hardening/fedora-hardening-guide-whole-en.xml/hardening fedora-hardening-guide-whole-en.xml, 1.1.1.1, 1.2

[Charles Heselton (cheselto)]

Author: cheselto

Update of /cvs/docs/hardening/fedora-hardening-guide-whole-en.xml/hardening
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23820

Modified Files:
	fedora-hardening-guide-whole-en.xml 
Log Message:
Spell check, and rework of 'sudo' section.



Index: fedora-hardening-guide-whole-en.xml
===================================================================
RCS file: /cvs/docs/hardening/fedora-hardening-guide-whole-en.xml/hardening/fedora-hardening-guide-whole-en.xml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- fedora-hardening-guide-whole-en.xml	17 May 2005 00:20:52 -0000	1.1.1.1
+++ fedora-hardening-guide-whole-en.xml	17 May 2005 01:22:25 -0000	1.2
@@ -358,7 +358,7 @@
 	      Now that we have all that <command>ftp</command> stuff out of the
 	      way, we can verify the file that has just been downloaded.  Since
 	      you have already gone through the trouble of creating your
-	      keyring, and signing the Linux Kernel Archinve's key, this
+	      keyring, and signing the Linux Kernel Archive's key, this
 	      is a easy as the single command below.
 	    </para>
 
@@ -462,19 +462,32 @@
       <para>
 	The file that <command>sudo</command> uses as its configuration file is
 	<filename>/etc/sudoers</filename>.  This file allows you to set up
-	commands and aliases that are allowed through <command>sudo</command>, and
-	which users are allowed to run them.  For more information on the details
+	command, host, and user aliases that are allowed through <command>sudo</command>, and
+	which users are allowed to run them, from which host, etc.  For more information on the details
 	of the <filename>sudoers</filename> file and how to configure it, take a
 	look at the <command>sudoers</command> man page.
       </para>
       
       <para>
-	If you add the line below to the file, it will allow your user account
-	access to all commands using the <command>sudo</command> command.  You
-	will have to type the root password for each command.
+	If you add the lines below to the <filename>/etc/sudoers</filename>
+	file, it will allow your user account access to command(s) specified by
+	the 'Cmnd_Alias' when you use the <command>sudo</command> command.  You will
+	have to type your password for each command.
       </para>
       
-<screen><userinput>yourusername ALL=(ALL) ALL</userinput></screen>
+<screen><userinput>
+Cmnd_Alias HARD = "gpg", "md5sum", "sudo", "yum", "rpm", "find", "pkill",
+	  "iptables", "umask", "chkconfig", "grep"
+yourusername ALL = HARD
+</userinput></screen>
+
+      <para>
+	The commands selected for this example <emphasis>should</emphasis>
+	provide all of the appropriate priveleges required by the instructions
+	in this guide.  If you would like a more complete configuration for your
+	implementation of <command>sudo</command>, please consult the
+	<command>man</command> page or the online documentation.
+      </para>
       
       <para>
 	For more information on how to configure sudo, you can view the manpage
@@ -1579,7 +1592,7 @@
 	password with 7 characters, even a "strong" password, yeilds only a
 	maximum of [still figuring this number] character combinations, which can be cracked rather
 	easily by today's brute force methods.  Increasing the minimum length to
-	8 characters ups the numbe of combinations to [still figuring this
+	8 characters ups the number of combinations to [still figuring this
 	number too].  Most security guides will advise a password of at least 8
 	characters, however, 12-16 characters is considered ",very
 	secure.