release-notes/en FileServers-en.xml, 1.4, 1.5 Security-en.xml, 1.4, 1.5 WebServers-en.xml, 1.4, 1.5
Paul W. Frields (pfrields)
fedora-docs-commits at redhat.com
Mon Feb 13 03:59:52 UTC 2006
- Previous message (by thread): release-notes/en Java-en.xml,1.3,1.4
- Next message (by thread): release-notes/en Desktop-en.xml, 1.3, 1.4 Feedback-en.xml, 1.3, 1.4 FileSystems-en.xml, 1.3, 1.4 Kernel-en.xml, 1.4, 1.5 Printing-en.xml, 1.3, 1.4 ServerTools-en.xml, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pfrields
Update of /cvs/docs/release-notes/en
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11781/en
Modified Files:
FileServers-en.xml Security-en.xml WebServers-en.xml
Log Message:
More quick and dirty editing
Index: FileServers-en.xml
===================================================================
RCS file: /cvs/docs/release-notes/en/FileServers-en.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- FileServers-en.xml 13 Feb 2006 02:28:20 -0000 1.4
+++ FileServers-en.xml 13 Feb 2006 03:59:44 -0000 1.5
@@ -5,45 +5,19 @@
<title>Temp</title>
</articleinfo>
<section id="sn-FileServers">
- <title>Docs/Beats/FileServers</title>
- <para>This page is a stub for content. If you have a contribution for this release notes beat for the test release of Fedora Core, add it to this page or create a sub-page. </para>
- <para>Beat writers: this is where you want to fill in with instructions about how to post relevant information. Any questions that come up can be taken to a bugzilla report for discussion to resolution, or to fedora-docs-list for wider discussions. </para>
- <para>
- </para>
- </section>
- <section>
<title>File Servers</title>
<para>This section refers to file transfer and sharing servers. Please refer to the Web Servers and Samba sections for information on HTTP (Web) file transfer and Samba (Windows) file sharing. </para>
<section>
<title>Netatalk (Macintosh Compatibility)</title>
<para>This section contains information related to Netatalk, a suite of software that enables Linux to interact with Macintosh systems using the <ulink url='/AppleTalk'>AppleTalk</ulink> network protocols. </para>
- <section>
- <title>netatalk</title>
- <para>Fedora includes version 2 of Netatalk. </para>
- <itemizedlist>
- <listitem>
- <para>
- <inlinemediaobject>
- <imageobject>
- <imagedata width='15' fileref='/wiki/ntheme/img/alert.png' depth='15'/>
- </imageobject>
- <textobject>
- <phrase>/!\</phrase>
- </textobject>
- </inlinemediaobject> Upgrading from Netatalk version 1 to version 2 may result in data loss. </para>
- </listitem>
- </itemizedlist>
+ <warning>
+ <title>
+Upgrading from Netatalk version 1 to version 2 may result in data loss. </title>
<para>Version 2 of Netatalk uses a different method to store file resource forks from the previous version, and may require a different file name encoding scheme. Please read the documentation and plan your migration before upgrading. </para>
- <para>Upgrade information is available directly from the Netatalk site: </para>
- <itemizedlist>
- <listitem>
- <para>
- <ulink url='http://netatalk.sourceforge.net/2.0/htmldocs/upgrade.html'>http://netatalk.sourceforge.net/2.0/htmldocs/upgrade.html</ulink>
+ </warning>
+ <para>Upgrade information is available directly from the Netatalk site at <ulink url='http://netatalk.sourceforge.net/2.0/htmldocs/upgrade.html'>http://netatalk.sourceforge.net/2.0/htmldocs/upgrade.html</ulink>.
</para>
- </listitem>
- </itemizedlist>
<para>The documentation is also included in the netatalk package. Refer to either <command>/usr/share/doc/netatalk-2.0.2/doc/htmldocs/upgrade.html</command>, or <command>/usr/share/doc/netatalk-2.0.2/doc/Netatalk-Manual.pdf</command> (numbered page 25, document page 33). </para>
- </section>
</section>
</section>
</article>
Index: Security-en.xml
===================================================================
RCS file: /cvs/docs/release-notes/en/Security-en.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Security-en.xml 13 Feb 2006 02:28:20 -0000 1.4
+++ Security-en.xml 13 Feb 2006 03:59:44 -0000 1.5
@@ -7,35 +7,6 @@
<section id="sn-Security">
<title>Security</title>
<para>This section highlights various security items from Fedora Core. </para>
- <itemizedlist>
- <listitem>
- <table><title>FIXME</title><tgroup cols="1"><tbody>
-
- <row>
- <entry>
- <para>
- <inlinemediaobject>
- <imageobject>
- <imagedata width='16' fileref='/wiki/ntheme/img/icon-info.png' depth='16'/>
- </imageobject>
- <textobject>
- <phrase>{i}</phrase>
- </textobject>
- </inlinemediaobject>
- <emphasis role='strong'>Comment for beat writer <ulink url='/JoshBressers'>JoshBressers</ulink>
- </emphasis>
- </para>
- </entry>
- </row>
- <row>
- <entry>
- <para> fstack-protecter information was provided by Arjan. I will add more information on fortify source after reading up the relevant material. Should also add introductory information on SELinux, link to SELinux FAQ. Write about the various security features like /dev/mem restriction, Exec Shield, PIE, ELF hardening in <ulink url='/Security/Features'> Security Features</ulink> page and link from this section to provide a comprehensive overview of the security features available in addition to others like firewall or network services like sendmail only listening to localhost - <ulink url='/RahulSundaram'>RahulSundaram</ulink>
- </para>
- </entry>
- </row>
- </tbody></tgroup></table>
- </listitem>
- </itemizedlist>
<section>
<title>General Information</title>
<para>General introduction to the many proactive security features in Fedora, current status and policies is available from this page: </para>
@@ -46,49 +17,59 @@
<section>
<title>What's New</title>
<section>
- <title>PAM module Deprecation</title>
+ <title>PAM Module Deprecation</title>
<para>
<command>Pam_stack</command> is deprecated in this release. </para>
<para>Linux-PAM 0.78 and later contains the include directive which obsoletes the <command>pam_stack</command> module. <command>pam_stack</command> module usage is logged with a deprecation warning. It might be removed in a future release. It must not be used in individual service configurations anymore. All packages in Fedora Core using PAM were modified so they do not use it. </para>
- <itemizedlist>
- <listitem>
- <table><title>FIXME</title><tgroup cols="1"><tbody>
-
- <row>
- <entry>
- <para>
- <inlinemediaobject>
- <imageobject>
- <imagedata width='15' fileref='/wiki/ntheme/img/idea.png' depth='15'/>
- </imageobject>
- <textobject>
- <phrase>(!)</phrase>
- </textobject>
- </inlinemediaobject>
- <emphasis role='strong'>Upgraded installations using older PAM stacks need manual intervention</emphasis>
- </para>
- </entry>
- </row>
- </tbody></tgroup></table>
+ <important>
+ <title>Upgraded installations using older PAM stacks need manual intervention</title>
<para> When a system is upgraded from previous Fedora Core releases and the system admininstrator previously modified some service configurations, those modified configuration files are not replaced when new packages are installed. Instead, the new configuration fiels are created as <command>.rpmnew</command> files. Such service configurations must be fixed so the <command>pam_stack</command> module is not used. Refer to the <command>.rpmnew</command> files for the actual changes needed. </para>
<screen>diff -u /etc/pam.d/foo /etc/pam.d/foo.rpmnew</screen>
- </listitem>
- </itemizedlist>
+ </important>
<para>Example /etc/pam.d/login: </para>
- <itemizedlist>
- <listitem>
- <screen>#%PAM-1.0auth required pam_securetty.soauth required pam_stack.so service=system-authauth required pam_nologin.soaccount required pam_stack.so service=system-authpassword required pam_stack.so service=system-auth# pam_selinux.so close should be the first session rulesession required pam_selinux.so closesession required pam_stack.so service=system-authsession required pam_loginuid.sosession optional pam_console.so# pam_selinux.so open should be the last session rulesession required pam_selinux.so open#%PAM-1.0auth required pam_securetty.soauth include system-auth# no module should remain after 'include' if 'sufficient' might# be used in the included configuration file# pam_nologin moved to account phase - it's more appropriate there# other modules might be moved before the system-auth 'include'account required pam_nologin.soaccount include sys!
tem-authpassword include system-auth# pam_selinux.so close should be the first session rulesession required pam_selinux.so closesession include system-auth# the system-auth config doesn't contain sufficient modules# in the session phasesession required pam_loginuid.sosession optional pam_console.so# pam_selinux.so open should be the last session rulesession required pam_selinux.so open</screen>
- </listitem>
- </itemizedlist>
+ <screen>
+<computeroutput># OLD VERSION
+#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_stack.so service=system-auth
+auth required pam_nologin.so
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session required pam_stack.so service=system-auth
+session required pam_loginuid.so
+session optional pam_console.so
+# pam_selinux.so open should be the last session rule
+session required pam_selinux.so open</computeroutput>
+ </screen>
+ <screen>
+<computeroutput># NEW VERSION
+#%PAM-1.0
+auth required pam_securetty.so
+auth include system-auth
+# no module should remain after 'include' if 'sufficient' might
+# be used in the included configuration file
+# pam_nologin moved to account phase - it's more appropriate there
+# other modules might be moved before the system-auth 'include'
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session include system-auth
+# the system-auth config doesn't contain sufficient modules
+# in the session phase
+session required pam_loginuid.so
+session optional pam_console.so
+# pam_selinux.so open should be the last session rule
+session required pam_selinux.so open</computeroutput>
+ </screen>
</section>
<section>
<title>Buffer Overflow detection and variable reordering</title>
<para>All of the software in Fedora Core and Extras software repository for this release is compiled using a security feature called <command>fstack-protecter</command>. <command>fstack-protector</command> puts a canary value on the stack of <emphasis>key</emphasis> functions, just before the return address and just before returning from that value. Then the canary value is verified, and if there was a buffer overflow, the canary will no longer match and the program aborts. The canary value is random for each time the application is started and makes it impossible to guess remotely. This is a security feature written by Red Hat developers as a rewritten implementation of the IBM <ulink url='http://www.research.ibm.com/trl/projects/security/ssp/'>ProPolice/SSP</ulink> feature and available as part of GCC 4.1 compiler used in Fedora Core . </para>
<para>This is in addition to using <command>FORTIFY_SOURCE</command> from Fedora Core 4 onwards. </para>
- <para>
- </para>
- <para>
- </para>
</section>
</section>
</section>
Index: WebServers-en.xml
===================================================================
RCS file: /cvs/docs/release-notes/en/WebServers-en.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- WebServers-en.xml 13 Feb 2006 02:28:20 -0000 1.4
+++ WebServers-en.xml 13 Feb 2006 03:59:44 -0000 1.5
@@ -37,9 +37,9 @@
</listitem>
</itemizedlist>
<para>Any third-party modules compiled for <command>httpd</command> 2.0 must be rebuilt for <command>httpd</command> 2.2. </para>
- <para>Any existing configuration files might need adapting for 2.2, refer to this page for more information: </para>
- <para>
- <ulink url='http://httpd.apache.org/docs/2.2/upgrading.html'>http://httpd.apache.org/docs/2.2/upgrading.html</ulink>
+ <para>Any existing configuration files might need adapting for 2.2. For
+ more information, refer to
+ <ulink url='http://httpd.apache.org/docs/2.2/upgrading.html'>http://httpd.apache.org/docs/2.2/upgrading.html</ulink>.
</para>
</section>
<section>
- Previous message (by thread): release-notes/en Java-en.xml,1.3,1.4
- Next message (by thread): release-notes/en Desktop-en.xml, 1.3, 1.4 Feedback-en.xml, 1.3, 1.4 FileSystems-en.xml, 1.3, 1.4 Kernel-en.xml, 1.4, 1.5 Printing-en.xml, 1.3, 1.4 ServerTools-en.xml, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-docs-commits
mailing list