></indexterm> |
| &vim-intro; |
| &vim-inst; |
| &vim-exp; |
| &vim-desc; |
| <sect2> |
| <title>Introduction to <application>Vim</application></title> |
| <para>The <application>Vim</application> package, which is an |
| abbreviation for VI IMproved, contains a <command>vi</command> |
| clone with extra features as compared to the original |
| <command>vi</command>.</para> |
| <para>The default <acronym>LFS</acronym> instructions install |
| <application>vim</application> as a part of the base system. |
| If you would prefer to link <application>vim</application> |
| against <application>X</application>, you should recompile |
| <application>vim</application> to enable <acronym>GUI</acronym> |
| mode. There is no need for special instructions since |
| <application>X</application> support is automatically detected. |
| </para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&vim-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&vim-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &vim-md5sum;</para></listitem> |
| <listitem><para>Download size: &vim-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &vim-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &vim-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional downloads</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Required patch: <ulink |
| url="&patch-root;/vim-&vim-version;-security_fix-1.patch"/></para> |
| </listitem> |
| <listitem><para>Translated Vim messages: <ulink |
| url="http://ftp.at.vim.org/pub/vim/extra/vim-&vim-version;-lang.tar.gz"/> |
| </para></listitem> |
| </itemizedlist></sect3> |
| <sect3><title><application>Vim</application> dependencies</title> |
| <sect4><title>Recommended</title> |
| <para><application>X</application> |
| (<xref linkend="xfree86"/> or <xref linkend="xorg"/>)</para> |
| </sect4> |
| <sect4><title>Optional</title> |
| <para><xref linkend="gtk2"/>, |
| <xref linkend="lesstif"/>, |
| <xref linkend="python"/>, |
| <xref linkend="tcl"/>, |
| <xref linkend="ruby"/> |
| and <xref linkend="gpm"/> |
| </para> |
| </sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>Vim</application></title> |
| <note><para>If you recompile vim to link against <application>X</application>, |
| and your <application>X</application> libs are not on the root partition, you |
| will no longer have an editor for use in emergencies. You may choose to |
| install an additional editor, not link vim against X, or move the current |
| <command>vim</command> executable to the <filename>/bin</filename> directory |
| under a different name such as <filename>vi</filename>.</para></note> |
| <para>If desired, unpack the translated messages archive:</para> |
| <screen><userinput><command>tar -zxf ../vim-&vim-version;-lang.tar.gz --strip-path=1</command></userinput></screen> |
| <para>Install <application>Vim</application> by running the following |
| commands:</para> |
| <screen><userinput><command>echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h && |
| echo '#define SYS_GVIMRC_FILE "/etc/gvimrc"' >> src/feature.h && |
| patch -Np1 -i ../vim-&vim-version;-security_fix-1.patch && |
| ./configure --prefix=/usr --with-features=huge && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><parameter>--with-features=huge</parameter>: This switch enables all |
| the additional features available in <application>Vim</application>.</para> |
| <para><option>--enable-gui=no</option>: If you prefer not to link |
| <application>Vim</application> against <application>X</application>, use |
| this switch.</para> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <para>A list of the reinstalled files, along with their short descriptions can |
| be found at <ulink url="&lfs-root;/chapter06/vim.html#contents-vim"/>.</para> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directory</segtitle> |
| <seglistitem> |
| <seg>gview, gvim, gvimdiff, rgview, rgvim</seg> |
| <seg>None</seg> |
| <seg>/usr/share/vim</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="gview"> |
| <term><filename>gview</filename></term> |
| <listitem><para>starts <command>gvim</command> in read-only mode.</para> |
| <indexterm zone="vim gview"> |
| <primary sortas="b-gview">gview</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="gvim"> |
| <term><filename>gvim</filename></term> |
| <listitem><para>is the editor that runs under X and includes a <acronym>GUI</acronym></para> |
| <indexterm zone="vim gvim"> |
| <primary sortas="b-gvim">gvim</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="gvimdiff"> |
| <term><filename>gvimdiff</filename></term> |
| <listitem><para>edits two or three versions of a file with |
| <command>gvim</command> and show differences.</para> |
| <indexterm zone="vim gvimdiff"> |
| <primary sortas="b-gvimdiff">gvimdiff</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="rgview"> |
| <term><filename>rgview</filename></term> |
| <listitem><para>is a restricted version of <command>gview</command>.</para> |
| <indexterm zone="vim rgview"> |
| <primary sortas="b-rgview">rgview</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="rgvim"> |
| <term><filename>rgvim</filename></term> |
| <listitem><para>is a restricted version of <command>gvim</command>. </para> |
| <indexterm zone="vim gvim"> |
| <primary sortas="b-gvim">gvim</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/editors/joe.xml |
|---|
| 1,11 → 1,175 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <sect1 id="postlfs-editors-joe"> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY joe-download-http "http://prdownloads.sourceforge.net/joe-editor/joe-&joe-version;.tar.gz"> |
| <!ENTITY joe-download-ftp " "> |
| <!ENTITY joe-md5sum "2a6ef018870fca9b7df85401994fb0e0"> |
| <!ENTITY joe-size "380 KB"> |
| <!ENTITY joe-buildsize "5.7 MB"> |
| <!ENTITY joe-time "0.11 SBU"> |
| ]> |
| <sect1 id="joe"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:36 $</date> |
| </sect1info> |
| <?dbhtml filename="joe.html"?> |
| <title>JOE-&joe-version;</title> |
| <indexterm zone="joe"><primary |
| sortas="a-JOE">JOE</primary></indexterm> |
| &joe-intro; |
| &joe-inst; |
| &joe-config; |
| &joe-desc; |
| <sect2> |
| <title>Introduction to <application><acronym>JOE</acronym></application></title> |
| <para><application>JOE</application> (Joe's own editor) is a small text editor |
| capable of emulating WordStar, <application>Pico</application>, |
| and <application>Emacs</application>.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&joe-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&joe-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &joe-md5sum;</para></listitem> |
| <listitem><para>Download size: &joe-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &joe-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &joe-time;</para></listitem></itemizedlist> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application><acronym>JOE</acronym></application></title> |
| <para>Install <application><acronym>JOE</acronym></application> by running the |
| following commands:</para> |
| <screen><userinput><command>./configure --sysconfdir=/etc --prefix=/usr && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Configuration files</title> |
| <sect3 id="joe-config"><title>Config files</title> |
| <para><filename>/etc/joe/jmacsrc</filename>, |
| <filename>/etc/joe/joerc</filename>, <filename>/etc/joe/jpicorc</filename>, |
| <filename>/etc/joe/jstarrc</filename>, <filename>/etc/joe/rjoerc</filename>, |
| <filename>~/.joerc</filename></para> |
| <indexterm zone="joe joe-config"> |
| <primary sortas="e-etc-joe-jmacsrc">/etc/joe/jmacsrc</primary> |
| </indexterm> |
| <indexterm zone="joe joe-config"> |
| <primary sortas="e-etc-joe-joerc">/etc/joe/joerc</primary> |
| </indexterm> |
| <indexterm zone="joe joe-config"> |
| <primary sortas="e-etc-joe-jpicorc">/etc/joe/jpicorc</primary> |
| </indexterm> |
| <indexterm zone="joe joe-config"> |
| <primary sortas="e-etc-joe-jstarrc">/etc/joe/jstarrc</primary> |
| </indexterm> |
| <indexterm zone="joe joe-config"> |
| <primary sortas="e-etc-joe-rjoerc">/etc/joe/rjoerc</primary> |
| </indexterm> |
| <indexterm zone="joe joe-config"> |
| <primary sortas="e-AA.joerc">~/.joerc</primary> |
| </indexterm> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Programs</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directory</segtitle> |
| <seglistitem> |
| <seg>jmacs, joe, jpico, jstar, rjoe and termidx</seg> |
| <seg>None</seg> |
| <seg>/etc/joe</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="jmacs"> |
| <term><filename>jmacs</filename></term> |
| <listitem><para>is a symbolic link to |
| <command>joe</command> used to launch <application>Emacs</application> |
| emulation mode.</para> |
| <indexterm zone="joe jmacs"> |
| <primary sortas="b-jmacs">jmacs</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="joe-prog"> |
| <term><filename>joe</filename></term> |
| <listitem><para>is a small text editor capable of emulating |
| WordStar, <application>Pico</application>, and |
| <application>Emacs</application>.</para> |
| <indexterm zone="joe joe-prog"> |
| <primary sortas="b-joe">joe</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="jpico"> |
| <term><filename>jpico</filename></term> |
| <listitem><para>is a symbolic link to |
| <command>joe</command> used to launch <application>Pico</application> |
| emulation mode.</para> |
| <indexterm zone="joe jpico"> |
| <primary sortas="b-jpico">jpico</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="jstar"> |
| <term><filename>jstar</filename></term> |
| <listitem><para>is a symbolic link to |
| <command>joe</command> used to launch WordStar |
| emulation mode.</para> |
| <indexterm zone="joe jstar"> |
| <primary sortas="b-jstar">jstar</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="rjoe"> |
| <term><filename>rjoe</filename></term> |
| <listitem><para>is a symbolic link to |
| <command>joe</command> that restricts |
| <application><acronym>JOE</acronym></application> to editing |
| only files which are specified on the command-line.</para> |
| <indexterm zone="joe rjoe"> |
| <primary sortas="b-rjoe">rjoe</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| <varlistentry id="termidx"> |
| <term><filename>termidx</filename></term> |
| <listitem><para>is a program used by |
| <command>joe</command> to generate the termcap index file.</para> |
| <indexterm zone="joe termidx"> |
| <primary sortas="b-termidx">termidx</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/shells/zsh/zsh.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/zsh/zsh-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/zsh/zsh-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/zsh/zsh-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/zsh/zsh-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/ash/ash-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/ash/ash-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/ash/ash-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/ash/ash.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/ash/ash-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/tcsh/tcsh.ent |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/tcsh/tcsh-intro.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/tcsh/tcsh-exp.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/tcsh/tcsh-inst.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/tcsh/tcsh-desc.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/tcsh/tcsh-config.xml |
|---|
| File deleted |
| /trunk/blfs/postlfs/shells/tcsh.xml |
|---|
| 1,13 → 1,147 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY tcsh-download-http "http://gd.tuwien.ac.at/utils/shells/tcsh/tcsh-&tcsh-version;.tar.gz"> |
| <!ENTITY tcsh-download-ftp "ftp://ftp.fu-berlin.de/unix/shells/tcsh/tcsh-&tcsh-version;.tar.gz"> |
| <!ENTITY tcsh-size "804 KB"> |
| <!ENTITY tcsh-buildsize "9.0 MB"> |
| <!ENTITY tcsh-time "0.16 SBU"> |
| <!ENTITY tcsh-md5sum "11c0c9c9148652dc01270c4880d1cc6e"> |
| ]> |
| <sect1 id="tcsh" xreflabel="Tcsh-&tcsh-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: randy $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="tcsh.html"?> |
| <title>Tcsh-&tcsh-version;</title> |
| <indexterm zone="tcsh"> |
| <primary sortas="a-Tcsh">Tcsh</primary></indexterm> |
| &tcsh-intro; |
| &tcsh-inst; |
| &tcsh-exp; |
| &tcsh-config; |
| &tcsh-desc; |
| <sect2> |
| <title>Introduction to <application>Tcsh</application></title> |
| <para>The <application>Tcsh</application> package contains "an enhanced but |
| completely compatible version of the Berkeley Unix C shell (csh)". This is |
| useful as an alternative shell for those who prefer C syntax to that of the |
| bash shell, and also because some programs require the C shell in order to |
| install.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&tcsh-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&tcsh-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &tcsh-md5sum;</para></listitem> |
| <listitem><para>Download size: &tcsh-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &tcsh-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &tcsh-time;</para></listitem></itemizedlist> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>Tcsh</application></title> |
| <para>Install <application>Tcsh</application> by running the following |
| commands:</para> |
| <screen><userinput><command>./configure --prefix=/usr && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install && |
| make install.man && |
| ln -sf /usr/bin/tcsh /bin/csh</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Command explanations</title> |
| <para><command>ln -sf /usr/bin/tcsh /bin/csh</command>: The |
| <acronym>FHS</acronym> states that if there is a <application>C</application> |
| shell installed, there should be a symlink from |
| <filename>/bin/csh</filename> to it. This creates that symlink.</para> |
| </sect2> |
| <sect2> |
| <title>Configuring <application>Tcsh</application></title> |
| <sect3 id="tcsh-config"><title>Config files</title> |
| <para>There are numerous configuration files for the C shell. Examples |
| of these are <filename>/etc/csh.cshrc</filename>, |
| <filename>/etc/csh.login</filename>, |
| <filename>/etc/csh.logout</filename>, |
| <filename>~/.tcshrc</filename>, |
| <filename>~/.cshrc</filename>, |
| <filename>~/.history</filename>, |
| <filename>~/.cshdirs</filename>, |
| <filename>~/.login</filename>, |
| <filename>~/.logout</filename>. More information on these files can be |
| found in the <filename>tcsh(1)</filename> man page.</para> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-etc-csh.cshrc">/etc/csh.cshrc</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-etc-csh.login">/etc/csh.login</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-etc-csh.logout">/etc/csh.logout</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-AA.tcshrc">~/.tcshrc</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-AA.cshrc">~/.cshrc</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-AA.history">~/.history</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-AA.cshdirs">~/.cshdirs</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-AA.login">~/.login</primary></indexterm> |
| <indexterm zone="tcsh tcsh-config"> |
| <primary sortas="e-AA.logout">~/.logout</primary></indexterm> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Program</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>tcsh</seg> |
| <seg>None</seg> |
| <seg>None</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Descriptions</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="tcsh-prog"> |
| <term><command>tcsh</command></term> |
| <listitem><para>is an enhanced but completely compatible version of the |
| Berkeley Unix C shell, <command>csh</command>. It is usable as both an |
| interactive shell and a script processor.</para> |
| <indexterm zone="tcsh tcsh-prog"> |
| <primary sortas="b-tcsh">tcsh</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/shells/zsh.xml |
|---|
| 1,12 → 1,131 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY zsh-download-http "http://prdownloads.sourceforge.net/zsh/zsh-&zsh-version;.tar.bz2"> |
| <!ENTITY zsh-download-ftp " "> |
| <!ENTITY zsh-size "2.0 MB"> |
| <!ENTITY zsh-buildsize "17 MB"> |
| <!ENTITY zsh-time "0.51 SBU"> |
| <!ENTITY zsh-md5sum "5c37fa9eb659458fe4f7f80da17fb09c"> |
| ]> |
| <sect1 id="zsh" xreflabel="ZSH-&zsh-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: larry $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="zsh.html"?> |
| <title>ZSH-&zsh-version;</title> |
| <indexterm zone="zsh"> |
| <primary sortas="a-ZSH">ZSH</primary></indexterm> |
| &zsh-intro; |
| &zsh-inst; |
| &zsh-config; |
| &zsh-desc; |
| <sect2> |
| <title>Introduction to <application>ZSH</application></title> |
| <para>The <application>ZSH</application> package contains a command |
| interpreter (shell) usable as an interactive login shell and as |
| a shell script command processor. Of the standard shells, |
| <application>ZSH</application> most |
| closely resembles <application>KSH</application> but includes many |
| enhancements.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&zsh-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&zsh-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &zsh-md5sum;</para></listitem> |
| <listitem><para>Download size: &zsh-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &zsh-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &zsh-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title><application>ZSH</application> dependencies</title> |
| <sect4><title>Optional</title> |
| <para><xref linkend="pcre"/></para></sect4> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>ZSH</application></title> |
| <para>Install <application>ZSH</application> by running the following |
| commands:</para> |
| <screen><userinput><command>./configure --prefix=/usr && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>make install</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Configuring <application>ZSH</application></title> |
| <sect3 id="zsh-config"><title>Config files</title> |
| <para>There are a whole host of configuration files for |
| <application>ZSH</application> including |
| <filename>/etc/zshenv</filename>, |
| <filename>/etc/zprofile</filename>, |
| <filename>/etc/zshrc</filename>, |
| <filename>/etc/zlogin</filename> and |
| <filename>/etc/zlogout</filename>. You can find more information on these in |
| the <filename>zsh(1)</filename> and related man pages.</para> |
| <indexterm zone="zsh zsh-config"> |
| <primary sortas="e-etc-zshenv">/etc/zshenv</primary></indexterm> |
| <indexterm zone="zsh zsh-config"> |
| <primary sortas="e-etc-zprofile">/etc/zprofile</primary></indexterm> |
| <indexterm zone="zsh zsh-config"> |
| <primary sortas="e-etc-zshrc">/etc/zshrc</primary></indexterm> |
| <indexterm zone="zsh zsh-config"> |
| <primary sortas="e-etc-zlogin">/etc/zlogin</primary></indexterm> |
| <indexterm zone="zsh zsh-config"> |
| <primary sortas="e-etc-zlogout">/etc/zlogout</primary></indexterm> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Program</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>zsh</seg> |
| <seg>None</seg> |
| <seg>/usr/lib/zsh, /user/share/zsh</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Description</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="zsh-prog"> |
| <term><command>zsh</command></term> |
| <listitem><para>is a shell which has command-line editing, built-in spelling |
| correction, programmable command completion, shell functions (with |
| autoloading), a history mechanism, and a host of other features.</para> |
| <indexterm zone="zsh zsh-prog"> |
| <primary sortas="b-zsh">zsh</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |
| /trunk/blfs/postlfs/shells/shells.xml |
|---|
| 1,15 → 1,21 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| ]> |
| <chapter id="postlfs-shells"> |
| <?dbhtml filename="shells.html"?> |
| <title>Shells</title> |
| <para>Nous sommes tous familiers avec le shell BASH (Bourne Again shell), mais |
| il existe deux autres interfaces utilisateur considérées comme des shells |
| modernes et utiles, tcsh (Shell C UNIX de Berkeley) et zsh (Korn shell). Ce |
| chapitre installe les packages compatibles avec ces types de shells.</para> |
| <para>We are all familiar with the Bourne Again SHell, but there are two |
| other user interfaces that are considered useful modern shells -- the |
| Berkeley Unix C shell and the Korn shell. This chapter installs |
| packages compatible with these additional shell types.</para> |
| &ash; |
| &tcsh; |
| &zsh; |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ash.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tcsh.xml"/> |
| <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="zsh.xml"/> |
| </chapter> |
| /trunk/blfs/postlfs/shells/ash.xml |
|---|
| 1,12 → 1,128 |
| <?xml version="1.0" encoding="ISO-8859-1"?> |
| <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" |
| "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ |
| <!ENTITY % general-entities SYSTEM "../../general.ent"> |
| %general-entities; |
| <!ENTITY ash-version "0.4.0"> |
| <!ENTITY ash-download-http " "> |
| <!ENTITY ash-download-ftp "ftp://distro.ibiblio.org/pub/Linux/distributions/slackware/slackware_source/ap/ash/ash-&ash-version;.tar.gz"> |
| <!ENTITY ash-md5sum "1c59f5b62a081cb0cb3b053c01d79529"> |
| <!ENTITY ash-size "118 KB"> |
| <!ENTITY ash-buildsize "2.2 MB"> |
| <!ENTITY ash-time "0.06 SBU"> |
| ]> |
| <sect1 id="ash" xreflabel="ASH-&ash-version;"> |
| <sect1info> |
| <othername>$LastChangedBy: randy $</othername> |
| <date>$Date: 2005-06-16 06:20:37 $</date> |
| </sect1info> |
| <?dbhtml filename="ash.html"?> |
| <title>ASH-&ash-version;</title> |
| <indexterm zone="ash"> |
| <primary sortas="a-ASH">ASH</primary></indexterm> |
| &ash-intro; |
| &ash-inst; |
| &ash-config; |
| &ash-desc; |
| <sect2> |
| <title>Introduction to <application>ASH</application></title> |
| <para><command>ash</command> is a shell that is the most compliant with the |
| Bourne Shell (not to be confused with Bourne Again SHell i.e., |
| <application>Bash</application> installed in <acronym>LFS</acronym>) without |
| any additional features. Bourne Shell is available on most commercial |
| <acronym>UNIX</acronym> systems. Hence <command>ash</command> is useful for |
| testing scripts to be <command>sh</command>-compliant. It also has a small |
| memory and space requirements compared to the other |
| <command>sh</command>-compliant shells.</para> |
| <sect3><title>Package information</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Download (HTTP): <ulink |
| url="&ash-download-http;"/></para></listitem> |
| <listitem><para>Download (FTP): <ulink |
| url="&ash-download-ftp;"/></para></listitem> |
| <listitem><para>Download MD5 sum: &ash-md5sum;</para></listitem> |
| <listitem><para>Download size: &ash-size;</para></listitem> |
| <listitem><para>Estimated disk space required: |
| &ash-buildsize;</para></listitem> |
| <listitem><para>Estimated build time: |
| &ash-time;</para></listitem></itemizedlist> |
| </sect3> |
| <sect3><title>Additional downloads</title> |
| <itemizedlist spacing='compact'> |
| <listitem><para>Required Patch: <ulink |
| url="&patch-root;/ash-&ash-version;-cumulative_fixes-1.patch"/></para> |
| </listitem> |
| </itemizedlist> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Installation of <application>ASH</application></title> |
| <para>Install <application>ASH</application> by running the following |
| commands:</para> |
| <screen><userinput><command>patch -Np1 -i ../ash-0.4.0-cumulative_fixes-1.patch && |
| make</command></userinput></screen> |
| <para>Now, as the root user:</para> |
| <screen><userinput role='root'><command>install -m 755 sh /bin/ash && |
| install -m 644 sh.1 /usr/share/man/man1/ash.1</command></userinput></screen> |
| <para>If you would like to make <command>ash</command> the default sh shell, |
| make a symlink.</para> |
| <screen><userinput><command>ln -sf ash /bin/sh</command></userinput></screen> |
| </sect2> |
| <sect2> |
| <title>Configuring <application>ASH</application></title> |
| <sect3 id="ash-config"><title>Config files</title> |
| <para><application>ASH</application> sources |
| <filename>/etc/profile</filename> and |
| <filename>$HOME/.profile</filename></para> |
| <indexterm zone="ash ash-config"> |
| <primary sortas="e-etc-profile">/etc/profile</primary></indexterm> |
| <indexterm zone="ash ash-config"> |
| <primary sortas="e-AHOME-.profile">$HOME/.profile</primary></indexterm> |
| </sect3> |
| </sect2> |
| <sect2> |
| <title>Contents</title> |
| <segmentedlist> |
| <segtitle>Installed Program</segtitle> |
| <segtitle>Installed Libraries</segtitle> |
| <segtitle>Installed Directories</segtitle> |
| <seglistitem> |
| <seg>ash</seg> |
| <seg>None</seg> |
| <seg>None</seg> |
| </seglistitem> |
| </segmentedlist> |
| <variablelist> |
| <bridgehead renderas="sect3">Short Description</bridgehead> |
| <?dbfo list-presentation="list"?> |
| <varlistentry id="ash-prog"> |
| <term><command>ash</command></term> |
| <listitem><para>is a <command>sh</command>-compliant shell.</para> |
| <indexterm zone="ash ash-prog"> |
| <primary sortas="b-ash">ash</primary></indexterm> |
| </listitem> |
| </varlistentry> |
| </variablelist> |
| </sect2> |
| </sect1> |