ACC SHELL

Path : /usr/share/doc/manual/opensuse-manuals_en/manual/
File Upload :
Current File : //usr/share/doc/manual/opensuse-manuals_en/manual/book.security.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Security Guide</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="index.html" title="Documentation"><link rel="prev" href="part.appendix.html" title="Part VII. Appendix"><link rel="next" href="preface.security.html" title="About This Guide"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> &gt; </span><strong> <a accesskey="n" title="About This Guide" href="preface.security.html"><span>&#9654;</span></a></strong></p></div></td></tr></table></div><div lang="en" class="book" title="Security Guide"><div class="titlepage"><div><div><div xmlns="http://www.w3.org/1999/xhtml"><h1 class="productname">openSUSE</h1></div></div><div><h1 class="title"><a name="book.security"></a>Security Guide</h1></div><div class="buildtime"><p>12/27/2010</p></div><div><div class="legalnotice" title="Legal Notice"><a name="id574053"></a><p>
  Copyright © 2006&#8211;2010

  Novell, Inc. and contributors. All rights reserved.
 </p><p>
  Permission is granted to copy, distribute and/or modify this document
  under the terms of the GNU Free Documentation License, Version 1.2 or (at
  your option) version 1.3; with the Invariant Section being this copyright
  notice and license. A copy of the license version 1.2 is included in the
  section entitled <span class="quote">&#8220;<span class="quote">GNU Free Documentation License</span>&#8221;</span>.
 </p><p>
  For Novell trademarks, see the Novell Trademark and Service Mark list
  <a class="ulink" href="http://www.novell.com/company/legal/trademarks/tmlist.html" target="_top">http://www.novell.com/company/legal/trademarks/tmlist.html</a>.
  Linux* is a registered trademark of Linus Torvalds. All other third party
  trademarks are the property of their respective owners. A trademark symbol
  (®, &#8482; etc.) denotes a Novell trademark; an asterisk (*) denotes
  a third party trademark.
 </p><p>
  All information found in this book has been compiled with utmost attention
  to detail. However, this does not guarantee complete accuracy. Neither
  Novell, Inc., SUSE LINUX Products GmbH, the authors, nor the translators
  shall be held liable for possible errors or the consequences thereof.
 </p></div></div></div><div></div><hr></div><div class="toc"><p><b>Contents</b></p><dl><dt><span class="preface"><a href="preface.security.html">About This Guide</a></span></dt><dd><dl><dt><span class="sect1"><a href="preface.security.html#id571764">1. Available Documentation</a></span></dt><dt><span class="sect1"><a href="preface.security.html#id572088">2. Feedback</a></span></dt><dt><span class="sect1"><a href="preface.security.html#id572331">3. Documentation Conventions</a></span></dt><dt><span class="sect1"><a href="preface.security.html#id571036">4. About the Making of This Manual</a></span></dt><dt><span class="sect1"><a href="preface.security.html#id570981">5. Source Code</a></span></dt><dt><span class="sect1"><a href="preface.security.html#id570933">6. Acknowledgments</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.html">1. Security and Confidentiality</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.html#sec.security.general.overview">1.1. Local Security and Network Security</a></span></dt><dt><span class="sect1"><a href="cha.security.html#sec.security.general.tips">1.2. Some General Security Tips and Tricks</a></span></dt><dt><span class="sect1"><a href="cha.security.html#sec.security.general.report">1.3. Using the Central Security Reporting Address</a></span></dt></dl></dd><dt><span class="part"><a href="part.auth.html">I. Authentication</a></span></dt><dd><dl><dt><span class="chapter"><a href="cha.pam.html">2. Authentication with PAM</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.pam.html#sec.security.pam.whatis">2.1. What is PAM?</a></span></dt><dt><span class="sect1"><a href="cha.pam.html#sec.pam.struc.files">2.2. Structure of a PAM Configuration File</a></span></dt><dt><span class="sect1"><a href="cha.pam.html#sec.pam.struc.format">2.3. The PAM Configuration of sshd</a></span></dt><dt><span class="sect1"><a href="cha.pam.html#sec.pam.struc.conf">2.4. Configuration of PAM Modules</a></span></dt><dt><span class="sect1"><a href="cha.pam.html#sec.pam.pam-config">2.5. Configuring PAM Using pam-config</a></span></dt><dt><span class="sect1"><a href="cha.pam.html#sec.pam.info">2.6. For More Information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.nis.html">3. Using NIS</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.nis.html#sec.nis.server">3.1. Configuring NIS Servers</a></span></dt><dt><span class="sect1"><a href="cha.nis.html#sec.nis.client">3.2. Configuring NIS Clients</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.ldap.html">4. LDAP&#8212;A Directory Service</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.vs_nis">4.1. LDAP versus NIS</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.tree">4.2. Structure of an LDAP Directory Tree</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.yast">4.3. Configuring an LDAP Server with YaST</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.yast.client">4.4. Configuring an LDAP Client with YaST</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.yast.usergr">4.5. Configuring LDAP Users and Groups in YaST</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.browse">4.6. Browsing the LDAP Directory Tree</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.slapd">4.7. Manually Configuring an LDAP Server</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.data">4.8. Manually Administering LDAP Data</a></span></dt><dt><span class="sect1"><a href="cha.security.ldap.html#sec.security.ldap.info">4.9. For More Information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.ad.html">5. Active Directory Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.ad.html#sec.security.ad.integrate">5.1. Integrating Linux and AD Environments</a></span></dt><dt><span class="sect1"><a href="cha.security.ad.html#sec.security.ad.background">5.2. Background Information for Linux AD Support</a></span></dt><dt><span class="sect1"><a href="cha.security.ad.html#sec.security.ad.config">5.3. Configuring a Linux Client for Active Directory</a></span></dt><dt><span class="sect1"><a href="cha.security.ad.html#sec.security.ad.login">5.4. Logging In to an AD Domain</a></span></dt><dt><span class="sect1"><a href="cha.security.ad.html#sec.security.ad.passwd">5.5. Changing Passwords</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.kerberos.html">6. Network Authentication with Kerberos</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.kerberos.html#sec.security.kerberos.terms">6.1. Kerberos Terminology</a></span></dt><dt><span class="sect1"><a href="cha.security.kerberos.html#sec.security.kerberos.how">6.2. How Kerberos Works</a></span></dt><dt><span class="sect1"><a href="cha.security.kerberos.html#sec.security.kerberos.users">6.3. Users' View of Kerberos</a></span></dt><dt><span class="sect1"><a href="cha.security.kerberos.html#sec.security.kerberos.admin">6.4. Installing and Administering Kerberos</a></span></dt><dt><span class="sect1"><a href="cha.security.kerberos.html#sec.security.kerberos.info">6.5. For More Information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.fp.html">7. Using the Fingerprint Reader</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.fp.html#sec.security.fp.supported">7.1. Supported Applications and Actions</a></span></dt><dt><span class="sect1"><a href="cha.security.fp.html#sec.security.fp.yast">7.2. Managing Fingerprints with YaST</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="part.local_security.html">II. Local Security</a></span></dt><dd><dl><dt><span class="chapter"><a href="cha.security.yast_security.html">8. Configuring Security Settings with YaST</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.yast_security.html#sec.security.yast_security.overview">8.1. <span class="guimenu">Security Overview</span></a></span></dt><dt><span class="sect1"><a href="cha.security.yast_security.html#sec.security.yast_security.predefined_configs">8.2. <span class="guimenu">Predefined Security Configurations</span></a></span></dt><dt><span class="sect1"><a href="cha.security.yast_security.html#sec.security.yast_security.password">8.3. <span class="guimenu">Password Settings</span></a></span></dt><dt><span class="sect1"><a href="cha.security.yast_security.html#sec.security.yast_security.boot">8.4. Boot Settings</a></span></dt><dt><span class="sect1"><a href="cha.security.yast_security.html#sec.security.yast_security.login">8.5. Login Settings</a></span></dt><dt><span class="sect1"><a href="cha.security.yast_security.html#sec.security.yast_security.user">8.6. User Addition</a></span></dt><dt><span class="sect1"><a href="cha.security.yast_security.html#sec.security.yast_security.misc">8.7. Miscellaneous Settings</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.policykit.html">9. PolicyKit</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.policykit.html#sec.security.policykit.authorizations">9.1. Available Policies and Supported Applications</a></span></dt><dt><span class="sect1"><a href="cha.security.policykit.html#sec.security.policykit.types">9.2. Authorization Types</a></span></dt><dt><span class="sect1"><a href="cha.security.policykit.html#sec.security.policykit.change">9.3. Modifying and Setting Privileges</a></span></dt><dt><span class="sect1"><a href="cha.security.policykit.html#id583618">9.4. For more information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.acls.html">10. Access Control Lists in Linux</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.acls.html#sec.security.acls.traditional">10.1. Traditional File Permissions</a></span></dt><dt><span class="sect1"><a href="cha.security.acls.html#sec.security.acls.intro">10.2. Advantages of ACLs</a></span></dt><dt><span class="sect1"><a href="cha.security.acls.html#sec.security.acls.defs">10.3. Definitions</a></span></dt><dt><span class="sect1"><a href="cha.security.acls.html#sec.security.acls.handle">10.4. Handling ACLs</a></span></dt><dt><span class="sect1"><a href="cha.security.acls.html#sec.security.acls.future">10.5. ACL Support in Applications</a></span></dt><dt><span class="sect1"><a href="cha.security.acls.html#sec.security.acls.info">10.6. For More Information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.cryptofs.html">11. Encrypting Partitions and Files</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.cryptofs.html#sec.security.cryptofs.y2">11.1. Setting Up an Encrypted File System with YaST</a></span></dt><dt><span class="sect1"><a href="cha.security.cryptofs.html#sec.security.cryptofs.y2.homes">11.2. Using Encrypted Home Directories</a></span></dt><dt><span class="sect1"><a href="cha.security.cryptofs.html#sec.security.cryptofs.vi">11.3. Using vi to Encrypt Single ASCII Text Files</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.aide.html">12. Intrusion Detection with AIDE</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.aide.html#sec.aide.why">12.1. Why Using AIDE?</a></span></dt><dt><span class="sect1"><a href="cha.aide.html#sec.aide.setup">12.2. Setting Up an AIDE Database</a></span></dt><dt><span class="sect1"><a href="cha.aide.html#sec.aide.check">12.3. Local AIDE Checks</a></span></dt><dt><span class="sect1"><a href="cha.aide.html#sec.aide.independent">12.4. System Independent Checking</a></span></dt><dt><span class="sect1"><a href="cha.aide.html#sec.aide.more">12.5. For More Information</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="part.network_security.html">III. Network Security</a></span></dt><dd><dl><dt><span class="chapter"><a href="cha.ssh.html">13. SSH: Secure Network Operations</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.impl">13.1. The OpenSSH Package</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.programm">13.2. The ssh Program</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.copy">13.3. scp&#8212;Secure Copy</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.sftp">13.4. sftp&#8212;Secure File Transfer</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.sshdserver">13.5. The SSH Daemon (sshd)&#8212;Server-Side</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.authentic">13.6. SSH Authentication Mechanisms</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.pipe">13.7. X, Authentication, and Forwarding Mechanisms</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.ssh.yast">13.8. Configuring An SSH Daemon with YaST</a></span></dt><dt><span class="sect1"><a href="cha.ssh.html#sec.security.ssh.moreinfo">13.9. For More Information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.firewall.html">14. Masquerading and Firewalls</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.firewall.html#sec.security.firewall.iptables">14.1. Packet Filtering with iptables</a></span></dt><dt><span class="sect1"><a href="cha.security.firewall.html#sec.security.firewall.masq">14.2. Masquerading Basics</a></span></dt><dt><span class="sect1"><a href="cha.security.firewall.html#sec.security.firewall.fw">14.3. Firewalling Basics</a></span></dt><dt><span class="sect1"><a href="cha.security.firewall.html#sec.security.firewall.SuSE">14.4. SuSEfirewall2</a></span></dt><dt><span class="sect1"><a href="cha.security.firewall.html#sec.security.firewall.info">14.5. For More Information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.vpnserver.html">15. Configuring VPN Server</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.vpnserver.html#sec.security.vpn.overview">15.1. Overview</a></span></dt><dt><span class="sect1"><a href="cha.security.vpnserver.html#sec.security.vpn.simplest">15.2. Creating the Simplest VPN Example</a></span></dt><dt><span class="sect1"><a href="cha.security.vpnserver.html#sec.security.vpn.ca">15.3. Setting Up Your VPN Server Using Certificate Authority</a></span></dt><dt><span class="sect1"><a href="cha.security.vpnserver.html#sec.security.vpn.nameserver">15.4. Changing Nameservers in VPN</a></span></dt><dt><span class="sect1"><a href="cha.security.vpnserver.html#sec.security.vpn.tools-client">15.5. KDE- and GNOME Applets For Clients</a></span></dt><dt><span class="sect1"><a href="cha.security.vpnserver.html#sec.security.vpn.moreinfo">15.6. For More Information</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.security.yast_ca.html">16. Managing X.509 Certification</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.security.yast_ca.html#sec.security.yast_ca.intro">16.1. The Principles of Digital Certification</a></span></dt><dt><span class="sect1"><a href="cha.security.yast_ca.html#sec.security.yast_ca.module">16.2. YaST Modules for CA Management</a></span></dt></dl></dd></dl></dd><dt><span class="part"><a href="part.apparmor.html">IV. Confining Privileges with Novell AppArmor</a></span></dt><dd><dl><dt><span class="chapter"><a href="cha.apparmor.intro.html">17. Introducing AppArmor</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.intro.html#sec.apparmor.intro.background">17.1. Background Information on AppArmor Profiling</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.start.html">18. Getting Started</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.start.html#sec.apparmor.start.install">18.1. Installing Novell AppArmor</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.start.html#sec.apparmor.start.enable">18.2. Enabling and Disabling Novell AppArmor</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.start.html#sec.apparmor.start.choose">18.3. Choosing the Applications to Profile</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.start.html#sec.apparmor.start.build">18.4. Building and Modifying Profiles</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.start.html#sec.apparmor.start.report">18.5. Configuring Novell AppArmor Event Notification and Reports</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.start.html#sec.apparmor.start.update">18.6. Updating Your Profiles</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.concept.html">19. Immunizing Programs</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.concept.html#sec.apparmor.concept.tools">19.1. Introducing the AppArmor Framework</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.concept.html#sec.apparmor.concept.determine">19.2. Determining Programs to Immunize</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.concept.html#sec.apparmor.concept.cron">19.3. Immunizing cron Jobs</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.concept.html#sec.apparmor.concept.network">19.4. Immunizing Network Applications</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.profiles.html">20. Profile Components and Syntax</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.parts">20.1. Breaking a Novell AppArmor Profile into Its Parts</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.types">20.2. Profile Types</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.includes">20.3. <code class="literal">#include</code> Statements</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.capabilities">20.4. Capability Entries (POSIX.1e)</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.nac">20.5. Network Access Control</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.glob">20.6. Paths and Globbing</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.perm">20.7. File Permission Access Modes</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.exec">20.8. Execute Modes</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.rlimit">20.9. Resource Limit Control</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.audit">20.10. Auditing Rules</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.profiles.html#sec.apparmor.profiles.set_capabilities">20.11. Setting Capabilities per Profile</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.repos.html">21. AppArmor Profile Repositories</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.repos.html#sec.apparmor.repos.local">21.1. Using the Local Repository</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.repos.html#sec.apparmor.repos.external">21.2. Using the External Repository</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.yast.html">22. Building and Managing Profiles with YaST</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.yast.html#sec.apparmor.yast.wizard">22.1. Adding a Profile Using the Wizard</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.yast.html#sec.apparmor.yast.add">22.2. Manually Adding a Profile</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.yast.html#sec.apparmor.yast.edit">22.3. Editing Profiles</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.yast.html#sec.apparmor.yast.del">22.4. Deleting a Profile</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.yast.html#sec.apparmor.yast.update">22.5. Updating Profiles from Log Entries</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.yast.html#sec.apparmor.yast.manage">22.6. Managing Novell AppArmor and Security Event Status</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.commandline.html">23. Building Profiles from the Command Line</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.commandline.html#sec.apparmor.commandline.status">23.1. Checking the AppArmor Module Status</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.commandline.html#sec.apparmor.commandline.build">23.2. Building AppArmor Profiles</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.commandline.html#sec.apparmor.commandline.add">23.3. Adding or Creating an AppArmor Profile</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.commandline.html#sec.apparmor.commandline.edit">23.4. Editing an AppArmor Profile</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.commandline.html#sec.apparmor.commandline.del">23.5. Deleting an AppArmor Profile</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.commandline.html#sec.apparmor.commandline.profiling">23.6. Two Methods of Profiling</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.commandline.html#sec.apparmor.commandline.filenames">23.7. Important Filenames and Directories</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.hat.html">24. Profiling Your Web Applications Using ChangeHat</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.hat.html#sec.apparmor.hat.apache">24.1. Apache ChangeHat</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.hat.html#sec.apparmor.hat.config">24.2. Configuring Apache for mod_apparmor</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.pam.html">25. Confining Users with <code class="systemitem">pam_apparmor</code></a></span></dt><dt><span class="chapter"><a href="cha.apparmor.managing.html">26. Managing Profiled Applications</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.managing.html#sec.apparmor.managing.monitor">26.1. Monitoring Your Secured Applications</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.managing.html#sec.apparmor.managing.config_sen">26.2. Configuring Security Event Notification</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.managing.html#sec.apparmor.managing.config_reports">26.3. Configuring Reports</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.managing.html#sec.apparmor.managing.dmon">26.4. Configuring and Using the AppArmor Desktop Monitor Applet</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.managing.html#sec.apparmor.managing.react">26.5. Reacting to Security Event Rejections</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.managing.html#sec.apparmor.managing.maintain">26.6. Maintaining Your Security Profiles</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.support.html">27. Support</a></span></dt><dd><dl><dt><span class="sect1"><a href="cha.apparmor.support.html#sec.apparmor.support.updating">27.1. Updating Novell AppArmor Online</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.support.html#sec.apparmor.support.man">27.2. Using the Man Pages</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.support.html#sec.apparmor.support.info">27.3. For More Information</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.support.html#sec.apparmor.support.trouble">27.4. Troubleshooting</a></span></dt><dt><span class="sect1"><a href="cha.apparmor.support.html#sec.apparmor.support.bugs">27.5. Reporting Bugs for AppArmor</a></span></dt></dl></dd><dt><span class="chapter"><a href="cha.apparmor.glossary.html">28. AppArmor Glossary</a></span></dt></dl></dd><dt><span class="appendix"><a href="bk06apa.html">A. GNU Licenses</a></span></dt><dd><dl><dt><span class="sect1"><a href="bk06apa.html#id615110">A.1. GNU General Public License</a></span></dt><dt><span class="sect1"><a href="bk06apa.html#id615698">A.2. GNU Free Documentation License</a></span></dt></dl></dd></dl></div><div class="list-of-figures"><p><b>List of Figures</b></p><dl><dt>3.1. <a href="cha.nis.html#fig.inst.nisserver1">NIS Server Setup</a></dt><dt>3.2. <a href="cha.nis.html#fig.yast.nis.master">Master Server Setup</a></dt><dt>3.3. <a href="cha.nis.html#fig.inst.nisserver2">Changing the Directory and Synchronizing Files for a NIS Server</a></dt><dt>3.4. <a href="cha.nis.html#fig.yast.nis.maps">NIS Server Maps Setup</a></dt><dt>3.5. <a href="cha.nis.html#fig.inst.nisserver3">Setting Request Permissions for a NIS Server</a></dt><dt>3.6. <a href="cha.nis.html#fig.inst.nisclient">Setting Domain and Address of a NIS Server</a></dt><dt>4.1. <a href="cha.security.ldap.html#fig.ldap.tree">Structure of an LDAP Directory</a></dt><dt>4.2. <a href="cha.security.ldap.html#fig.ldap.y2.wizard.general.settings">YaST LDAP Server Configuration</a></dt><dt>4.3. <a href="cha.security.ldap.html#fig.ldap.y2.wizard.db.settings">YaST LDAP Server&#8212;New Database</a></dt><dt>4.4. <a href="cha.security.ldap.html#fig.ldap.y2.server.cfg">YaST LDAP Server Configuration</a></dt><dt>4.5. <a href="cha.security.ldap.html#fig.ldap.y2.server.db.cfg">YaST LDAP Server Database Configuration</a></dt><dt>4.6. <a href="cha.security.ldap.html#fig.ldap.y2.clconf">YaST: LDAP Client Configuration</a></dt><dt>4.7. <a href="cha.security.ldap.html#fig.ldap.y2.adconf">YaST: Advanced Configuration</a></dt><dt>4.8. <a href="cha.security.ldap.html#fig.ldap.y2.modconf1">YaST: Module Configuration</a></dt><dt>4.9. <a href="cha.security.ldap.html#fig.ldap.y2.objtemp">YaST: Configuration of an Object Template</a></dt><dt>4.10. <a href="cha.security.ldap.html#fig.ldap.y2.adset">YaST: Additional LDAP Settings</a></dt><dt>4.11. <a href="cha.security.ldap.html#fig.ldap.browsetree">Browsing the LDAP Directory Tree</a></dt><dt>4.12. <a href="cha.security.ldap.html#fig.ldap.browsedata">Browsing the Entry Data</a></dt><dt>5.1. <a href="cha.security.ad.html#fig.ad.schema">Active Directory Authentication Schema</a></dt><dt>5.2. <a href="cha.security.ad.html#fig.ad.smbclient">Determining Windows Domain Membership</a></dt><dt>5.3. <a href="cha.security.ad.html#fig.ad.join1">Providing Administrator Credentials</a></dt><dt>6.1. <a href="cha.security.kerberos.html#fig.netw.kerb">Kerberos Network Topology</a></dt><dt>6.2. <a href="cha.security.kerberos.html#id579367">YaST: Basic Configuration of a Kerberos Client</a></dt><dt>6.3. <a href="cha.security.kerberos.html#id579512">YaST: Advanced Configuration of a Kerberos Client</a></dt><dt>8.1. <a href="cha.security.yast_security.html#fig.yast_security.overview">YaST Local Security - Security Overview</a></dt><dt>10.1. <a href="cha.security.acls.html#fig.acls.map.mini">Minimum ACL: ACL Entries Compared to Permission Bits</a></dt><dt>10.2. <a href="cha.security.acls.html#fig.acls.map.ext">Extended ACL: ACL Entries Compared to Permission Bits</a></dt><dt>14.1. <a href="cha.security.firewall.html#fig.fire.table">iptables: A Packet's Possible Paths</a></dt><dt>14.2. <a href="cha.security.firewall.html#fig.yast2.firewall_1">The YaST Firewall Configuration</a></dt><dt>15.1. <a href="cha.security.vpnserver.html#fig.vpn.scenario-routed-1">Routed VPN</a></dt><dt>15.2. <a href="cha.security.vpnserver.html#fig.vpn.scenario-briged-1">Bridged VPN - Scenario 1</a></dt><dt>15.3. <a href="cha.security.vpnserver.html#fig.vpn.scenario-briged-2">Bridged VPN - Scenario 2</a></dt><dt>15.4. <a href="cha.security.vpnserver.html#fig.vpn.scenario-briged-3">Bridged VPN - Scenario 3</a></dt><dt>16.1. <a href="cha.security.yast_ca.html#fig.yast.ca.ca_basic">YaST CA Module&#8212;Basic Data for a Root CA</a></dt><dt>16.2. <a href="cha.security.yast_ca.html#fig.yast.ca.usage">YaST CA Module&#8212;Using a CA</a></dt><dt>16.3. <a href="cha.security.yast_ca.html#fig.yast.ca.cert">Certificates of a CA</a></dt><dt>16.4. <a href="cha.security.yast_ca.html#fig.yast.ca.extensions">YaST CA Module&#8212;Extended Settings</a></dt><dt>22.1. <a href="cha.apparmor.yast.html#id601614">YaST Controls for AppArmor</a></dt><dt>22.2. <a href="cha.apparmor.yast.html#fig.apparmor.yast.wizard.learn">Learning Mode Exception: Controlling Access to Specific Resources</a></dt><dt>22.3. <a href="cha.apparmor.yast.html#fig.apparmor.yast.wizard.perms">Learning Mode Exception: Defining Execute Permissions for an Entry</a></dt></dl></div><div class="list-of-tables"><p><b>List of Tables</b></p><dl><dt>4.1. <a href="cha.security.ldap.html#tab.ldap.schema">Commonly Used Object Classes and Attributes</a></dt><dt>10.1. <a href="cha.security.acls.html#tab.entrytype">ACL Entry Types</a></dt><dt>10.2. <a href="cha.security.acls.html#tab.mask">Masking Access Permissions</a></dt><dt>12.1. <a href="cha.aide.html#tab.aide.options">Important AIDE Checking Options</a></dt><dt>16.1. <a href="cha.security.yast_ca.html#tab.yast.ca.intro.x509">X.509v3 Certificate</a></dt><dt>16.2. <a href="cha.security.yast_ca.html#tab.yast.ca.intro.crl">X.509 Certificate Revocation List (CRL)</a></dt><dt>16.3. <a href="cha.security.yast_ca.html#tab.yast.ca.ldap.password">Passwords during LDAP Export</a></dt><dt>27.1. <a href="cha.apparmor.support.html#id613344">Man Pages: Sections and Categories</a></dt></dl></div><div class="list-of-examples"><p><b>List of Examples</b></p><dl><dt>2.1. <a href="cha.pam.html#dat.pam.sshd">PAM Configuration for sshd (<code class="filename">/etc/pam.d/sshd</code>)</a></dt><dt>2.2. <a href="cha.pam.html#dat.pam.common-auth">Default Configuration for the <code class="literal">auth</code> Section</a></dt><dt>2.3. <a href="cha.pam.html#dat.pam.common-account">Default Configuration for the <code class="literal">account</code> Section</a></dt><dt>2.4. <a href="cha.pam.html#dat.pam.common-password">Default Configuration for the <code class="literal">password</code> Section</a></dt><dt>2.5. <a href="cha.pam.html#dat.pam.common-session">Default Configuration for the <code class="literal">session</code> Section</a></dt><dt>2.6. <a href="cha.pam.html#dat.pam.pamenv">pam_env.conf</a></dt><dt>4.1. <a href="cha.security.ldap.html#aus.ldap.schema.help">Excerpt from schema.core</a></dt><dt>4.2. <a href="cha.security.ldap.html#dat.ldap.ldif">An LDIF File</a></dt><dt>4.3. <a href="cha.security.ldap.html#aus.ldap.addentry">ldapadd with example.ldif</a></dt><dt>4.4. <a href="cha.security.ldap.html#aus.ldap.addtux">LDIF Data for Tux</a></dt><dt>4.5. <a href="cha.security.ldap.html#aus.ldap.ldif.tux">Modified LDIF File tux.ldif</a></dt><dt>9.1. <a href="cha.security.policykit.html#ex.policykit.change.modify_config.explicit">An example <code class="filename">/etc/PolicyKit/PolicyKit.conf</code> file</a></dt><dt>15.1. <a href="cha.security.vpnserver.html#ex.vpn.serv-config">VPN Server Configuration File</a></dt><dt>15.2. <a href="cha.security.vpnserver.html#id591542">VPN Client Configuration File</a></dt><dt>18.1. <a href="cha.apparmor.start.html#ex.unconfined">Output of <span class="command">aa-unconfined</span></a></dt><dt>23.1. <a href="cha.apparmor.commandline.html#ex.apparmor.commandline.profiling.summary.genprof.learn">Learning Mode Exception: Controlling Access to Specific Resources</a></dt><dt>23.2. <a href="cha.apparmor.commandline.html#ex.apparmor.commandline.profiling.summary.genprof.perms">Learning Mode Exception: Defining Execute Permissions for an Entry</a></dt><dt>24.1. <a href="cha.apparmor.hat.html#ex.hat.apache.managing.phpsysinfo">Example phpsysinfo Hat</a></dt></dl></div></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> &gt; </span><strong> <a accesskey="n" title="About This Guide" href="preface.security.html"><span>&#9654;</span></a></strong></p></div></td></tr></table></div></body></html>

ACC SHELL 2018