From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-doc-cvs+bounces-3587-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1NxbOw-0008OS-A8
	for garchives@archives.gentoo.org; Fri, 02 Apr 2010 07:34:46 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 62515E080D;
	Fri,  2 Apr 2010 07:34:40 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 2242FE080D
	for <gentoo-doc-cvs@lists.gentoo.org>; Fri,  2 Apr 2010 07:34:40 +0000 (UTC)
Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id B7BA01B4014
	for <gentoo-doc-cvs@lists.gentoo.org>; Fri,  2 Apr 2010 07:34:39 +0000 (UTC)
Received: from nightmorph by stork.gentoo.org with local (Exim 4.69)
	(envelope-from <nightmorph@gentoo.org>)
	id 1NxbOp-0006Df-6z
	for gentoo-doc-cvs@lists.gentoo.org; Fri, 02 Apr 2010 07:34:39 +0000
From: "Joshua Saddler (nightmorph)" <nightmorph@gentoo.org>
To: gentoo-doc-cvs@lists.gentoo.org
Subject: [gentoo-doc-cvs] gentoo commit in xml/htdocs/doc/en/security: security-handbook.xml shb-logging.xml
X-VCS-Repository: gentoo
X-VCS-Files: security-handbook.xml shb-logging.xml
X-VCS-Directories: xml/htdocs/doc/en/security
X-VCS-Committer: nightmorph
X-VCS-Committer-Name: Joshua Saddler
Content-Type: text/plain; charset=utf8
Message-Id: <E1NxbOp-0006Df-6z@stork.gentoo.org>
Sender: Joshua Saddler <nightmorph@stork.gentoo.org>
Date: Fri, 02 Apr 2010 07:34:39 +0000
Precedence: bulk
List-Post: <mailto:gentoo-doc-cvs@lists.gentoo.org>
List-Help: <mailto:gentoo-doc-cvs+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-doc-cvs+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-doc-cvs+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-doc-cvs.gentoo.org>
X-BeenThere: gentoo-doc-cvs@lists.gentoo.org
Reply-to: docs-team@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 8315a5d0-817a-4637-ae2a-687b351f7cd3
X-Archives-Hash: f6676498ffd8aed07a84efd69494ba40

nightmorph    10/04/02 07:34:39

  Modified:             security-handbook.xml shb-logging.xml
  Log:
  get the security handbook more up-to-date with working syslog-ng config=
s

Revision  Changes    Path
1.4                  xml/htdocs/doc/en/security/security-handbook.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/secu=
rity/security-handbook.xml?rev=3D1.4&view=3Dmarkup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/secu=
rity/security-handbook.xml?rev=3D1.4&content-type=3Dtext/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/secu=
rity/security-handbook.xml?r1=3D1.3&r2=3D1.4

Index: security-handbook.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-handboo=
k.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- security-handbook.xml	29 Nov 2006 15:21:33 -0000	1.3
+++ security-handbook.xml	2 Apr 2010 07:34:39 -0000	1.4
@@ -1,8 +1,8 @@
 <?xml version=3D'1.0' encoding=3D'UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-ha=
ndbook.xml,v 1.3 2006/11/29 15:21:33 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/security-ha=
ndbook.xml,v 1.4 2010/04/02 07:34:39 nightmorph Exp $ -->
 <!DOCTYPE book SYSTEM "/dtd/book.dtd">
=20
-<book link=3D"/doc/en/security/security-handbook.xml">
+<book>
 <title>Gentoo Security Handbook</title>
=20
 <author title=3D"Author">
@@ -38,6 +38,9 @@
 <author title=3D"Editor">
   <mail link=3D"krispykringle@gentoo.org">Dan Margolis</mail>
 </author>
+<author title=3D"Editor">
+  <mail link=3D"nightmorph"/>
+</author>
=20
 <abstract>
 This is a step-by-step guide for hardening Gentoo Linux.
@@ -45,8 +48,8 @@
=20
 <license/>
=20
-<version>1.0</version>
-<date>2005-05-31</date>
+<version>1.1</version>
+<date>2010-04-02</date>
=20
 <!--
 <section>
@@ -54,18 +57,17 @@
 <body>
=20
 <p>
-In version 0.6 (Backup)
+(Backup)
 </p>
 <ul>
 <li>Arpwatch</li>
-<li>Full system backup using Systemimager</li>
 <li>Partial backup using tar</li>
 <li>Backing up postgres</li>
 </ul>
=20
=20
 <p>
-In version 0.8 (Penetration testing)
+(Penetration testing)
 </p>
 <ul>
 <li>Remote audits</li>
@@ -75,7 +77,7 @@
 </ul>
=20
 <p>
-In version 1.0 (After a compromise)
+(After a compromise)
 </p>
 <ul>
 <li>How to report an incident</li>
@@ -86,17 +88,11 @@
 <li>Restoring system</li>
 </ul>
=20
-<note>
-Please note that each version concentrates on one subject at a time.  Th=
is is for
-quality assurance purposes.
-</note>
-
 </body>
 </section>
 -->
=20
 <part>
-
 <title>System Security</title>
 <abstract>
 Harden different parts of your system to make it more secure.
@@ -213,6 +209,6 @@
 </abstract>
   <include href=3D"shb-uptodate.xml"/>
 </chapter>
-
 </part>
+
 </book>



1.6                  xml/htdocs/doc/en/security/shb-logging.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/secu=
rity/shb-logging.xml?rev=3D1.6&view=3Dmarkup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/secu=
rity/shb-logging.xml?rev=3D1.6&content-type=3Dtext/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/secu=
rity/shb-logging.xml?r1=3D1.5&r2=3D1.6

Index: shb-logging.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging.xml,=
v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- shb-logging.xml	7 Mar 2007 01:51:52 -0000	1.5
+++ shb-logging.xml	2 Apr 2010 07:34:39 -0000	1.6
@@ -1,5 +1,5 @@
 <?xml version=3D'1.0' encoding=3D'UTF-8'?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging=
.xml,v 1.5 2007/03/07 01:51:52 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/security/shb-logging=
.xml,v 1.6 2010/04/02 07:34:39 nightmorph Exp $ -->
 <!DOCTYPE sections SYSTEM "/dtd/book.dtd">
=20
 <!-- The content of this document is licensed under the CC-BY-SA license=
 -->
@@ -7,8 +7,8 @@
=20
 <sections>
=20
-<version>1.2</version>
-<date>2005-11-25</date>
+<version>1.3</version>
+<date>2010-04-02</date>
=20
 <section>
 <title>Introduction</title>
@@ -208,13 +208,24 @@
 </p>
=20
 <pre caption=3D"/etc/syslog-ng/syslog-ng.conf">
-options { chain_hostnames(off); sync(0); };
+options {
+        chain_hostnames(no);
+
+        <comment># The default action of syslog-ng is to log a STATS lin=
e
+        # to the file every 10 minutes.  That's pretty ugly after a whil=
e.
+        # Change it to every 12 hours so you get a nice daily update of
+        # how many messages syslog-ng missed (0).</comment>
+        stats_freq(43200);
+};
+
+source src {
+    unix-stream("/dev/log" max-connections(256));
+    internal();
+};
=20
-#source where to read log
-source src { unix-stream("/dev/log"); internal(); };
 source kernsrc { file("/proc/kmsg"); };
=20
-#define destinations
+<comment># define destinations</comment>
 destination authlog { file("/var/log/auth.log"); };
 destination syslog { file("/var/log/syslog"); };
 destination cron { file("/var/log/cron.log"); };
@@ -235,10 +246,16 @@
 destination debug { file("/var/log/debug"); };
 destination messages { file("/var/log/messages"); };
 destination console { usertty("root"); };
+
+<comment># By default messages are logged to tty12...</comment>
 destination console_all { file("/dev/tty12"); };
-destination xconsole { pipe("/dev/xconsole"); };
=20
-#create filters
+<comment># ...if you intend to use /dev/console for programs like xconso=
le
+# you can comment out the destination line above that references /dev/tt=
y12
+# and uncomment the line below.</comment>
+#destination console_all { file("/dev/console"); };
+
+<comment># create filters</comment>
 filter f_authpriv { facility(auth, authpriv); };
 filter f_syslog { not facility(authpriv, mail); };
 filter f_cron { facility(cron); };
@@ -257,10 +274,10 @@
 filter f_warn { level(warn); };
 filter f_crit { level(crit); };
 filter f_err { level(err); };
-filter f_failed { match("failed"); };
-filter f_denied { match("denied"); };
+filter f_failed { message("failed"); };
+filter f_denied { message("denied"); };
=20
-#connect filter and destination
+<comment># connect filter and destination</comment>
 log { source(src); filter(f_authpriv); destination(authlog); };
 log { source(src); filter(f_syslog); destination(syslog); };
 log { source(src); filter(f_cron); destination(cron); };
@@ -277,7 +294,7 @@
 log { source(src); filter(f_messages); destination(messages); };
 log { source(src); filter(f_emergency); destination(console); };
=20
-#default log
+<comment># default log</comment>
 log { source(src); destination(console_all); };
 </pre>
=20