hardening/fedora-hardening-guide-whole-en.xml/hardening fedora-hardening-guide-whole-en.xml, 1.1.1.1, 1.2
Charles Heselton (cheselto)
fedora-docs-commits at redhat.com
Tue May 17 01:22:27 UTC 2005
Author: cheselto
Update of /cvs/docs/hardening/fedora-hardening-guide-whole-en.xml/hardening
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23820
Modified Files:
fedora-hardening-guide-whole-en.xml
Log Message:
Spell check, and rework of 'sudo' section.
Index: fedora-hardening-guide-whole-en.xml
===================================================================
RCS file: /cvs/docs/hardening/fedora-hardening-guide-whole-en.xml/hardening/fedora-hardening-guide-whole-en.xml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- fedora-hardening-guide-whole-en.xml 17 May 2005 00:20:52 -0000 1.1.1.1
+++ fedora-hardening-guide-whole-en.xml 17 May 2005 01:22:25 -0000 1.2
@@ -358,7 +358,7 @@
Now that we have all that <command>ftp</command> stuff out of the
way, we can verify the file that has just been downloaded. Since
you have already gone through the trouble of creating your
- keyring, and signing the Linux Kernel Archinve's key, this
+ keyring, and signing the Linux Kernel Archive's key, this
is a easy as the single command below.
</para>
@@ -462,19 +462,32 @@
<para>
The file that <command>sudo</command> uses as its configuration file is
<filename>/etc/sudoers</filename>. This file allows you to set up
- commands and aliases that are allowed through <command>sudo</command>, and
- which users are allowed to run them. For more information on the details
+ command, host, and user aliases that are allowed through <command>sudo</command>, and
+ which users are allowed to run them, from which host, etc. For more information on the details
of the <filename>sudoers</filename> file and how to configure it, take a
look at the <command>sudoers</command> man page.
</para>
<para>
- If you add the line below to the file, it will allow your user account
- access to all commands using the <command>sudo</command> command. You
- will have to type the root password for each command.
+ If you add the lines below to the <filename>/etc/sudoers</filename>
+ file, it will allow your user account access to command(s) specified by
+ the 'Cmnd_Alias' when you use the <command>sudo</command> command. You will
+ have to type your password for each command.
</para>
-<screen><userinput>yourusername ALL=(ALL) ALL</userinput></screen>
+<screen><userinput>
+Cmnd_Alias HARD = "gpg", "md5sum", "sudo", "yum", "rpm", "find", "pkill",
+ "iptables", "umask", "chkconfig", "grep"
+yourusername ALL = HARD
+</userinput></screen>
+
+ <para>
+ The commands selected for this example <emphasis>should</emphasis>
+ provide all of the appropriate priveleges required by the instructions
+ in this guide. If you would like a more complete configuration for your
+ implementation of <command>sudo</command>, please consult the
+ <command>man</command> page or the online documentation.
+ </para>
<para>
For more information on how to configure sudo, you can view the manpage
@@ -1579,7 +1592,7 @@
password with 7 characters, even a "strong" password, yeilds only a
maximum of [still figuring this number] character combinations, which can be cracked rather
easily by today's brute force methods. Increasing the minimum length to
- 8 characters ups the numbe of combinations to [still figuring this
+ 8 characters ups the number of combinations to [still figuring this
number too]. Most security guides will advise a password of at least 8
characters, however, 12-16 characters is considered ",very
secure.
More information about the Fedora-docs-commits
mailing list