website rev 49
Add Security to Handbook (en)
author | Paul Issott <paul@slitaz.org> |
---|---|
date | Sun May 18 22:50:22 2008 +0000 (2008-05-18) |
parents | 658fcc712636 |
children | 3fd476d3b61f |
files | en/doc/handbook/index.html en/doc/handbook/secure-server.html en/doc/handbook/security.html |
line diff
1.1 --- a/en/doc/handbook/index.html Sat May 17 13:37:45 2008 +0200 1.2 +++ b/en/doc/handbook/index.html Sun May 18 22:50:22 2008 +0000 1.3 @@ -52,6 +52,7 @@ 1.4 <li><a href="web-server.html">Web server</a> - Configure and use the LightTPD web server.</li> 1.5 <li><a href="chroot-env.html">Chroot Environment</a> - Build a chroot to protect the host system.</li> 1.6 <li><a href="secure-server.html">Secure SHell (SSH)</a> - Secure login using Dropbear SSH client/server.</li> 1.7 + <li><a href="security.html">Security</a> - SliTaz and system security.</li> 1.8 </ul> 1.9 1.10 <h3>About this Handbook</h3>
2.1 --- a/en/doc/handbook/secure-server.html Sat May 17 13:37:45 2008 +0200 2.2 +++ b/en/doc/handbook/secure-server.html Sun May 18 22:50:22 2008 +0000 2.3 @@ -16,6 +16,7 @@ 2.4 <div id="header"> 2.5 <div id="quicknav" align="right"> 2.6 <a name="top"></a> 2.7 + <a href="security.html">Security</a> | 2.8 <a href="index.html">Table of contents</a> 2.9 </div> 2.10 <h1><font color="#3e1220">SliTaz Handbook (en)</font></h1>
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/en/doc/handbook/security.html Sun May 18 22:50:22 2008 +0000 3.3 @@ -0,0 +1,158 @@ 3.4 +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 3.5 +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>SliTaz Handbook (en) - Template</title> 3.6 + 3.7 + 3.8 + 3.9 + <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" /> 3.10 + <meta name="description" content="slitaz English handbook" /> 3.11 + <meta name="expires" content="never" /> 3.12 + <meta name="modified" content="2008-02-26 18:30:00" /> 3.13 + <meta name="publisher" content="www.slitaz.org" /> 3.14 + <meta name="author" content="Christophe Lincoln" /> 3.15 + <link rel="shortcut icon" href="favicon.ico" /> 3.16 + <link rel="stylesheet" type="text/css" href="book.css" /></head><body bgcolor="#ffffff"> 3.17 + 3.18 +<!-- Header and quick navigation --> 3.19 +<div id="header"> 3.20 +<div id="quicknav" align="right"> 3.21 + <a name="top"></a> 3.22 + <a href="index.html">Table of contents</a> 3.23 +</div> 3.24 +<h1><font color="#3e1220">SliTaz Handbook (en)</font></h1> 3.25 +</div> 3.26 + 3.27 +<!-- Content. --> 3.28 +<div id="content"> 3.29 +<div class="content-right"></div> 3.30 + 3.31 +<h2><font color="#df8f06">SliTaz and System Security</font></h2> 3.32 + 3.33 +<ul> 3.34 + <li><a href="#policy">Security Policy</a></li> 3.35 + <li><a href="#root">Root</a> - The system administrator.</li> 3.36 + <li><a href="#passwords">Passwords</a></li> 3.37 + <li><a href="#busybox">Busybox</a> - Configuration file /etc/busybox.conf.</li> 3.38 + <li><a href="#web-server">LightTPD web server</a> - Disable the LightTPD web server.</li> 3.39 + <li><a href="#ssh">SSH server</a> - Default options.</li> 3.40 + <li><a href="#pscan">Pscan</a> - Scan for open ports.</li> 3.41 + <li><a href="network-config.html#firewall">Firewall (Iptables)</a> - 3.42 + The network firewall.</li> 3.43 +</ul> 3.44 + 3.45 +<a name="policy"></a> 3.46 +<h3>Security Policy</h3> 3.47 +<p> 3.48 +SliTaz has given a lot of consideration to system security. Applications are tested for many months before being 3.49 +included in the distribution. At boot time, a minimum of services are launched by the rc scripts. For a complete 3.50 +lists of daemons enabled, you can look in the <code>RUN_DAEMONS</code> variable in the <code>/etc/rcS.conf</code> configuration 3.51 +file: 3.52 +</p> 3.53 +<pre> $ cat /etc/rcS.conf | grep RUN_DAEMONS 3.54 +</pre> 3.55 +<p> 3.56 +To view the actual processes, their PID and memory usage, you can use the 'ps' command or the 'htop' 3.57 +utility: 3.58 +</p> 3.59 +<pre> $ ps 3.60 + $ htop 3.61 +</pre> 3.62 + 3.63 +<a name="root"></a> 3.64 +<h3>Root - The system administrator</h3> 3.65 +<p> 3.66 +In a GNU/Linux system, the <em>root</em> user is the system administrator, <em>root</em> has all the rights 3.67 +to the system files and that of the users. It is advisable never to log in as <em>root</em> by using the command 3.68 +<code>su</code> followed by the password to obtain absolute rights over the system. Never log in as <em>root</em> and surf the 3.69 +internet for example, this allows you to create a double barrier in the case of an attack or intrusion after a 3.70 +download. This makes it harder for a <em>cracker</em> to take control of your machine - first he must crack your 3.71 +password and then crack the <em>root</em> password of the system administrator. 3.72 +</p> 3.73 +<p> 3.74 +A GNU/Linux system has secured at least two users, one to work and one to administer, configure 3.75 +or update the system (<code>root</code>). It's also advisable to entrust the administration of the 3.76 +system to a person. 3.77 +</p> 3.78 + 3.79 +<a name="passwords"></a> 3.80 +<h3>Passwords</h3> 3.81 +<p> 3.82 +By default the SliTaz user <em>hacker</em> doesn't have a password and the system administrator <em>root</em> 3.83 +comes with the password (<em>root</em>). You can easily change these by using the <code>passwd</code> command: 3.84 +</p> 3.85 +<pre> $ passwd 3.86 + # passwd 3.87 +</pre> 3.88 + 3.89 +<a name="busybox"></a> 3.90 +<h3>Busybox</h3> 3.91 +<p> 3.92 +The file busybox.conf configures the applets and their respective rights. On the SliTaz LiveCD the commands: 3.93 +su, passwd, loadkmap, mount, reboot and halt can be initiated by all users - the owner and group of these 3.94 +commands is <em>root</em> (<code>* = ssx root.root</code>). The busybox.conf file is readable by root, 3.95 +using the rights 600. Note that the <code>passwd</code> command will not allow users to change their own password 3.96 +if it is not ssx. 3.97 +</p> 3.98 + 3.99 +<a name="web-server"></a> 3.100 +<h3>LightTPD web server</h3> 3.101 +<p> 3.102 +On SliTaz the LightTPD web server is enabled by default at system startup, if you don't intend to use SliTaz in a server 3.103 +environment, you can safely disable it by removing it from the <code>RUN_DAEMONS</code> variable in the 3.104 +<code>/etc/rcS.conf</code> configuration file or to stop it manually: 3.105 +</p> 3.106 +<pre> # etc/init.d/lighttpd stop 3.107 +</pre> 3.108 + 3.109 +<a name="ssh"></a> 3.110 +<h3>SSH Server</h3> 3.111 +<p> 3.112 +This small section is a compliment to the 3.113 +<a href="secure-server.html">Secure SHell (SSH)</a> page. 3.114 +On SliTaz the Dropbear SSH server is not run by default, we must add it to the variable 3.115 +<code>RUN_DAEMONS</code> in the configuration file <code>/etc/rcS.conf</code> for it to be 3.116 +enabled at system boot. Or to start the server manually: 3.117 +</p> 3.118 +<pre> # /etc/init.d/dropbear start 3.119 +</pre> 3.120 +<p> 3.121 +By default Dropbear is launched with the following options: 3.122 +</p> 3.123 +<pre class="script"> -w Disallow root logins. 3.124 + -g Disallow logins for root password. 3.125 +</pre> 3.126 +<p> 3.127 +You can add new options by editing the daemons configuration file: <code>/etc/daemons.conf</code>. 3.128 +For all options, you can type: <code>dropbear -h</code>. 3.129 +</p> 3.130 + 3.131 +<a name="pscan"></a> 3.132 +<h3>Pscan - Ports scanner</h3> 3.133 +<p> 3.134 +Pscan is a small utility of the Busybox project, it scans the ports of your machine. You can use 3.135 +<code>pscan</code> to scan the localhost or a remote host using the name or IP address of the machine. 3.136 +Pscan will test all the ports from 1 - 1024 by default and list those that are open, their protocol 3.137 +and associated service (ssh, www, etc): 3.138 +</p> 3.139 +<pre> $ pscan localhost 3.140 +</pre> 3.141 + 3.142 +<!-- End of content --> 3.143 +</div> 3.144 + 3.145 +<!-- Footer. --> 3.146 +<div id="footer"> 3.147 + <div class="footer-right"></div> 3.148 + <a href="#top">Top of the page</a> | 3.149 + <a href="http://www.slitaz.org/en/doc/handbook/index.html">Table of contents</a> 3.150 +</div> 3.151 + 3.152 +<div id="copy"> 3.153 + Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> - 3.154 + <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br /> 3.155 + Documentation is under 3.156 + <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a> 3.157 + and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>. 3.158 +</div> 3.159 + 3.160 +</body></html> 3.161 +