website annotate pt/doc/handbook/security.html @ rev 142

pt: Add newly translated pages (Many thanks Cladinei)
author Paul Issott <paul@slitaz.org>
date Mon Aug 25 22:36:03 2008 +0000 (2008-08-25)
parents
children cb2989313e14
rev   line source
paul@142 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
paul@142 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
paul@142 3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
paul@142 4 <head>
paul@142 5 <title>SliTaz Handbook (en) - Security</title>
paul@142 6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
paul@142 7 <meta name="description" content="slitaz English handbook" />
paul@142 8 <meta name="expires" content="never" />
paul@142 9 <meta name="modified" content="2008-07-18 05:30:00" />
paul@142 10 <meta name="publisher" content="www.slitaz.org" />
paul@142 11 <meta name="author" content="Christophe Lincoln" />
paul@142 12 <link rel="shortcut icon" href="favicon.ico" />
paul@142 13 <link rel="stylesheet" type="text/css" href="book.css" />
paul@142 14 </head>
paul@142 15 <body bgcolor="#ffffff">
paul@142 16
paul@142 17 <!-- Header and quick navigation -->
paul@142 18 <div id="header">
paul@142 19 <div id="quicknav" align="right">
paul@142 20 <a name="top"></a>
paul@142 21 <a href="index.html">Table of contents</a>
paul@142 22 </div>
paul@142 23 <h1><font color="#3e1220">SliTaz Handbook (en)</font></h1>
paul@142 24 </div>
paul@142 25
paul@142 26 <!-- Content. -->
paul@142 27 <div id="content">
paul@142 28 <div class="content-right"></div>
paul@142 29
paul@142 30 <h2><font color="#df8f06">SliTaz and System Security</font></h2>
paul@142 31
paul@142 32 <ul>
paul@142 33 <li><a href="#policy">Security Policy.</a></li>
paul@142 34 <li><a href="#root">Root</a> - The system administrator.</li>
paul@142 35 <li><a href="#passwords">Passwords.</a></li>
paul@142 36 <li><a href="#busybox">Busybox</a> - Configuration file /etc/busybox.conf.</li>
paul@142 37 <li><a href="#web-server">LightTPD web server</a> - Disable the LightTPD web server.</li>
paul@142 38 <li><a href="#ssh">SSH server</a> - Default options.</li>
paul@142 39 <li><a href="#pscan">Pscan</a> - Scan for open ports.</li>
paul@142 40 <li><a href="network-config.html#firewall">Firewall (Iptables)</a> -
paul@142 41 The network firewall.</li>
paul@142 42 </ul>
paul@142 43
paul@142 44 <a name="policy"></a>
paul@142 45 <h3>Security Policy</h3>
paul@142 46 <p>
paul@142 47 SliTaz has given a lot of consideration to system security. Applications are tested for many months before being
paul@142 48 included in the distribution. At boot time, a minimum of services are launched by the rc scripts. For a complete
paul@142 49 lists of daemons enabled, you can look at the <code>RUN_DAEMONS</code> variable in the <code>/etc/rcS.conf</code> configuration
paul@142 50 file:
paul@142 51 </p>
paul@142 52 <pre> $ cat /etc/rcS.conf | grep RUN_DAEMONS
paul@142 53 </pre>
paul@142 54 <p>
paul@142 55 To view the actual processes, their PID and memory usage, you can use the 'ps' command or the 'htop'
paul@142 56 utility:
paul@142 57 </p>
paul@142 58 <pre> $ ps
paul@142 59 $ htop
paul@142 60 </pre>
paul@142 61
paul@142 62 <a name="root"></a>
paul@142 63 <h3>Root - The system administrator</h3>
paul@142 64 <p>
paul@142 65 In a GNU/Linux system, the <em>root</em> user is the system administrator. <em>root</em> has all the rights
paul@142 66 to the system files and that of the users. It is advisable never to log in as <em>root</em> by using the command
paul@142 67 <code>su</code> followed by the password to obtain absolute rights over the system. Never log in as <em>root</em> and surf the
paul@142 68 internet for example. This allows you to create a double barrier in the case of an attack or intrusion after a
paul@142 69 download and makes it harder for a <em>cracker</em> to take control of your machine - first he must crack your
paul@142 70 password and then crack the <em>root</em> password of the system administrator.
paul@142 71 </p>
paul@142 72 <p>
paul@142 73 A GNU/Linux system has secured at least two users, one to work and one to administer, configure
paul@142 74 or update the system (<code>root</code>). It's also advisable to entrust the administration of the
paul@142 75 system to a person.
paul@142 76 </p>
paul@142 77
paul@142 78 <a name="passwords"></a>
paul@142 79 <h3>Passwords</h3>
paul@142 80 <p>
paul@142 81 By default the SliTaz user <em>hacker</em> doesn't have a password and the system administrator <em>root</em>
paul@142 82 comes with the password (<em>root</em>). You can easily change these by using the <code>passwd</code> command:
paul@142 83 </p>
paul@142 84 <pre> $ passwd
paul@142 85 # passwd
paul@142 86 </pre>
paul@142 87
paul@142 88 <a name="busybox"></a>
paul@142 89 <h3>Busybox</h3>
paul@142 90 <p>
paul@142 91 The file busybox.conf configures the applets and their respective rights. On the SliTaz LiveCD the commands:
paul@142 92 su, passwd, loadkmap, mount, reboot and halt can be initiated by all users - the owner and group of these
paul@142 93 commands is <em>root</em> (<code>* = ssx root.root</code>). The busybox.conf file is readable by root,
paul@142 94 using the rights 600. Note that the <code>passwd</code> command will not allow users to change their own password
paul@142 95 if it is not ssx.
paul@142 96 </p>
paul@142 97
paul@142 98 <a name="web-server"></a>
paul@142 99 <h3>LightTPD web server</h3>
paul@142 100 <p>
paul@142 101 On SliTaz the LightTPD web server is enabled by default at system startup, if you don't intend to use SliTaz in a server
paul@142 102 environment, you can safely disable it by removing it from the <code>RUN_DAEMONS</code> variable in the
paul@142 103 <code>/etc/rcS.conf</code> configuration file or to stop it manually:
paul@142 104 </p>
paul@142 105 <pre> # /etc/init.d/lighttpd stop
paul@142 106 </pre>
paul@142 107
paul@142 108 <a name="ssh"></a>
paul@142 109 <h3>SSH Server</h3>
paul@142 110 <p>
paul@142 111 This small section is a compliment to the
paul@142 112 <a href="secure-server.html">Secure SHell (SSH)</a> page.
paul@142 113 On SliTaz the Dropbear SSH server is not run by default, we must add it to the variable
paul@142 114 <code>RUN_DAEMONS</code> in the configuration file <code>/etc/rcS.conf</code> for it to be
paul@142 115 enabled at system boot. Or to start the server manually:
paul@142 116 </p>
paul@142 117 <pre> # /etc/init.d/dropbear start
paul@142 118 </pre>
paul@142 119 <p>
paul@142 120 By default, Dropbear is launched with the following options:
paul@142 121 </p>
paul@142 122 <pre class="script"> -w Disallow root logins.
paul@142 123 -g Disallow logins for root password.
paul@142 124 </pre>
paul@142 125 <p>
paul@142 126 You can add new options by editing the daemons configuration file: <code>/etc/daemons.conf</code>.
paul@142 127 For all options, you can type: <code>dropbear -h</code>.
paul@142 128 </p>
paul@142 129
paul@142 130 <a name="pscan"></a>
paul@142 131 <h3>Pscan - Ports scanner</h3>
paul@142 132 <p>
paul@142 133 Pscan is a small utility of the Busybox project that scans the ports of your machine. You can use
paul@142 134 <code>pscan</code> to scan the localhost or a remote host using the name or IP address of the machine.
paul@142 135 Pscan will test all the ports from 1 - 1024 by default and list those that are open, their protocol
paul@142 136 and associated service (ssh, www, etc):
paul@142 137 </p>
paul@142 138 <pre> $ pscan localhost
paul@142 139 </pre>
paul@142 140
paul@142 141 <!-- End of content -->
paul@142 142 </div>
paul@142 143
paul@142 144 <!-- Footer. -->
paul@142 145 <div id="footer">
paul@142 146 <div class="footer-right"></div>
paul@142 147 <a href="#top">Top of the page</a> |
paul@142 148 <a href="index.html">Table of contents</a>
paul@142 149 </div>
paul@142 150
paul@142 151 <div id="copy">
paul@142 152 Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
paul@142 153 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
paul@142 154 Documentation is under
paul@142 155 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
paul@142 156 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
paul@142 157 </div>
paul@142 158
paul@142 159 </body>
paul@142 160 </html>
paul@142 161