svn commit: r51166 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Thu Nov 2 13:13:29 UTC 2017
Author: ryusuke
Date: Thu Nov 2 13:13:28 2017
New Revision: 51166
URL: https://svnweb.freebsd.org/changeset/doc/51166
Log:
- Merge the following from the English version:
r32597 -> r35396 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Nov 2 08:45:44 2017 (r51165)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Thu Nov 2 13:13:28 2017 (r51166)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r32597
+ Original revision: r35396
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -356,7 +356,7 @@
<command>telnet</command> ¤ä <command>rlogin</command> ·Ðͳ¤Ç¤Ï
<systemitem class="username">root</systemitem> ¤ÇľÀÜ¥í¥°¥¤¥ó¤Ç¤¤Ê¤¤¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
¤³¤ì¤Ï¡¢<filename>/etc/ssh/sshd_config</filename> ¤òÊÔ½¸¤·¤Æ
- <literal>PermitRootLogin</literal> ¤Ë <literal>NO</literal>
+ <literal>PermitRootLogin</literal> ¤Ë <literal>no</literal>
¤¬ÀßÄꤵ¤ì¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤Ç¼Â¸½¤Ç¤¤Þ¤¹¡£
<application>sshd</application> ¤Î¤è¤¦¤Ê¡¢ÊÌ¤Î¥í¥°¥¤¥ó¥µ¡¼¥Ó¥¹
¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ç¤âƱÍͤˡ¢Ä¾ÀÜ <systemitem class="username">root</systemitem>
@@ -559,8 +559,10 @@
¸¢¸Â¤ÎÀøºßŪ¤Ê·ê¤Ç¾¤ËÂ礤ʤâ¤Î¤Ë¤Ï¡¢¥·
¥¹¥Æ¥à¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿ suid-root/sgid ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ï¡¢<application>rlogin</application> ¤Î¤è¤¦¤Ë¡¢
- <filename>/bin</filename>, <filename>/sbin</filename>,
- <filename>/usr/bin</filename>, <filename>/usr/sbin</filename>
+ <filename class="directory">/bin</filename>, <filename
+ class="directory">/sbin</filename>, <filename
+ class="directory">/usr/bin</filename> ¤Þ¤¿¤Ï <filename
+ class="directory">/usr/sbin</filename>
¤Ë¸ºß¤¹¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£100% °ÂÁ´¤Ê¤â¤Î¤Ï¸ºß¤·¤Ê¤¤¤È¤Ï
¤¤¤¨¡¢¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î siud/sgid ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤
¤¨¤Þ¤¹¡£¤½¤ì¤Ç¤â¤Ê¤ª¡¢<systemitem class="username">root</systemitem>
@@ -657,28 +659,81 @@
¥â¥¸¥å¡¼¥ë¤ò»È¤Ã¤Æ¼«Ê¬Æȼ«¤Î <filename>bpf</filename>
¤â¤·¤¯¤Ï¤½¤Î¾ÇÁ¤¸«¥Ç¥Ð¥¤¥¹
¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Þ¤¹¡£¤³¤ÎÌäÂê¤ò
- Èò¤±¤ë¤¿¤á¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤°ÂÁ´¥ì¥Ù¥ë (
- securelevel)¡¢¾¯¤Ê¤¯¤È¤â°ÂÁ´¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ
- ¤¹¡£°ÂÁ´¥ì¥Ù¥ë¤Ï <command>sysctl</command> ¤ò»È¤Ã¤Æ
+ Èò¤±¤ë¤¿¤á¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥¥å¥¢¥ì¥Ù¥ë¡¢
+ ¾¯¤Ê¤¯¤È¤â¥»¥¥å¥¢¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ï¤¤¤¯¤Ä¤«¤ÎÊýË¡¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
+ ¸½ºßÆ°¤¤¤Æ¤¤¤ë¥«¡¼¥Í¥ë¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ëºÇ¤â´Êñ¤ÊÊýË¡¤Ï¡¢
+ <command>sysctl</command> ¤ò»È¤Ã¤Æ
<varname>kern.securelevel</varname>
- ÊÑ¿ô¤òÁàºî¤·¤ÆÀßÄê¤Ç¤¤Þ¤¹¡£¤Ò¤È¤¿¤Ó°ÂÁ´¥ì¥Ù¥ë¤Ë 1 ¤òÀßÄꤹ¤ë¤È¡¢raw ¥Ç¥Ð
- ¥¤¥¹¤ËÂФ¹¤ë½ñ¤¹þ¤ß¥¢¥¯¥»¥¹¤ÏµñÈݤµ¤ì¡¢¤¿¤È¤¨¤Ð
- <literal>schg</literal> ¤Î¤è¤¦¤ÊÆÃÊ̤Ê
- <command>chflags</command> ¥Õ¥é¥°¤Îµ¡Ç½¤¬
- ¶¯À©¤µ¤ì¤Þ¤¹¡£¥·¥¹¥Æ¥àµ¯Æ°¤Ë´Ø¤ï¤ë½ÅÍפʥХ¤¥Ê¥ê¤ä¥Ç¥£¥ì¥¯¥È¥ê¡¢
- ¥¹¥¯¥ê¥×¥È¥Õ¥¡¥¤¥ë¤Ê¤É¡¢°ÂÁ´¥ì¥Ù¥ë¤¬ÀßÄꤵ¤ì¤ë¤Þ¤Ç¤Î´Ö¤Ë¼Â¹Ô¤µ
- ¤ì¤ë¤¹¤Ù¤Æ¤Î¤â¤Î¤ËÂФ·¤Æ¤â¡¢³Î¼Â¤Ë <literal>schg</literal>
- ¥Õ¥é¥°¤òÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£¤³¤ÎÀßÄê¤ò¤ä¤ê²á¤®¤Æ¤â
- ¹½¤¤¤Þ¤»¤ó¤¬¡¢¤è¤ê¹â¤¤°ÂÁ´¥ì¥Ù¥ë¤ÇÆ°ºî¤·¤Æ¤¤¤ë¾ì¹ç¡¢¥·¥¹¥Æ¥à¤Î
- ¥¢¥Ã¥×¥°¥ì¡¼¥É¤¬¤Ï¤ë¤«¤Ëº¤Æñ¤Ë¤Ê¤ê¤Þ¤¹¡£¥·¥¹¥Æ¥à¤ò¤è¤ê¹â¤¤°ÂÁ´
- ¥ì¥Ù¥ë¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤¹¤ë¤¬¡¢¤¹¤Ù¤Æ¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤È¥Ç¥£
- ¥ì¥¯¥È¥ê¤Ë <literal>schg</literal>
+ ¥«¡¼¥Í¥ëÊÑ¿ô¤òÁàºî¤¹¤ëÊýË¡¤Ç¤¹¡£</para>
+
+ <screen>&prompt.root; <userinput>sysctl kern.securelevel=<replaceable>1</replaceable></userinput></screen>
+
+ <para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os; ¤Î¥«¡¼¥Í¥ë¤Ï¥»¥¥å¥¢¥ì¥Ù¥ë -1 ¤Çµ¯Æ°¤·¤Þ¤¹¡£
+ ¤³¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ï¡¢´ÉÍý¼Ô¤Þ¤¿¤Ï &man.init.8;
+ ¤Ë¤è¤ëµ¯Æ°»þ¤Î¥¹¥¯¥ê¥×¥È¤Ë¤è¤êÊѹ¹¤µ¤ì¤Ê¤¤¸Â¤ê -1 ¤Î¤Þ¤Þ¤Ç¤¹¡£
+ <filename>/etc/rc.conf</filename> ¥Õ¥¡¥¤¥ë¤Ç¡¢
+ <varname>kern_securelevel_enable</varname> ÊÑ¿ô¤ò
+ <literal>YES</literal>¡¢
+ <varname>kern_securelevel</varname>
+ ÊÑ¿ô¤òɬÍפȤ¹¤ëÃͤËÀßÄꤹ¤ë¤³¤È¤Ç¡¢
+ ¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
+
+ <para>&os;
+ ¥·¥¹¥Æ¥à¤Îµ¯Æ°¥¹¥¯¥ê¥×¥È¼Â¹Ôľ¸å¤Î¥Ç¥Õ¥©¥ë¥È¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ï
+ -1 ¤Ç¤¹¡£
+ ¤³¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ç¤Ï¡¢
+ Êѹ¹ÉԲĤΥե¡¥¤¥ë¥Õ¥é¥°¤ò³°¤·¤¿¤ê¡¢
+ ¤¹¤Ù¤Æ¤Î¥Ç¥Ð¥¤¥¹¤ËÂФ·¤ÆÆɤ߹þ¤ß¤ª¤è¤Ó½ñ¤¹þ¤ß¤¬¤Ç¤¤¿¤ê¤¹¤ë¤Î¤Ç¡¢
+ <quote>insecure mode</quote> ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£</para>
+
+ <para>¥»¥¥å¥¢¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤹ¤ë¤È¡¢
+ ÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĥե¡¥¤¥ë¤Î¥Õ¥é¥°¤ò³°¤¹¤³¤È¤Ï¤Ç¤¤Ê¤¯¤Ê¤ê¡¢
+ ¤Þ¤¿ raw ¥Ç¥Ð¥¤¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤¬µñÈݤµ¤ì¤Þ¤¹¡£
+ ¤è¤ê¹â¤¤¥ì¥Ù¥ë¤ËÀßÄꤹ¤ë¤È¡¢¤è¤ê¿¤¯¤ÎÁàºî¤ËÀ©¸Â¤¬¤«¤«¤ê¤Þ¤¹¡£
+ ³Æ¥»¥¥å¥¢¥ì¥Ù¥ë¤Î´°Á´¤ÊÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ &man.security.7; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸ (&os; 7.0 ¤è¤êÁ°¤Î¥ê¥ê¡¼¥¹¤Ç¤Ï¡¢
+ &man.init.8; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸) ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+
+ <note>
+ <para>¥»¥¥å¥¢¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
+ X11 (<filename>/dev/io</filename> ¤Ø¤Î¥¢¥¯¥»¥¹¤¬¥Ö¥í¥Ã¥¯¤µ¤ì¤Þ¤¹)
+ ¤ä¥½¡¼¥¹¤«¤é &os; ¤ò¹½ÃÛ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤
+ (installworld ¤Î¥×¥í¥»¥¹¤Ç¤Ï¡¢
+ ¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤ÎÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĤΥե饰¤Ï°ì»þŪ¤Ë¥ê¥»¥Ã¥È¤µ¤ì¤Þ¤¹)
+ ¤Ê¤É¡¢¤½¤ì°Ê³°¤Ë¤âÌäÂ꤬°ú¤µ¯¤³¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
+ X11 ¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ µ¯Æ°¥×¥í¥»¥¹½é´ü¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤¬½½Ê¬Ä㤤¤È¤¤Ë
+ &man.xdm.1; ¤òµ¯Æ°¤¹¤ë¤³¤È¤Ç¡¢¤³¤ÎÌäÂê¤ËÂбþ¤Ç¤¤Þ¤¹¡£
+ ¤³¤Î¤è¤¦¤Ê±þµÞ½èÃ֤ϡ¢
+ ¤¹¤Ù¤Æ¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤ä¤½¤ì¤é¤¬²Ý¤¹ÀøºßŪ¤Ê¤¹¤Ù¤Æ¤ÎÀ©¸Â¤Ë¤ÏÂбþ¤Ç¤¤Ê¤¤¤Ç¤·¤ç¤¦¡£
+ ¾¯¤·Àè¤ò¸«±Û¤·¤¿·×²èŪ¤ÊÂбþ¤ò¤¹¤Ù¤¤Ç¤¹¡£
+ ³Æ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç²Ý¤µ¤ì¤ëÀ©¸Â¤Ï¡¢
+ ¥·¥¹¥Æ¥à¤ò»ÈÍѤ¹¤ë¤³¤È¤Ë¤è¤ëÍøÊØÀ¤òÃø¤·¤¯¸º¤é¤·¤Æ¤·¤Þ¤¦¤¿¤á¡¢
+ ¤³¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ï½ÅÍפǤ¹¡£
+ ¤Þ¤¿¡¢³Æ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ç¡¢
+ ¥Ç¥Õ¥©¥ë¥È¤ÎÀßÄê¤ò¤è¤ê¥·¥ó¥×¥ë¤Ë¤Ç¤¡¢
+ ÀßÄê¤Ë´Ø¤¹¤ë°Õ³°À¤ò¾¯¤Ê¤¯¤Ç¤¤ë¤Ç¤·¤ç¤¦¡£</para>
+ </note>
+
+ <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
+ ¥·¥¹¥Æ¥àµ¯Æ°¤Ë´Ø¤ï¤ë½ÅÍפʥХ¤¥Ê¥ê¤ä¥Ç¥£¥ì¥¯¥È¥ê¡¢
+ ¥¹¥¯¥ê¥×¥È¥Õ¥¡¥¤¥ë (¤¹¤Ê¤ï¤Á¡¢
+ ¥»¥¥å¥¢¥ì¥Ù¥ë¤¬ÀßÄꤵ¤ì¤ë¤Þ¤Ç¤Î´Ö¤Ë¼Â¹Ô¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¤â¤Î¤ËÂФ·¤Æ)¡¢
+ <literal>schg</literal> ¥Õ¥é¥°¤òÀßÄꤹ¤ë¤³¤È¤ÏÍÍѤǤ·¤ç¤¦¡£
+ ¤³¤ÎÀßÄê¤ò¤ä¤ê²á¤®¤Æ¤â¹½¤¤¤Þ¤»¤ó¤¬¡¢
+ ¤è¤ê¹â¤¤¥»¥¥å¥¢¥ì¥Ù¥ë¤ÇÆ°ºî¤·¤Æ¤¤¤ë¾ì¹ç¡¢
+ ¥·¥¹¥Æ¥à¤Î¥¢¥Ã¥×¥°¥ì¡¼¥É¤¬¤Ï¤ë¤«¤Ëº¤Æñ¤Ë¤Ê¤ê¤Þ¤¹¡£
+ ¥·¥¹¥Æ¥à¤ò¤è¤ê¹â¤¤°ÂÁ´¥ì¥Ù¥ë¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤¹¤ë¤¬¡¢
+ ¤¹¤Ù¤Æ¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤È¥Ç¥£¥ì¥¯¥È¥ê¤Ë <literal>schg</literal>
¥Õ¥é¥°¤òÀßÄꤷ¤Ê¤¤¤È¤¤¤¦¤È¤³¤í¤ÇÂŶ¨¤¹¤ë¤È¤¤¤¦¼ê¤â¤¢¤ê¤Þ¤¹¡£
¤â¤¦°ì¤Ä¤Î²ÄǽÀ¤È¤·¤Æ¤Ï¡¢Ã±½ã¤Ë
- <filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename> ¤òÆɤß
- ¹þ¤ßÀìÍѤǥޥ¦¥ó¥È¤¹¤ë¤³¤È¤Ç¤¹¡£¤³¤³¤ÇÆÃÉ®¤¹¤Ù¤¤³¤È¤Ï¡¢¥·¥¹¥Æ
- ¥à¤ò¼é¤í¤¦¤È¤·¤Æ¸·¤·¤¯¤·¤¹¤®¤ë¤È¡¢¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤È¤¤¤¦Èó¾ï¤Ë½Å
- Íפʤ³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
+ <filename class="directory">/</filename> ¤ª¤è¤Ó
+ <filename class="directory">/usr</filename>
+ ¤òÆɤ߹þ¤ßÀìÍѤǥޥ¦¥ó¥È¤¹¤ë¤³¤È¤Ç¤¹¡£
+ ¤³¤³¤ÇÆÃÉ®¤¹¤Ù¤¤³¤È¤Ï¡¢¥·¥¹¥Æ¥à¤ò¼é¤í¤¦¤È¤·¤Æ¸·¤·¤¯¤·¤¹¤®¤ë¤È¡¢
+ ¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤È¤¤¤¦Èó¾ï¤Ë½ÅÍפʤ³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
</sect2>
<sect2 xml:id="security-integrity">
@@ -688,8 +743,9 @@
<para>¤³¤È¤³¤ÎÌäÂê¤Ë»ê¤ë¤È¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤¤ë¤³¤È¤Ï¡¢ÊØÍø¤µ
¤È¤¤¤¦Í×ÁǤ¬¤½¤Î½¹¤¤Æ¬¤ò¾å¤²¤Ê¤¤ÄøÅ٤ˡ¢¥³¥¢¥·¥¹¥Æ¥à¤ÎÀßÄê¤ÈÀ©
¸æ¥Õ¥¡¥¤¥ë¤òËɸ椹¤ë¤³¤È¤À¤±¤Ç¤¹¡£¤¿¤È¤¨¤Ð¡¢
- <filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename> ¤Ë¤¢¤ë
- ÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal> ¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿
+ <filename class="directory">/</filename> ¤ª¤è¤Ó
+ <filename class="directory">/usr</filename>
+ ¤Ë¤¢¤ëÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal> ¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿
¤á¤Ë <command>chflags</command> ¤ò»ÈÍѤ¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯µÕ¸ú²Ì
¤Ç¤·¤ç¤¦¡£¤Ê¤¼¤Ê¤é¡¢¤½¤¦¤¹¤ë¤³¤È¤Ç¥Õ¥¡¥¤¥ë¤ÏÊݸî¤Ç¤¤Þ¤¹¤¬¡¢¿¯
Æþ¤ò¸¡½Ð¤¹¤ëÁë¤òÊĤ¶¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤â¤Ê¤ë¤«¤é¤Ç¤¹¡£¥»¥¥å¥ê¥Æ¥£
@@ -729,14 +785,17 @@
¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1; ¤Ê¤É¤Îñ½ã¤Ê¥·¥¹¥Æ¥à¥æ¡¼
¥Æ¥£¥ê¥Æ¥£¤Ç¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¾¯¤Ê¤¯¤È¤â 1 Æü 1
²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥Õ¥¡¥¤¥ë¤òľÀÜ md5 ¤Ë¤«¤±¡¢¤µ¤é¤Ë¤â¤Ã¤ÈÉÑÈË
- ¤Ë <filename>/etc</filename> ¤ª¤è¤Ó
- <filename>/usr/local/etc</filename> ¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ
+ ¤Ë <filename class="directory">/etc</filename> ¤ª¤è¤Ó
+ <filename class="directory">/usr/local/etc</filename>
+ ¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ
¥Õ¥¡¥¤¥ë¤ò»î¸³¤¹¤ë¤Î¤¬°ìÈ֤Ǥ¹¡£¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤¬Àµ¤·
¤¤¤ÈÃΤäƤ¤¤ë¡¢´ð¤È¤Ê¤ë md5 ¾ðÊó¤ÈÈæ¤Ù¤Æ°ã¤¤¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡¢
¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ËÄ´¤Ù¤ÆÍߤ·¤¤¤ÈÈáÌĤò¾å¤²¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£Í¥
- ¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢<filename>/</filename> ¤ª¤è¤Ó
- <filename>/usr</filename> ¤Ê¤É¤Î¥·¥¹¥Æ¥à¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤ÇÉÔŬ
- Åö¤Ë suid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì
+ ¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
+ <filename class="directory">/</filename> ¤ª¤è¤Ó
+ <filename class="directory">/usr</filename>
+ ¤Ê¤É¤Î¥·¥¹¥Æ¥à¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤ÇÉÔŬÅö¤Ë
+ suid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì
¤¿¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¤Ç¤·¤ç¤¦¡£</para>
<para>NFS ¤Ç¤Ï¤Ê¤¯¡¢ssh ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢
@@ -1607,7 +1666,7 @@ ALL : ALL \
<para>¤³¤Î¤è¤¦¤Ê¾õ¶·¤Ë¤ª¤¤¤Æ¡¢Â¾¤Î²ÄǽÀ¤Ï <option>spawn</option>
¥ª¥×¥·¥ç¥ó¤ò»È¤¦¤³¤È¤Ç¤¹¡£
<option>twist</option> ¤ÈƱÍͤˡ¢
- <option>spawn</option> ¤Ï¡¢°ÅÌۤΤ¦¤Á¤ËÀܳ¤òµñÈݤ·¡¢
+ <option>spawn</option> ¥ª¥×¥·¥ç¥ó¤Ï¡¢°ÅÌۤΤ¦¤Á¤ËÀܳ¤òµñÈݤ·¡¢
³°Éô¤Î¥·¥§¥ë¥³¥Þ¥ó¥É¤ä¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤Ç¤¤Þ¤¹¡£
<option>twist</option> ¤È°Û¤Ê¤ê¡¢<option>spawn</option> ¤Ï¡¢
Àܳ¤ò³ÎΩ¤·¤¿Áê¼ê¤ËÂФ·¡¢ÊÖ»ö¤òÊÖ¤¹¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£
@@ -1636,8 +1695,8 @@ ALL : .example.com \
<sect3>
<title>¥ï¥¤¥ë¥É¥«¡¼¥É¥ª¥×¥·¥ç¥ó</title>
- <para>¤³¤ì¤Þ¤Ç¤ÎÎã¤Ë¤ª¤¤¤Æ¤Ï¡¢·Ñ³¤·¤Æ
- <literal>ALL</literal> ¤ò»ÈÍѤ¹¤ëÎ㤬ÍѤ¤¤é¤ì¤Æ¤¤Þ¤·¤¿¡£
+ <para>¤³¤ì¤Þ¤Ç¤ÎÎã¤Ç¤Ï¡¢·Ñ³¤·¤Æ
+ <literal>ALL</literal> ¥ª¥×¥·¥ç¥ó¤¬»ÈÍѤµ¤ì¤Æ¤¤Þ¤·¤¿¡£
¤³¤Îµ¡Ç½¤ò³ÈÄ¥¤¹¤ë¾¤Î¥ª¥×¥·¥ç¥ó¤â¸ºß¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢
<literal>ALL</literal> ¤Ï¡¢
¥Ç¡¼¥â¥ó¡¢¥É¥á¥¤¥ó¤Þ¤¿¤Ï <acronym>IP</acronym>
@@ -1645,7 +1704,7 @@ ALL : .example.com \
¾¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤Ï¡¢µ¶Â¤¤µ¤ì¤¿ <acronym>IP</acronym>
¥¢¥É¥ì¥¹¤òÄ󶡤¹¤ë¥Û¥¹¥È¤Ë¥Þ¥Ã¥Á¤¹¤ë¤«¤É¤¦¤«¤ËÍѤ¤¤é¤ì¤ë
<literal>PARANOID</literal> ¤Ç¤¹¡£
- ¸À¤¤´¹¤¨¤ë¤È¡¢<literal>paranoid</literal> ¤ò»È¤¦¤³¤È¤Ç¡¢
+ ¸À¤¤´¹¤¨¤ë¤È¡¢<literal>PARANOID</literal> ¤ò»È¤¦¤³¤È¤Ç¡¢
¥Û¥¹¥È̾¤È°Û¤Ê¤ë <acronym>IP</acronym>
¥¢¥É¥ì¥¹¤«¤é¤ÎÀܳ¤¬¤¢¤Ã¤¿»þ¤Î¥¢¥¯¥·¥ç¥ó¤òÄêµÁ¤Ç¤¤Þ¤¹¡£
°Ê²¼¤ÎÎã¤Ï¡¢¤³¤ì¤é¤ÎÀâÌÀ¤òÌÀ³Î¤Ë¤¹¤ë¤Ç¤·¤ç¤¦¡£</para>
@@ -1662,7 +1721,7 @@ sendmail : PARANOID : deny</programlisting>
<caution>
<para>¥¯¥é¥¤¥¢¥ó¥È¤â¤·¤¯¤Ï¥µ¡¼¥Ð¤Î <acronym>DNS</acronym>
¤ÎÀßÄ꤬´Ö°ã¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¡¢
- <literal>PARANOID</literal> ¤ò»È¤¦¤È¡¢
+ <literal>PARANOID</literal> ¥ï¥¤¥ë¥É¥«¡¼¥É¤ò»È¤¦¤È¡¢
¥µ¡¼¥Ð¤¬¤È¤Æ¤â»È¤¤¤Å¤é¤¯¤Ê¤ê¤Þ¤¹¡£
´ÉÍý¼Ô¤Î¿µ½Å¤µ¤¬µá¤á¤é¤ì¤Þ¤¹¡£</para>
</caution>
@@ -1736,7 +1795,8 @@ sendmail : PARANOID : deny</programlisting>
<para>¤³¤Îºî¶È¤ÏKerberos¥µ¡¼¥Ð¤À¤±¤Ç¤ª¤³¤Ê¤¤¤Þ¤¹¡£¤Þ¤º¡¢
¸Å¤¤Kerberos¤Î ¥Ç¡¼¥¿¥Ù¡¼¥¹¤¬Â¸ºß¤·¤Ê¤¤¤³¤È¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£
- ¥Ç¥£¥ì¥¯¥È¥ê<filename>/etc/kerberosIV</filename>¤Ë°Ü¤Ã¤Æ¡¢
+ ¥Ç¥£¥ì¥¯¥È¥ê<filename class="directory">/etc/kerberosIV</filename>
+ ¤Ë°Ü¤Ã¤Æ¡¢
¼¡¤Î¥Õ¥¡¥¤¥ë¤À¤±¤¬ ¸ºß¤¹¤ë¤³¤È¤ò¥Á¥§¥Ã¥¯¤·¤Þ¤¹¡£</para>
<screen>&prompt.root; <userinput>cd /etc/kerberosIV</userinput>
@@ -1918,7 +1978,7 @@ Edit O.K.
¤¹¤Ù¤Æ¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤òŸ³«¤·¤Þ¤¹¡£
¤³¤ì¤Ë¤Ï <command>ext_srvtab</command> ¤È¤¤¤¦¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£
¤³¤Î¥³¥Þ¥ó¥É¤ÇºîÀ®¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Ï¡¢Kerberos
- ¤Î³Æ¥¯¥é¥¤¥¢¥ó¥È¤Î <filename>/etc</filename>
+ ¤Î³Æ¥¯¥é¥¤¥¢¥ó¥È¤Î <filename class="directory">/etc</filename>
¥Ç¥£¥ì¥¯¥È¥ê¤Ë<emphasis>°ÂÁ´¤ÊÊýË¡¤Ç</emphasis>
¥³¥Ô¡¼¤Þ¤¿¤Ï°ÜÆ°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¤½¤ì¤¾¤ì¤Î¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È¤Ë¸ºß¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢
@@ -1946,8 +2006,8 @@ Generating 'grunt-new-srvtab'....</screen>
client-new-srvtab</filename>
¤ò°ÜÆ°
²Äǽ¤Ê¥á¥Ç¥£¥¢¤Ë¥³¥Ô¡¼¤·¤ÆʪÍýŪ¤Ë°ÂÁ´¤ÊÊýË¡¤Ç±¿¤ó¤Ç¤¯¤À¤µ¤¤¡£
- ¥¯¥é
- ¥¤¥¢¥ó¥È¤Î<filename>/etc</filename>¥Ç¥£¥ì¥¯¥È¥ê¤Ç¡¢
+ ¥¯¥é¥¤¥¢¥ó¥È¤Î<filename class="directory">/etc</filename>
+ ¥Ç¥£¥ì¥¯¥È¥ê¤Ç¡¢
̾Á°¤ò <filename>srvtab</filename>¤ËÊѹ¹¤·¡¢
mode¤ò600¤Ë¤¹¤ë¤Î¤ò˺¤ì¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£</para>
@@ -2003,8 +2063,9 @@ Edit O.K.
¥Õ¥¡¥¤¥ë¤òÀµ¤·¤¯ÊÔ½¸¤·¤Æ¤¢¤ì¤Ð¡¢¥Þ¥·¥ó¤òºÆ
µ¯Æ°¤¹¤ë¤³¤È¤Ç¤Ë¼«Æ°Åª¤Ë¥Ç¡¼¥â¥ó¤¬µ¯Æ°¤·¤Þ¤¹¡£
¤³¤ì¤ÏKerberos¥µ¡¼ ¥Ð¤Ç¤Î¤ßɬÍפǤ¹¡£
- Kerberos¥¯¥é¥¤¥¢¥ó¥È¤Ï<filename>/etc/kerberosIV</filename>¤«
- ¤éɬÍפʤâ¤Î¤ò¼«Æ°Åª¤ËÆþ¼ê¤·¤Þ¤¹¡£</para>
+ Kerberos¥¯¥é¥¤¥¢¥ó¥È¤Ï
+ <filename class="directory">/etc/kerberosIV</filename>
+ ¤«¤éɬÍפʤâ¤Î¤ò¼«Æ°Åª¤ËÆþ¼ê¤·¤Þ¤¹¡£</para>
<screen>&prompt.root; <userinput>kerberos &</userinput>
Kerberos server starting
@@ -2494,7 +2555,7 @@ Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/EXAMPLE.ORG at E
<para>ɬÍפ¬¤Ê¤¯¤Ê¤Ã¤¿»þ¤Ë¤Ï¡¢¥Á¥±¥Ã¥È¤òÇË´þ¤Ç¤¤Þ¤¹¡£</para>
- <screen>&prompt.user; <userinput>k5destroy</userinput></screen>
+ <screen>&prompt.user; <userinput>kdestroy</userinput></screen>
</sect2>
<sect2>
@@ -2914,7 +2975,8 @@ jdoe at example.org</screen>
¤Ë½ñ¤«¤ì¤Æ¤¤¤ë¥¬¥¤¥É¤Ë½¾¤¦¤³¤È¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£
path ¤ÎÌäÂê¤Ë¤Ä¤¤¤ÆÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£
<acronym>MIT</acronym> port ¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç
- <filename>/usr/local/</filename> ¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
+ <filename class="directory">/usr/local/</filename>
+ ¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
¤½¤Î¤¿¤á¡¢¤â¤· <envar>PATH</envar>
´Ä¶ÊÑ¿ô¤Ë¤ª¤¤¤Æ¥·¥¹¥Æ¥à¤Î¥Ç¥£¥ì¥¯¥È¤¬ºÇ½é¤Ë½ñ¤«¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢
<acronym>MIT</acronym> ÈǤǤϤʤ¯¡¢
@@ -2944,7 +3006,7 @@ kadmind5_server_enable="YES"</programlisting>
<para>¤³¤ì¤ò¹Ô¤¦¤Î¤Ï¡¢
<acronym>MIT</acronym> kerberos ¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢
- <filename role="directory">/usr/local</filename>
+ <filename class="directory">/usr/local</filename>
¹½Â¤¤Î²¼¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤¿¤á¤Ç¤¹¡£</para>
</sect2>
@@ -2980,7 +3042,8 @@ kadmind5_server_enable="YES"</programlisting>
<para>¥Þ¥ë¥Á¥æ¡¼¥¶¤Î´Ä¶¤Ç¤Ï¡¢
<application>Kerberos</application> ¤Ï°ÂÁ´¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¥Á¥±¥Ã¥È¤Ï <filename>/tmp</filename> ¥Ç¥£¥ì¥¯¥È¥ê¤ËÊݴɤµ¤ì¡¢
+ ¥Á¥±¥Ã¥È¤Ï <filename class="directory">/tmp</filename>
+ ¥Ç¥£¥ì¥¯¥È¥ê¤ËÊݴɤµ¤ì¡¢
¤³¤Î¥Á¥±¥Ã¥È¤Ï¡¢¤¹¤Ù¤Æ¤Î¥æ¡¼¥¶¤¬Æɤळ¤È¤¬¤Ç¤¤ë¤¿¤á¤Ç¤¹¡£
¤â¤·¡¢¥æ¡¼¥¶¤¬¥³¥ó¥Ô¥å¡¼¥¿¤ò¾¤Î¥æ¡¼¥¶¤ÈƱ»þ¤Ë¶¦Í
(i.e. ¥Þ¥ë¥Á¥æ¡¼¥¶¤Ç»ÈÍÑ) ¤·¤Æ¤¤¤ë¤È¡¢
@@ -3777,7 +3840,7 @@ n2006-01-30 01:36:04: INFO: ISAKMP-SA established 172.
<programlisting>ipfw add 00201 allow log esp from any to any
ipfw add 00202 allow log ah from any to any
ipfw add 00203 allow log ipencap from any to any
-ipfw add 00204 allow log usp from any 500 to any</programlisting>
+ipfw add 00204 allow log udp from any 500 to any</programlisting>
<note>
<para>¥ë¡¼¥ëÈÖ¹æ¤Ï¡¢
@@ -3955,7 +4018,8 @@ COPYRIGHT 100% |***************************
</indexterm>
<para>¥·¥¹¥Æ¥àÁ´ÂΤÎÀßÄê¥Õ¥¡¥¤¥ë¤Ï¡¢<application>OpenSSH</application>
- ¥Ç¡¼¥â¥ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤ÎξÊý¤È¤â <filename>/etc/ssh</filename>
+ ¥Ç¡¼¥â¥ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤ÎξÊý¤È¤â
+ <filename class="directory">/etc/ssh</filename>
¥Ç¥£¥ì¥¯¥È¥ê¤Ë¤¢¤ê¤Þ¤¹¡£</para>
<para><filename>ssh_config</filename> ¤Ï¥¯¥é¥¤¥¢¥ó¥È¤ÎÆ°ºîÀßÄê¡¢
@@ -4378,10 +4442,13 @@ drwxrwx---+ 2 robert robert 512 Dec 22 10:20 directo
drwxrwx---+ 2 robert robert 512 Dec 27 11:57 directory3
drwxr-xr-x 2 robert robert 512 Nov 10 11:54 public_html</programlisting>
- <para>¤³¤³¤Ç¤Ï¡¢¥Ç¥£¥ì¥¯¥È¥ê <filename>directory1</filename>,
- <filename>directory2</filename> ¤ª¤è¤Ó <filename>directory3</filename>
+ <para>¤³¤³¤Ç¤Ï¡¢¥Ç¥£¥ì¥¯¥È¥ê <filename
+ class="directory">directory1</filename>, <filename
+ class="directory">directory2</filename> ¤ª¤è¤Ó <filename
+ class="directory">directory3</filename>
¤Î¤¹¤Ù¤Æ¤Ç <acronym>ACL</acronym> ¤¬Æ¯¤¤¤Æ¤¤¤Þ¤¹¡£
- ¥Ç¥£¥ì¥¯¥È¥ê <filename>public_html</filename> ¤ÏÂоݳ°¤Ç¤¹¡£</para>
+ ¥Ç¥£¥ì¥¯¥È¥ê <filename
+ class="directory">public_html</filename> ¤ÏÂоݳ°¤Ç¤¹¡£</para>
<sect2>
<title><acronym>ACL</acronym> ¤òÍøÍѤ¹¤ë</title>
@@ -4660,7 +4727,8 @@ VII. References<co xml:id="co-ref"/></programlisting>
¥«¡¼¥Í¥ë¤Ç¤Ï¡¢±Æ¶Á¤¹¤ë¥Õ¥¡¥¤¥ë¤ËÂФ·¤Æ
<command>ident</command> ¤ò¼Â¹Ô¤¹¤ë¤È¡¢
¤½¤Î½ÐÎϤ«¤é¥ê¥Ó¥¸¥ç¥ó¤ò´Êñ¤Ë³Îǧ¤Ç¤¤Þ¤¹¡£
- ports ¤Î¾ì¹ç¤Ë¤Ï¡¢<filename>/var/db/pkg</filename>
+ ports ¤Î¾ì¹ç¤Ë¤Ï¡¢
+ <filename class="directory">/var/db/pkg</filename>
¤Î port ¤Î̾Á°¤Î¸å¤Ë¡¢¥Ð¡¼¥¸¥ç¥óÈֹ椬¼¨¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¤â¤·¡¢¥·¥¹¥Æ¥à¤¬ &os; <acronym>CVS</acronym>
¥ê¥Ý¥¸¥È¥ê¤ÈƱ´ü¤·¡¢ºÆ¹½ÃÛ¤¬ËèÆü¹Ô¤ï¤ì¤Æ¤¤¤ë¤è¤¦¤Ê¾õ¶·¤Ç¤Ê¤±¤ì¤Ð¡¢
More information about the svn-doc-all
mailing list