svn commit: r54718 - head/ja_JP.eucJP/books/handbook/security

Ryusuke SUZUKI ryusuke at FreeBSD.org
Sun Nov 29 01:57:07 UTC 2020


Author: ryusuke
Date: Sun Nov 29 01:57:06 2020
New Revision: 54718
URL: https://svnweb.freebsd.org/changeset/doc/54718

Log:
 - Merge the following from the English version:
 
 	r43278 -> r43744	head/ja_JP.eucJP/books/handbook/security/chapter.xml

Modified:
 head/ja_JP.eucJP/books/handbook/security/chapter.xml

Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml	Sat Nov 28 06:38:37 2020	(r54717)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml	Sun Nov 29 01:57:06 2020	(r54718)
@@ -3,7 +3,7 @@
   The FreeBSD Documentation Project
   The FreeBSD Japanese Documentation Project
 
-   Original revision: r43278
+   Original revision: r43744
   $FreeBSD$
 -->
 <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -14,33 +14,33 @@
   <authorgroup>
    <author>
 	<personname>
-	 <firstname>Matthew</firstname>
-	 <surname>Dillon</surname>
+	 <firstname>Tom</firstname>
+	 <surname>Rhodes</surname>
 	</personname>
 
-	<contrib>ËܾϤδð¤Ë¤·¤¿ security(7) ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤Î¼¹É®: </contrib>
+	<contrib>´ó¹Æ: </contrib>
    </author>
   </authorgroup>
  </info>
 
  <indexterm><primary>¥»¥­¥å¥ê¥Æ¥£</primary></indexterm>
 
- <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman
-  ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»¤Æ¤¤¤¿¤À¤­¤Þ¤·¤¿)¡£</emphasis></para>
+<!-- <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman
+  ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»¤Æ¤¤¤¿¤À¤­¤Þ¤·¤¿)¡£</emphasis></para> -->
 
  <sect1 xml:id="security-synopsis">
   <title>¤³¤Î¾Ï¤Ç¤Ï</title>
 
-  <para>¤³¤Î¾Ï¤Ç¤Ï¡¢´ðËÜŪ¤Ê¥·¥¹¥Æ¥à¥»¥­¥å¥ê¥Æ¥£¤Î¹Í¤¨Êý¡¢
-   ³Ð¤¨¤Æ¤ª¤¯¤Ù¤­°ìÈÌŪ¤Ê¥ë¡¼¥ë¤ò¾Ò²ð¤·¡¢
-   &os; ¤Ë¤ª¤±¤ë¹âÅÙ¤ÊÏÃÂê¤Ë¤Ä¤¤¤Æ´Êñ¤ËÀâÌÀ¤·¤Þ¤¹¡£
-   ¤³¤³¤Ç°·¤¦ÏÃÂê¤Î¿¤¯¤Ï¡¢
-   °ìÈÌŪ¤Ê¥·¥¹¥Æ¥à¤ä¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥»¥­¥å¥ê¥Æ¥£¤Ë¤â¤¢¤Æ¤Ï¤Þ¤ê¤Þ¤¹¡£
-   ¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤĤ³¤È¤Ï¡¢¥Ç¡¼¥¿¡¢ÃÎŪºâ»º¡¢»þ´Ö¡¢¤½¤Î¾¤ò¡¢
-   ¥Ï¥Ã¥«¡¼¤ä¤½¤ÎƱÎफ¤é¼é¤ë¤¿¤á¤Ë¤Ï·ç¤«¤»¤Þ¤»¤ó¡£</para>
+  <para>ʪÍýŪ¤â¤·¤¯¤Ï²¾ÁÛŪ¤Ë´Ø¤ï¤é¤º¡¢
+   ¥»¥­¥å¥ê¥Æ¥£¤ÏÉý¹­¤¤¥È¥Ô¥Ã¥¯¤Ç¤¢¤ê¡¢
+   ¶È³¦Á´ÂΤ¬¥»¥­¥å¥ê¥Æ¥£¤È¤È¤â¤ËÀ®Ä¹¤·¤Æ¤¤¤Þ¤¹¡£
+   ¥·¥¹¥Æ¥à¤ª¤è¤Ó¥Í¥Ã¥È¥ï¡¼¥¯¤ò°ÂÁ´¤Ë¤¹¤ëɸ½àŪ¤ÊÊýË¡¤Ï¿ô¿¤¯Ê¸½ñ²½¤µ¤ì¤Æ¤ª¤ê¡¢
+   &os; ¤Î¥æ¡¼¥¶¤â¡¢
+   ¹¶·â¤ä¿¯Æþ¼Ô¤«¤é¼é¤ëÊýË¡¤òÍý²ò¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
 
-  <para>&os; ¤Ï¡¢
-   ¥·¥¹¥Æ¥à¤È¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÀ°¹çÀ­¤ª¤è¤Ó°ÂÁ´À­¤òÊݸ¤ë»ÅÁȤߤȰìÏ¢¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£</para>
+  <para>¤³¤Î¾Ï¤Ç¤Ï¡¢¥»¥­¥å¥ê¥Æ¥£¤Î´ðÁä䵻½Ñ¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
+   &os; ¥·¥¹¥Æ¥à¤Ï¡¢Ê£¿ô¤Î¥ì¥¤¥ä¤Ë´ØÏ¢¤¹¤ë¥»¥­¥å¥ê¥Æ¥£¤òÄ󶡤·¤Þ¤¹¡£
+   ¤½¤·¤Æ¡¢°ÂÁ´À­¤ò¹â¤á¤ë¤¿¤á¤Ë¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÍøÍѤ¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£</para>
 
   <para>¤³¤Î¾Ï¤òÆɤà¤È¡¢°Ê²¼¤Î¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£</para>
 
@@ -123,391 +123,381 @@
  <sect1 xml:id="security-intro">
   <title>¤Ï¤¸¤á¤Ë</title>
 
-  <para>¥»¥­¥å¥ê¥Æ¥£¤È¤Ï¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ò¤¤¤Ä¤âǺ¤Þ¤»¤ë»Å»ö¤Î°ì¤Ä¤Ç¤¹¡£
-   &os; ¤Ï¡¢¸ÇÍ­¤Î¥»¥­¥å¥ê¥Æ¥£µ¡¹½¤òÈ÷¤¨¤Æ¤¤¤Þ¤¹¤¬¡¢
-   ÄɲäΥ»¥­¥å¥ê¥Æ¥£µ¡¹½¤òÀßÄꤷÊݼ餹¤ë»Å»ö¤Ï¤ª¤½¤é¤¯¡¢
-   ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¤â¤Ã¤È¤âÂ礭¤ÊÀÕ̳¤Î°ì¤Ä¤Ç¤·¤ç¤¦¡£</para>
+  <para>¥»¥­¥å¥ê¥Æ¥£¤ò¹â¤á¤ë¤³¤È¤Ï¤¹¤Ù¤Æ¤Î¿Í¤ÎÀÕǤ¤Ç¤¹¡£
+   ¥·¥¹¥Æ¥à¤Ë¼å¤¤¿¯Æþ¥Ý¥¤¥ó¥È¤¬Â¸ºß¤¹¤ë¤È¡¢¿¯Æþ¼Ô¤Ï½ÅÍפʾðÊó¤òÆÀ¤¿¤ê¡¢
+   ¥Í¥Ã¥È¥ï¡¼¥¯Á´ÂΤËÈï³²¤òµÚ¤Ü¤¹¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
+   ¿¤¯¤Î¥»¥­¥å¥ê¥Æ¥£¤Î¥È¥ì¡¼¥Ë¥ó¥°¤Ç¤Ï¡¢
+   ¾ðÊó¥·¥¹¥Æ¥à¤Îµ¡Ì©À­ (confidentiality)¡¢
+   ´°Á´À­ (integrity) ¤ª¤è¤Ó²ÄÍÑÀ­ (availability)
+   ¤ò°ÕÌ£¤¹¤ë¥»¥­¥å¥ê¥Æ¥£¤Î 3 Í×ÁǤǤ¢¤ë
+   <acronym>CIA</acronym> ¤¬¼è¤ê°·¤ï¤ì¤Þ¤¹¡£</para>
 
-  <para>¤Þ¤¿¡¢¥·¥¹¥Æ¥à¥»¥­¥å¥ê¥Æ¥£¤Ë¤Ï¡¢
-   ¤µ¤Þ¤¶¤Þ¤Ê·Á¤Ç¤Î¹¶·â¤ËÂн褹¤ë¤³¤È¤È¤â´Ø·¸¤·¤Æ¤¤¤Þ¤¹¡£
-   ¹¶·â¤ÎÃæ¤Ë¤Ï <systemitem class="username">root</systemitem>
-   ¸¢¸Â¤òÃ¥¤ª¤¦¤È¤Ï¤·¤Ê¤¤¤±¤ì¤É¤â¡¢
-   ¥¯¥é¥Ã¥·¥å¤ä¥·¥¹¥Æ¥à¤ÎÉÔ°ÂÄê¾õÂÖ¤ò°ú¤­µ¯¤³¤½¤¦¤È¤¹¤ë¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£
-   ¤³¤Î¥»¥­¥å¥ê¥Æ¥£ÌäÂê¤Ï¡¢¤¤¤¯¤Ä¤«¤ËʬÎह¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£</para>
+  <para><acronym>CIA</acronym> ¤Î 3 Í×ÁǤϡ¢
+   ¥³¥ó¥Ô¥å¡¼¥¿¥»¥­¥å¥ê¥Æ¥£¤Î´ðËܤȤʤë¹Í¤¨¤Ç¤¹¡£
+   ¸ÜµÒ¤ä¥¨¥ó¥É¥æ¡¼¥¶¤Ï¡¢¥Ç¡¼¥¿¤Î¥×¥é¥¤¥Ð¥·¡¼¤ò´üÂÔ¤·¤Þ¤¹¡£
+   Èà¤é¤Ï¡¢¥Ç¡¼¥¿¤¬Êѹ¹¤µ¤ì¤Ê¤¤¤³¤È¤ä¡¢
+   ¾ðÊ󤬱£¤µ¤ì¤Æ¤¤¤ë¤³¤È¤ò´üÂÔ¤·¤Þ¤¹¡£
+   Èà¤é¤Ï¤Þ¤¿¡¢¤¤¤Ä¤Ç¤â¾ðÊó¤Ë¥¢¥¯¥»¥¹¤Ç¤­¤ë¤³¤È¤ò´üÂÔ¤·¤Þ¤¹¡£
+   ¤³¤ì¤é¤Ï¡¢¥·¥¹¥Æ¥à¤Îµ¡Ì©À­¡¢´°Á´À­¡¢²ÄÍÑÀ­¤ò¹½À®¤·¤Þ¤¹¡£</para>
 
-  <orderedlist>
-   <listitem>
-	<para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (denial of service attack)</para>
-   </listitem>
+  <para>¥»¥­¥å¥ê¥Æ¥£¤Î¥×¥í¥Õ¥§¥Ã¥·¥ç¥Ê¥ë¤Ï¡¢<acronym>CIA</acronym>
+   ¤ò¼é¤ë¤¿¤á¤Ë¡¢Â¿ÁØËɱҤÎÀïά¤òºÎÍѤ·¤Þ¤¹¡£
+   ¤³¤Î¿ÁØËɱÒÀïά¤Ç¤Ï¥»¥­¥å¥ê¥Æ¥£¤Î¥ì¥¤¥¢¤òÊ£¿ôÍÑ°Õ¤¹¤ë¤³¤È¤Ç¡¢
+   °ì¤Ä¤Î¥ì¥¤¥ä¤¬Çˤé¤ì¤Æ¤â¡¢
+   ¥»¥­¥å¥ê¥Æ¥£¥·¥¹¥Æ¥àÁ´ÂΤ¬Çˤé¤ì¤ë¤³¤È¤òËɤ®¤Þ¤¹¡£
+   ¥·¥¹¥Æ¥à¤Î´ÉÍý¼Ô¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òñ¤ËÍ­¸ú¤Ë¤¹¤ë¤À¤±¤Ç¤Ï¤Ê¤¯¡¢
+   ¥Í¥Ã¥È¥ï¡¼¥¯¤â¤·¤¯¤Ï¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤÄɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+   ¥¢¥«¥¦¥ó¥È¤ò´Æºº¤·¡¢¥Ð¥¤¥Ê¥ê¤Î´°Á´À­¡¢
+   °­°Õ¤Î¤¢¤ë¥Ä¡¼¥ë¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+   ¤³¤Î¤¿¤á¤Ë¡¢
+   ´ÉÍý¼Ô¤Ï¶¼°Ò¤¬¤É¤Î¤è¤¦¤Ê¤â¤Î¤«¤òÍý²ò¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
 
-   <listitem>
-	<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍÑ (user account compromise)</para>
-   </listitem>
+  <sect2 xml:id="security-threats">
+   <title>¶¼°Ò</title>
 
-   <listitem>
-	<para>¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤ò»È¤Ã¤¿ root ¸¢¸Â¤ÎÉÔÀµÍøÍÑ</para>
-   </listitem>
+   <para>¥³¥ó¥Ô¥å¡¼¥¿¥»¥­¥å¥ê¥Æ¥£¤ª¤±¤ë¶¼°Ò¤È¤Ï²¿¤Ç¤·¤ç¤¦¤«¡©
+    Ĺǯ¡¢¶¼°Ò¤Ï¥ê¥â¡¼¥È¤Î¹¶·â¼Ô¡¢
+	¤¹¤Ê¤ï¤Á±ó³Ö¤«¤é¤Îµö²Ä¤Î¤Ê¤¤¥·¥¹¥Æ¥à¤Ø¤Î¥¢¥¯¥»¥¹¤ò´ë¤Æ¤ë¿Í¡¹¤È¹Í¤¨¤é¤ì¤Æ¤¤¤Þ¤·¤¿¡£
+	º£Æü¤Ç¤Ï¡¢¤³¤ÎÄêµÁ¤Ï½¾¶È°÷¡¢°­°Õ¤Î¤¢¤ë¥½¥Õ¥È¥¦¥§¥¢¡¢
+	ÉÔÀµ¤Ê¥Í¥Ã¥È¥ï¡¼¥¯¥Ç¥Ð¥¤¥¹¡¢¼«Á³ºÒ³²¡¢¥»¥­¥å¥ê¥Æ¥£¤ÎÀȼåÀ­¡¢
+	¤½¤·¤Æ¶¥¹ç¤¹¤ë²ñ¼Ò¤Ç¤µ¤¨¤â´Þ¤á¤ë¤è¤¦¤Ë³ÈÄ¥¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
 
-   <listitem>
-	<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ò·Ðͳ¤·¤¿ root ¸¢¸Â¤ÎÉÔÀµ»ÈÍÑ</para>
-   </listitem>
+   <para>ËèÆü¡¢¿ôÀé¤â¤Î¥·¥¹¥Æ¥à¤ª¤è¤Ó¥Í¥Ã¥È¥ï¡¼¥¯¤¬¹¶·â¤µ¤ì¡¢
+	¿ôÉ´¤â¤Î¥·¥¹¥Æ¥à¤¬µö²Ä¤Ê¤¯¥¢¥¯¥»¥¹¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
+	´Êñ¤Ê¥¢¥¯¥·¥Ç¥ó¥È¤È¤¤¤Ã¤¿¤â¤Î¤«¤é¡¢¥ê¥â¡¼¥È¤«¤é¤Î¹¶·â¡¢
+	»º¶È¥¹¥Ñ¥¤¤Ç¤¢¤Ã¤¿¤ê¡¢°ÊÁ°Æ¯¤¤¤Æ¤¤¤¿½¾¶È°÷¤«¤é¤Î¹¶·â¤È¤¤¤Ã¤¿¥±¡¼¥¹¤â¤¢¤ê¤Þ¤¹¡£
+	¥·¥¹¥Æ¥à¤Î¥æ¡¼¥¶¤È¤·¤Æ¤Ï¡¢
+	´Ö°ã¤¤¤¬¥»¥­¥å¥ê¥Æ¥£°ãÈ¿¤Ë·Ò¤¬¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢
+	²ÄǽÀ­¤Î¤¢¤ëÌäÂê¤ò¥»¥­¥å¥ê¥Æ¥£¥Á¡¼¥à¤ËÊó¹ð¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£
+	´ÉÍý¼Ô¤È¤·¤Æ¤Ï¡¢¶¼°Ò¤òÇÄ°®¤·¡¢
+	¤½¤Î¶¼°Ò¤Î±Æ¶Á¤ò¾®¤µ¤¯¤¹¤ë¤è¤¦¤Ë½àÈ÷¤ò¤·¤Æ¤ª¤¯¤³¤È¤¬½ÅÍפǤ¹¡£</para>
+   </sect2>
 
-   <listitem>
-	<para>¥Ð¥Ã¥¯¥É¥¢¤ÎÀßÃÖ</para>
-   </listitem>
-  </orderedlist>
+  <sect2 xml:id="security-groundup">
+   <title>¥Ü¥È¥à¥¢¥Ã¥×¥¢¥×¥í¡¼¥Á</title>
 
-  <indexterm>
-   <primary>DoS ¹¶·â</primary>
-   <see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
-  </indexterm>
+   <para>¥»¥­¥å¥ê¥Æ¥£¤ò¹Í¤¨¤ë¾å¤Ç¡¢
+	¤·¤Ð¤·¤Ð¥Ü¥È¥à¥¢¥Ã¥×¥¢¥×¥í¡¼¥Á¤¬°ìÈÖÎɤ¤ÊýË¡¤È¤Ê¤ê¤Þ¤¹¡£
+	¤³¤Î¹Í¤¨¤Ç¤Ï¡¢´ÉÍý¼Ô¤¬´ðËÜŪ¤Ê¥¢¥«¥¦¥ó¥È¡¢¥·¥¹¥Æ¥àÀßÄê¤ò¹Ô¤Ã¤Æ¤«¤é¡¢
+	¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤ÎÀßÄê¡¢
+	¤½¤·¤Æ¥Í¥Ã¥È¥ï¡¼¥¯¥ì¥¤¥ä¤ËÀßÄê¤ò¹­¤²¤Æ¤¤¤­¤Þ¤¹¡£
+	¥·¥¹¥Æ¥à¥Ý¥ê¥·¡¼¤ª¤è¤Ó¼ê³¤­¤ò¹Ô¤¦¾å¤Ç¤Ï¡¢
+	¤³¤Î¤è¤¦¤ÊÀßÄê¤Î¦Ì̤¬¤¢¤ê¤Þ¤¹¡£</para>
 
-  <indexterm>
-   <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-   <secondary>DoS ¹¶·â</secondary>
-   <see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
-  </indexterm>
+   <para>¥Ó¥¸¥Í¥¹¤Î¿¤¯¤Î´Ä¶­¤Ç¤Ï¡¢
+	»ÈÍѤ¹¤ë¥Ç¥Ð¥¤¥¹¤ÎÀßÄê¤ËÂФ¹¤ë¥»¥­¥å¥ê¥Æ¥£¥Ý¥ê¥·¤¬¤¹¤Ç¤ËºöÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+	¤³¤Î¥Ý¥ê¥·¤Ë¤Ï¡¢ºÇÄã¸Â¥¨¥ó¥É¥æ¡¼¥¶¤Î¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¡¢
+	¥Ç¥¹¥¯¥È¥Ã¥×¡¢·ÈÂÓÅÅÏää¥é¥Ã¥×¥È¥Ã¥×¤È¤¤¤Ã¤¿¥â¥Ð¥¤¥ë¥Ç¥Ð¥¤¥¹¡¢¤ª¤è¤Ó
+	À½Éʤª¤è¤Ó³«È¯¥µ¡¼¥Ð¤ÎξÊý¤ËÂФ¹¤ë¥»¥­¥å¥ê¥Æ¥£¤ÎÀßÄ꤬´Þ¤Þ¤ì¤Æ¤¤¤ë¤Ù¤­¤Ç¤¹¡£
+	¿¤¯¤Î¾ì¹ç¤Ë¤Ï¡¢¥³¥ó¥Ô¥å¡¼¥¿¤Î¥»¥­¥å¥ê¥Æ¥£¤ò¹Í¤¨¤ëºÝ¤Ë¡¢
+	ɸ½àºî¶È¼ê³½ñ (<acronym>SOP</acronym>)
+	¤¬¤¹¤Ç¤Ë¸ºß¤·¤Þ¤¹¡£
+	¤ï¤«¤é¤Ê¤±¤ì¤Ð¡¢¥»¥­¥å¥ê¥Æ¥£¥Á¡¼¥à¤Ë¿Ò¤Í¤Æ¤¯¤À¤µ¤¤¡£</para>
+  </sect2>
 
-  <indexterm><primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary></indexterm>
+  <sect2 xml:id="security-accounts">
+   <title>¥·¥¹¥Æ¥à¤ª¤è¤Ó¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È</title>
 
-  <para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (<acronym>DoS</acronym> ¹¶·â) ¤È¤Ï¡¢
-   ¥Þ¥·¥ó¤«¤éɬÍפʻñ¸»¤òÃ¥¤¦¹Ô°Ù¤Ç¤¹¡£
-   Ä̾¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤Ï¤½¤Î¥Þ¥·¥ó¤Ç¼Â¹Ô¤µ¤ì¤ë¥µ¡¼¥Ð¤ä¥Í¥Ã¥È¥ï¡¼¥¯¥¹¥¿¥Ã¥¯¤ò²áÉé²Ù¾õÂ֤ˤ·¤Æ¡¢
-   ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¡¢
-   ¥Þ¥·¥ó¤ò»È¤¨¤Ê¤¯¤·¤¿¤ê¤¹¤ë¤è¤¦¤ÊÎÏǤ¤»¤ÎÊýË¡¤Ç¤¹¡£
-   ¥µ¡¼¥Ð¥×¥í¥»¥¹¤ËÂФ¹¤ë¹¶·â¤Ï¡¢¥ª¥×¥·¥ç¥ó¤òŬÀڤ˻ØÄꤹ¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢
-   ¹¶·â¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¥µ¡¼¥Ð¥×¥í¥»¥¹¤ÎÉé²Ù¾å¾º¤Ë¸Â³¦¤òÀßÄꤹ¤ë¤³¤È¤ÇÂбþ¤Ç¤­¤ë¾ì¹ç¤¬Â¿¤¤¤Ç¤¹¡£¤³¤ì¤é¤ËÈæ¤Ù¤ë¤È¡¢
-   ¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤ÎÎÏǤ¤»¤Î¹¶·â¤Ø¤ÎÂбþ¤Ï¤º¤Ã¤ÈÆñ¤·¤¯¤Ê¤ê¤Þ¤¹¡£
-   ¤³¤Î¹¶·â¤Ë¤è¤Ã¤Æ¡¢¥Þ¥·¥ó¤òÍî¤È¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤­¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
-   Àܳ¤·¤Æ¤¤¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È²óÀþ¤ò˰Ϥµ¤»¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤¹¡£</para>
+   <para>¥·¥¹¥Æ¥à¤ò°ÂÁ´¤Ë¤¹¤ë¤Ë¤¢¤¿¤ê¡¢ºÇ¤âŬÀڤʽÐȯÅÀ¤Ï¡¢
+	¥¢¥«¥¦¥ó¥È¤Î´Æºº¤Ç¤¹¡£
+	¥ë¡¼¥È¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¶¯ÎϤǤ¢¤ë¤³¤È¡¢
+	¥·¥§¥ë¥¢¥¯¥»¥¹¤òɬÍפȤ·¤Ê¤¤¥¢¥«¥¦¥ó¥È¤Ï̵¸ú¤Ë¤¹¤ë¤³¤È¤ò³Î¼Â¤Ë¤ª¤³¤Ê¤Ã¤Æ¤¯¤À¤µ¤¤¡£
+	¤Þ¤¿¡¢¸¢¸Â¤òɬÍפȤ¹¤ë¥æ¡¼¥¶¤ËÂФ·¤Æ¤Ï¡¢
+	<package>security/sudo</package> ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¡¢
+	¥¢¥¯¥»¥¹¤¬É¬ÍפȤʤ륢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¤ß¤Ë¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
+	root ¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢·è¤·¤Æ¶¦Í­¤¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£</para>
 
-  <indexterm>
-   <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-   <secondary>¥¢¥«¥¦¥ó¥ÈÉÔÀµÍøÍÑ</secondary>
-  </indexterm>
+   <para>¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò̵¸ú¤Ë¤¹¤ëÊýË¡¤ÏÆóÄ̤ꤢ¤ê¤Þ¤¹¡£
+	°ì¤ÄÌܤÎÊýË¡¤Ï¡¢¥¢¥«¥¦¥ó¥È¤ò¥í¥Ã¥¯¤¹¤ëÊýË¡¤Ç¤¹¡£Îã¤È¤·¤Æ¡¢
+	toor ¥¢¥«¥¦¥ó¥È¤ò¥í¥Ã¥¯¤¹¤ëÊýË¡¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£</para>
 
-  <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍѤϡ¢
-   <acronym>DoS</acronym> ¹¶·â¤è¤ê¤â¤º¤Ã¤È¤è¤¯¤¢¤ëÌäÂê¤Ç¤¹¡£
-   ¤³¤Î¤´»þÀª¤Ç¤â¡¢
-   °Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¿¤¯¡¢
-   ¤½¤Î¤¿¤á¡¢¥ê¥â¡¼¥È¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ï¡¢
-   ¥Ñ¥¹¥ï¡¼¥É¤òÇÁ¤­¸«¤é¤ì¤Æ¤·¤Þ¤¦´í¸±À­¤¬¤¢¤ê¤Þ¤¹¡£
-   ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Ãí°Õ¿¼¤¤¿Í¤Ê¤é¤Ð¡¢
-   ¥ê¥â¡¼¥È¥¢¥¯¥»¥¹¥í¥°¤ò²òÀϤ·¤Æ¡¢
-   µ¿¤ï¤·¤¤Á÷¿®¸µ¥¢¥É¥ì¥¹¤äµ¿¤ï¤·¤¤¥í¥°¥¤¥ó¤òõ¤¹¤â¤Î¤Ç¤¹¡£</para>
+   <screen>&prompt.root; <userinput>pw lock toor</userinput></screen>
 
-  <para>¥»¥­¥å¥ê¥Æ¥£¤ò½½Ê¬°Ý»ý¤·¡¢
-   ¼êÆþ¤ì¤Î¹Ô¤­ÆϤ¤¤¿¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤Ï¡¢
-   ¤¢¤ë¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤¬²Äǽ¤È¤Ê¤Ã¤Æ¤â¡¢
-   ɬ¤º¤·¤â¹¶·â¼Ô¤Ë <systemitem class="username">root</systemitem>
-   ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£
-   <systemitem class="username">root</systemitem>
-   ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤¬¤Ê¤±¤ì¤Ð¡¢
-   ¹¶·â¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפò±£Ê乤뤳¤È¤¬¤Ç¤­¤Þ¤»¤ó¤·¡¢
-   ¤½¤Î¥æ¡¼¥¶¤Î¥Õ¥¡¥¤¥ë¤ò°ú¤Ã¤«¤­²ó¤·¤¿¤ê¡¢
-   ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¤¹¤ë¤Î¤¬¤»¤¤¤¼¤¤¤Ç¤¹¡£
-   ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍѤϤ᤺¤é¤·¤¤¤³¤È¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
-   ¤Ê¤¼¤Ê¤é°ìÈ̥桼¥¶¤Ï¡¢
-   ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Û¤ÉÃí°Õ¤òʧ¤ï¤Ê¤¤·¹¸þ¤¬¤¢¤ë¤«¤é¤Ç¤¹¡£</para>
+   <para>¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥¢¥«¥¦¥ó¥È¤ÎÀßÄê¤ò
+	<quote>toor:*:0:0::0:0:Bourne-again Superuser:/root:</quote>
+	¤«¤é <quote>toor:*LOCKED**:0:0::0:0:Bourne-again
+	Superuser:/root:</quote> ¤Ø¤ÈÊѹ¹¤·¤Þ¤¹¡£</para>
 
-  <indexterm>
-   <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-   <secondary>΢¸ý (¥Ð¥Ã¥¯¥É¥¢)</secondary>
-  </indexterm>
+   <para>¤È¤­¤Ë¤Ï (¤ª¤½¤é¤¯ÄɲäΥµ¡¼¥Ó¥¹¤Î¤¿¤á¤Ë)¡¢
+	¤³¤ÎÊýË¡¤¬»È¤¨¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£
+	¤½¤Î¤è¤¦¤Ê¾ì¹ç¤Ë¤Ï¡¢°Ê²¼¤ÎÎã¤Î¤è¤¦¤Ë¡¢
+	¥·¥§¥ë¤ò /sbin/nologin ¤ËÊѹ¹¤¹¤ë¤³¤È¤Ç¡¢
+	¥í¥°¥¤¥ó¥¢¥¯¥»¥¹¤òµñÈݤǤ­¤Þ¤¹¡£</para>
 
-  <para><systemitem class="username">root</systemitem>
-   ¸¢¸Â¤òÃ¥¼è¤¹¤ëÊýË¡¤Ï¡¢ÀøºßŪ¤Ë²¿Ä̤ê¤â¤¢¤ê¤Þ¤¹¡£
-   ¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem>
-   ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤·¡¢
-   ¹¶·â¼Ô¤¬ <systemitem class="username">root</systemitem>
-   ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ó¥¹¤Î¥Ð¥°¤ÎÀȼåÀ­¤òÍøÍѤǤ­¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-   ¤Þ¤¿¡¢¹¶·â¼Ô¤Ï SUID-root
-   ¥×¥í¥°¥é¥à¤Ë¸ºß¤¹¤ë¥Ð¥°¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-   ¹¶·â¼Ô¤Ï¡¢
-   ¥Ð¥Ã¥¯¥É¥¢¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤ë¥×¥í¥°¥é¥à¤ò»È¤Ã¤ÆÀȼåÀ­¤Ê¥·¥¹¥Æ¥à¤òõ¤·¤¿¤ê¡¢
-   ½¤Àµ¤µ¤ì¤Æ¤¤¤Ê¤¤ÀȼåÀ­¤òÍøÍѤ·¤Æ¥¢¥¯¥»¥¹¤·¤¿¤ê¡¢
-   ¹¶·â¼Ô¤Ë¤è¤ë°ãË¡¹Ô°Ù¤Îº¯Àפò¾Ã¤½¤¦¤È¤·¤¿¤ê¤¹¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
+   <screen>&prompt.root; <userinput>chsh -s /usr/sbin/nologin toor</userinput></screen>
 
-  <para>¥»¥­¥å¥ê¥Æ¥£¤ò²þÁ±¤¹¤ëÊýË¡¤Ï¡¢¾ï¤Ë¡¢
-   ¥¿¥Þ¥Í¥®¤ÎÈé¤Î¤è¤¦¤Ë³¬Áز½¤¹¤ë¼êË¡
-   (a multi-layered <quote>onion peel</quote> approach)
-   ¤Ç¼ÂÁõ¤µ¤ì¤ë¤Ù¤­¤Ç¤¹¡£¤³¤ì¤é¤Ï¼¡¤Î¤è¤¦¤ËʬÎà¤Ç¤­¤Þ¤¹¡£</para>
+   <note>
+    <para>¾¤Î¥æ¡¼¥¶¤Î¥·¥§¥ë¤Ï¡¢¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¤Î¤ß¤¬Êѹ¹¤Ç¤­¤Þ¤¹¡£
+	 Ä̾ï¤Î¥æ¡¼¥¶¤¬¹Ô¤ª¤¦¤È¤¹¤ë¤È¼ºÇÔ¤·¤Þ¤¹¡£</para>
+   </note>
 
-  <orderedlist>
-   <listitem>
-	<para><systemitem class="username">root</systemitem>
-	 ¤È¥¹¥¿¥Ã¥Õ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-   </listitem>
+   <para>¥¢¥«¥¦¥ó¥È¾ðÊó¤Ï¡¢°Ê²¼¤Î¤è¤¦¤ËºÇ¸å¤Î¥¨¥ó¥È¥ê¤¬
+	<quote>nologin</quote> ¥·¥§¥ë¤È¤Ê¤ê¤Þ¤¹¡£</para>
 
-   <listitem>
-	<para><systemitem class="username">root</systemitem>
-	 ¤Î°ÂÁ´À­¤ò¹â¤á¤ë – <systemitem
-	  class="username">root</systemitem> ¸¢¸Â¤ÇÆ°ºî¤¹¤ë¥µ¡¼¥Ð¤È
-	 SUID/SGID ¥Ð¥¤¥Ê¥ê¡£</para>
-   </listitem>
+   <programlisting>toor:*:0:0::0:0:Bourne-again Superuser:/root:/usr/sbin/nologin</programlisting>
 
-   <listitem>
-	<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-   </listitem>
+   <para><filename>/usr/sbin/nologin</filename> ¥·¥§¥ë¤Ï¡¢
+	&man.login.1;
+	¥³¥Þ¥ó¥É¤¬¤³¤Î¥æ¡¼¥¶¤Ë¥·¥§¥ë¤ò³ä¤êÅö¤Æ¤ë¤³¤È¤ò¥Ö¥í¥Ã¥¯¤·¤Þ¤¹¡£</para>
+   </sect2>
 
-   <listitem>
-	<para>¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-   </listitem>
+  <sect2 xml:id="security-sudo">
+   <title>¥¢¥«¥¦¥ó¥È¤Î¸¢¸Â¤ò³ÈÂ礹¤ë</title>
 
-   <listitem>
-	<para>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
-	 ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À­¤ò¹â¤á¤ë¡£</para>
-   </listitem>
+   <para>¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢
+	¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ø¤Î¥¢¥¯¥»¥¹¤ò¾¤Î¥æ¡¼¥¶¤È¶¦Í­¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+	&os; ¤Ï¤³¤Î¤¿¤á¤ËÆó¤Ä¤ÎÊýË¡¤òÍÑ°Õ¤·¤Æ¤¤¤Þ¤¹¡£
+	Âè°ì¤ÎÊýË¡¤Ï¿ä¾©¤µ¤ì¤Þ¤»¤ó¤¬¡¢
+	¥ë¡¼¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¶¦Í­¤·¡¢¥æ¡¼¥¶¤ò
+	<systemitem class="groupname">wheel</systemitem>
+	¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ëÊýË¡¤Ç¤¹¡£
+	¤³¤ì¤ò¹Ô¤¦¤Ë¤Ë¤Ï¡¢<filename>/etc/group</filename> ¤òÊÔ½¸¤·¡¢
+	ºÇ½é¤Î¥°¥ë¡¼¥×¤ÎºÇ¸å¤Ë¥æ¡¼¥¶¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£
+	¥æ¡¼¥¶¤Ï¥«¥ó¥Þ¶èÀÚ¤ê¤Ç´ÉÍý¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
 
-   <listitem>
-	<para>¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¹Ô¤Ê¤ï¤ì¤¿¡¢
-	 ÉÔŬÀÚ¤ÊÊѹ¹¤ò¤¹¤Ð¤ä¤¯¸¡½Ð¤¹¤ë¡£</para>
-   </listitem>
+   <para>¸¢¸Â¤Î³ÈÂç¤ò¤¹¤ëŬÀÚ¤ÊÊýË¡¤Ï¡¢
+	<package>security/sudo</package> port ¤ò»È¤¦ÊýË¡¤Ç¤¹¡£
+	¤³¤Î port ¤Ï¡¢Äɲäδƺº¡¢¤è¤ê¤­¤áºÙ¤«¤¤¥æ¡¼¥¶´ÉÍý¡¢¤ª¤è¤Ó
+	¥æ¡¼¥¶¤ò &man.service.8;
+	¤Î¤è¤¦¤Ê¸¢¸Â¤¬Í¿¤¨¤é¤ì¤¿¥³¥Þ¥ó¤Î¤ß¤Î¼Â¹Ô¤ËÀ©¸Â¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£</para>
 
-   <listitem>
-	<para>ɬÍפȻפï¤ì¤ë°Ê¾å¤ÎÂбþ¤ò¤È¤ë (paranoia)¡£</para>
-   </listitem>
-  </orderedlist>
+   <para>¥¤¥ó¥¹¥È¡¼¥ë¤¬½ª¤ï¤Ã¤¿¤é¡¢
+	<command>visudo</command> ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò»È¤Ã¤Æ
+	<filename>/usr/local/etc/sudoers</filename>
+	¥Õ¥¡¥¤¥ë¤òÊÔ½¸¤·¤Æ¤¯¤À¤µ¤¤¡£
+	°Ê²¼¤ÎÎã¤Ç¤Ï¡¢¿·¤·¤¯ webadmin ¥°¥ë¡¼¥×¤¬ºîÀ®¤µ¤ì¡¢
+	<systemitem class="username">trhodes</systemitem>
+	¥æ¡¼¥¶¤¬¤³¤Î¥°¥ë¡¼¥×¤ËÄɲ䵤ì¤Þ¤¹¡£
+	¤½¤Î¸å¡¢¥æ¡¼¥¶¤Ë <package>apache24</package>
+	¤òºÆµ¯Æ°¤¹¤ë¥¢¥¯¥»¥¹¸¢¸Â¤òÍ¿¤¨¤Þ¤¹¡£
+	¤³¤Î¼ê³¤­¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
 
-  <para>¼¡¤ÎÀá¤Ç¤Ï¡¢¾åµ­¤Î¹àÌܤˤĤ¤¤Æ¤è¤ê¿¼¤¯·¡¤ê²¼¤²¤Æ¤¤¤­¤Þ¤¹¡£</para>
- </sect1>
+   <screen>&prompt.root; <userinput>pw groupadd webadmin -M trhodes -g 6000</userinput></screen>
 
- <sect1 xml:id="securing-freebsd">
-  <title>&os; ¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+   <screen>&prompt.root; <userinput>visudo</userinput></screen>
 
-  <indexterm>
-   <primary>¥»¥­¥å¥ê¥Æ¥£</primary>
-   <secondary>&os; ¤Î°ÂÁ´À­¤ò¹â¤á¤ë</secondary>
-  </indexterm>
+   <programlisting>%webadmin ALL=(ALL) /usr/sbin/service apache24 *</programlisting>
 
-  <para>¤³¤ÎÀá¤Ç¤Ï¡¢<link
-	linkend="security-intro">Á°Àá</link> ¤Ç¤È¤ê¤¢¤²¤¿ &os;
-   ¥·¥¹¥Æ¥à¤Î°ÂÁ´À­¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£</para>
+   <para>¥í¡¼¥«¥ë¤Î¥æ¡¼¥¶´ÉÍý¤Ë¤ª¤¤¤Æ¡¢
+	<package>security/sudo</package> ¤Ï¡¢
+	Èó¾ï¤Ëµ®½Å¤Ê¥ê¥½¡¼¥¹¤òÄ󶡤·¤Þ¤¹¡£
+	¤Þ¤¿¡¢¥Ñ¥¹¥ï¡¼¥É¤òÉÔɬÍפˤ·¤Æ¡¢¥Ç¥Õ¥©¥ë¥È¤ò &man.ssh.1;
+	¸°¤ÎÊýË¡¤À¤±¤Ë¤¹¤ë¤³¤È¤â¤Ç¤­¤Þ¤¹¡£
+	&man.sshd.8; ·Ðͳ¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤ë¥í¥°¥¤¥ó¤ò̵¸ú¤Ë¤·¡¢
+	<command>sudo</command>
+	¤Ø¤Î¥í¡¼¥«¥ë¥Ñ¥¹¥ï¡¼¥É¤Î¤ß¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+	<xref linkend="openssh"/> ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+  </sect2>
 
-  <sect2 xml:id="securing-root-and-staff">
-   <title><systemitem class="username">root</systemitem>
-	¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+  <sect2 xml:id="security-passwords">
+   <title>¥Ñ¥¹¥ï¡¼¥É</title>
 
-   <indexterm>
-	<primary>&man.su.1;</primary>
-   </indexterm>
+   <para>¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Æ¥¯¥Î¥í¥¸¡¼¤Ë¤ª¤±¤ëɬÍ×°­¤Ç¤¹¡£
+	¥Ñ¥¹¥ï¡¼¥É¤Ï¶Ë¤á¤ÆÊ£»¨¤Ç¤¢¤ë¤À¤±¤Ç¤Ï¤Ê¤¯¡¢
+	¥Ñ¥¹¥ï¡¼¥É¤òÊݸ¤ë¶¯ÎϤʥϥå·¥å¥á¥«¥Ë¥º¥à¤â¤Þ¤¿É¬ÍפȤʤê¤Þ¤¹¡£
+	¤³¤Îʸ½ñ¤ò½ñ¤¤¤Æ¤¤¤ë»þÅÀ¤Ç¤Ï¡¢
+	&os; ¤Ï <function>crypt()</function> ¥é¥¤¥Ö¥é¥ê¤Ç
+	<acronym>DES</acronym>, <acronym>MD</acronym>5, Blowfish,
+	<acronym>SHA</acronym>256 ¤ª¤è¤Ó <acronym>SHA</acronym>512
+	¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£
+	¥Ç¥Õ¥©¥ë¥È¤Ï <acronym>SHA</acronym>512 ¤Ç¤¢¤ê¡¢
+	¶¯Å٤μ夤°Å¹æ¤Ø¤ÏÊѹ¹¤¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+	¤·¤«¤·¤Ê¤¬¤é¡¢Blowfish ¤ò¹¥¤à¥æ¡¼¥¶¤â¤ª¤ê¤Þ¤¹¡£
+	<acronym>DES</acronym> ¤ò½ü¤¯³Æ¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢
+	³«»Ï¤Îʸ»ú¡¢»ÈÍѤ·¤Æ¤¤¤ë¥Ï¥Ã¥·¥å¥á¥«¥Ë¥º¥à¤ò¼±Ê̲Äǽ¤ÊÆÃħ¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£
+	<acronym>MD</acronym>5 ¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢¥·¥ó¥Ü¥ë¤Ï
+	<quote>$</quote> ¤ÎÉä¹æ¤Ç¤¹¡£
+	<acronym>SHA</acronym>256 ¤Þ¤¿¤Ï¡¢
+	<acronym>SHA</acronym>512 ¤Ç¤Ï¡¢¥·¥ó¥Ü¥ë¤Ï <quote>$6$</quote>¡¢
+	¤½¤·¤Æ Blowfish ¤Ï <quote>$2a$</quote> ¤Ç¤¹¡£
+	°Å¹æ¶¯Å٤μ夤¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢
+	¼¡²ó¤Î¥í¥°¥¤¥ó»þ¤Ë¥æ¡¼¥¶¤¬
+	&man.passwd.1; ¤ò¼Â¹Ô¤·¤ÆºÆ¥Ï¥Ã¥·¥å²½¤¹¤ë¤³¤È¤òÂ¥¤¹¤Ù¤­¤Ç¤¹¡£</para>
 
-   <para>¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
-	<systemitem class="username">root</systemitem>
-	¥¢¥«¥¦¥ó¥È¤Ë³ä¤êÅö¤Æ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬ 1 ¤Ä¤¢¤ê¤Þ¤¹¡£
-	¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï<emphasis>¤¤¤Ä¤Ç¤â</emphasis>ÉÔÀµÍøÍÑ¤Î´í¸±¤Ë»¯¤µ¤ì¤Æ¤¤¤ë¤È¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
-	¤³¤ì¤Ï¥Ñ¥¹¥ï¡¼¥É¤ò̵¸ú¤Ë¤¹¤Ù¤­¤À¤È¸À¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
-	¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Þ¥·¥ó¤Ë¥³¥ó¥½¡¼¥ë¤«¤é¥¢¥¯¥»¥¹¤¹¤ë¤Î¤Ë¤Ï¡¢
-	¤Û¤È¤ó¤É¤¤¤Ä¤Ç¤âɬÍפʤâ¤Î¤Ç¤¹¡£
-	¤·¤«¤·¤Ê¤¬¤é¡¢¥³¥ó¥½¡¼¥ë°Ê³°¤«¤é¤Ï¡¢
-	¤½¤·¤Æ²Äǽ¤Ê¤é &man.su.1;
-	¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤â¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ù¤­¤Ç¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢<filename>/etc/ttys</filename> ¤Î¥¨¥ó¥È¥ê¤Ë¤ª¤¤¤Æ¡¢
-	ÆÃÄê¤Î¥¿¡¼¥ß¥Ê¥ë¤ËÂФ·
-	<systemitem class="username">root</systemitem>
-	¤Ç¥í¥°¥¤¥ó¤Ç¤­¤Ê¤¤¤è¤¦¤Ë
-	<literal>insecure</literal> ¤ÈÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£
-	&os; ¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¡¢
-	<filename>/etc/ssh/sshd_config</filename> ¤Ë¤ª¤¤¤Æ
-	<literal>PermitRootLogin</literal> ¤¬ <literal>no</literal>
-	¤ÈÀßÄꤵ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢&man.ssh.1; ¤ò»È¤Ã¤¿
-	<systemitem class="username">root</systemitem>
-	¤Ø¥í¥°¥¤¥ó¤Ï̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
-	¤¹¤Ù¤Æ¤Î¥¢¥¯¥»¥¹¼êÃÊ¡¢¤¿¤È¤¨¤Ð FTP
-	¤è¤¦¤Ê¥µ¡¼¥Ó¥¹¤Ï¡¢Îɤ¯¥¯¥é¥Ã¥¯¤ÎÂоݤȤʤ뤳¤È¤òÍý²ò¤·¤Æ¤¯¤À¤µ¤¤¡£
-	<systemitem class="username">root</systemitem> ¤Ø¤ÎľÀÜ¥í¥°¥¤¥ó¤Ï¡¢
-	¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë·Ðͳ¤Ç¤Î¤ß²Äǽ¤Ç¤¢¤ë¤Ù¤­¤Ê¤Î¤Ç¤¹¡£</para>
+   <note>
+	<para>¤³¤Îʸ½ñ¤ò½ñ¤¤¤Æ¤¤¤ë»þÅÀ¤Ç¡¢Blowfish ¤Ï
+	 <acronym>AES</acronym> ¤Ç¤Ê¤±¤ì¤Ð¡¢
+	 <acronym>FIPS</acronym> (Federal Information
+	 Processing Standards) ¤Ë½àµò¤â¤·¤Æ¤¤¤Þ¤»¤ó¡£
+	 ¤½¤Î¤¿¤á¡¢»ÈÍѤǤ­¤Ê¤¤´Ä¶­¤¬¤¢¤ê¤Þ¤¹¡£</para>
+   </note>
 
-   <indexterm>
-	<primary><systemitem class="groupname">wheel</systemitem></primary>
-   </indexterm>
+   <para>¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+	ÆóÍ×ÁÇǧ¾Ú¤ò»ÈÍѤ¹¤Ù¤­¤Ç¤¹¡£
+	¤³¤Îǧ¾Ú¤Ç¤Ï¡¢Ä̾濫¤Ê¤¿¤¬½êÍ­¤¹¤ëÍ×ÁǤÈÃΤäƤ¤¤ëÍ×ÁǤ¬ÍѤ¤¤é¤ì¤Þ¤¹¡£
+	&os; ¤Î¥Ù¡¼¥¹¥·¥¹¥Æ¥à¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë
+	<application>OpenSSH</application> ¤ª¤è¤Ó ssh-keys ¤Ç¤Ï¡¢
+	¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î¤¹¤Ù¤Æ¤Î¥í¥°¥¤¥ó¤Ë¤ª¤±¤ëÆóÍ×ÁÇǧ¾Ú¤Î¸ò´¹¤Ç¡¢
+	¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+	¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥Ï¥ó¥É¥Ö¥Ã¥¯¤Î
+	<xref linkend="openssh"/> Àá¤ò¤´Í÷¤¯¤À¤µ¤¤¡£
+	Kerberose ¤Î¥æ¡¼¥¶¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¤Ç
+	<application>OpenSSH</application>
+	¤ò¼ÂÁõ¤¹¤ë¤¿¤á¤ËÄɲäÎÊѹ¹¤¬É¬Íפˤʤë¤Ç¤·¤ç¤¦¡£</para>
+  </sect2>
 
-   <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï
-	<systemitem class="username">root</systemitem>
-	¤Ë¤Ê¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¤Î¤Ç¡¢
-	ÄɲäΥѥ¹¥ï¡¼¥Éǧ¾Ú¤ÎÀßÄ꤬ɬÍפȤʤê¤Þ¤¹¡£
-	¤Ò¤È¤Ä¤Ï¡¢Å¬Àڤʥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò
-	<filename>/etc/group</filename> Ãæ¤Î
-	<systemitem class="groupname">wheel</systemitem> ¤Ë²Ã¤¨¤ëÊýË¡¤Ç¤¹¡£
-	<systemitem class="groupname">wheel</systemitem>
-	¤Î¥á¥ó¥Ð¤Ï¡¢&man.su.1; ¤ò»È¤Ã¤Æ
-	<systemitem class="username">root</systemitem> ¤Ë¤Ê¤ë¤³¤È¤¬µö¤µ¤ì¤Þ¤¹¡£
-	¼ÂºÝ¤Ë
-	<systemitem class="username">root</systemitem>
-	¥¢¥¯¥»¥¹¤ÎɬÍפʥ桼¥¶¤Î¤ß
-	<systemitem class="groupname">wheel</systemitem>
-	¤ËÃÖ¤¯¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
-	Kerberos ¤ò»ÈÍѤ·¤Æǧ¾Ú¹Ô¤¦¾ì¹ç¤Ë¤Ï¡¢
-	<systemitem class="username">root</systemitem>
-	¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Ë <filename>.k5login</filename>
-	¤òºîÀ®¤¹¤ë¤³¤È¤Ç¡¢
-	ï¤â <systemitem class="groupname">wheel</systemitem> ¤ËÃÖ¤¯É¬Íפʤ¯
-	&man.ksu.1; ¤¹¤ë¤³¤È¤òµö²Ä¤Ç¤­¤Þ¤¹¡£</para>
+  <sect2 xml:id="security-rkhunter">
+   <title>¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥­¥Ã¥È</title>
 
-   <para>¥¢¥«¥¦¥ó¥È¤ò´°Á´¤Ë¥í¥Ã¥¯¤¹¤ë¤Ë¤Ï¡¢
-	&man.pw.8; ¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£</para>
+   <para>¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥­¥Ã¥È¤Ï¡¢
+	¤½¤ì¤é¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿¸å¤Ë¶¼°Ò¤È¤Ê¤ê¤Þ¤¹¡£
+	¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤È¡¢¤³¤Î°­°Õ¤Î¤¢¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+	¹¶·â¼Ô¤Î¤¿¤á¤Ë¿¯Æþ¸ý¤òÀßÃÖ¤·¤Þ¤¹¡£
+	¼ÂºÝŪ¤Ë¤Ï¡¢¥·¥¹¥Æ¥à¤¬°ìÅÙ±øÀ÷¤µ¤ì¤¿¸å¤Ë¡¢Ä´ºº¤¬¹Ô¤ï¤ì¡¢
+	¾Ãµî¤µ¤ì¤Þ¤¹¡£
+	¿µ½Å¤Ê¥»¥­¥å¥ê¥Æ¥£¤ä¥·¥¹¥Æ¥à¥¨¥ó¥¸¥Ë¥¢¤Ç¤µ¤¨¤â¡¢
+	¹¶·â¼Ô¤¬»Ä¤·¤¿¥½¥Õ¥È¥¦¥§¥¢¤ò¸«Æ¨¤·¤Æ¤·¤Þ¤¦¤È¤¤¤¦¶²¤í¤·¤¤¥ê¥¹¥¯¤¬Â¸ºß¤·¤Æ¤¤¤Þ¤¹¡£</para>
 
-   <screen>&prompt.root; <userinput>pw lock staff</userinput></screen>
+   <para>¥Ð¥Ã¥¯¥É¥¢¤Þ¤¿¤Ï¥ë¡¼¥È¥­¥Ã¥È¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+	´ÉÍý¼Ô¤Ë¤È¤Ã¤ÆÌò¤ËΩ¤Ä¤³¤È¤¬°ì¤Ä¤¢¤ê¤Þ¤¹¡£
+	¤½¤ì¤Ï¡¢°ìÅÙ¸¡½Ð¤¹¤ë¤È¡¢
+	¥·¥¹¥Æ¥à¤Î¤É¤³¤«¤¬´í¸±¤ËËÁ¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Îº¯ÀפȤʤê¤Þ¤¹¡£
+	¤·¤«¤·¡¢Ä̾盧¤Î¼ï¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢¤È¤Æ¤â¤¦¤Þ¤¯±£¤ì¤Æ¤¤¤Þ¤¹¡£
+	¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥­¥Ã¥È¤ò¸¡½Ð¤¹¤ë¥Ä¡¼¥ë¤¬Â¸ºß¤·¤Æ¤ª¤ê¡¢
+	¤½¤ì¤¦¤Á¤Î°ì¤Ä¤¬¡¢
+	<package>security/rkhunter</package> ¤Ç¤¹¡£</para>
 
-   <para>¤³¤ì¤Ë¤è¤ê¡¢»ØÄꤵ¤ì¤¿¥æ¡¼¥¶¤Ï¡¢&man.ssh.1;
-	¤ò´Þ¤à¤¤¤«¤Ê¤ëÊýË¡¤Ç¤â¥í¥°¥¤¥ó¤Ç¤­¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£</para>
+   <para>¥¤¥ó¥¹¥È¡¼¥ë¸å¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤Ç¥·¥¹¥Æ¥à¤ò¥Á¥§¥Ã¥¯¤Ç¤­¤Þ¤¹¡£
+	¼Â¹Ô¤¹¤ë¤È¿¤¯¤Î¾ðÊ󤬽ÐÎϤµ¤ì¤Þ¤¹¡£</para>
 
-   <para>¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤¹¤ë¤â¤¦°ì¤Ä¤ÎÊýË¡¤Ï¡¢
-	°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò
-	<quote><literal>*</literal></quote> 1 ʸ»ú¤ËÃÖ¤­´¹¤¨¤ë¤³¤È¤Ç¤¹¡£
-	¤³¤Îʸ»ú¤Ï¡¢°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤Ë¥Þ¥Ã¥Á¤¹¤ë¤³¤È¤Ï¤Ê¤¤¤Î¤Ç¡¢
-	¥æ¡¼¥¶¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤·¤Þ¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢¼¡¤Î¥¢¥«¥¦¥ó¥È¤Î¥¨¥ó¥È¥ê¤ò¡¢</para>
+   <screen>&prompt.root; <userinput>rkhunter -c</userinput></screen>
 
-   <programlisting>foobar:R9DT/Fa1/LV9U:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+   <para>¤³¤Î¥×¥í¥»¥¹¤ò¼Â¹ÔÃæ¤Ë <keycap>ENTER</keycap>
+	¥­¡¼¤ò²¿ÅÙ¤«²¡¤¹É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
+	´°Î»¤¹¤ë¤È¡¢¥¹¥Æ¡¼¥¿¥¹¥á¥Ã¥»¡¼¥¸¤¬²èÌ̤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£
+	¤³¤Î¥á¥Ã¥»¡¼¥¸¤Ï¡¢¥Á¥§¥Ã¥¯¤·¤¿¥Õ¥¡¥¤¥ë¤ÎÎÌ¡¢µ¿¤ï¤·¤¤¥Õ¥¡¥¤¥ë¤Î¿ô¡¢
+	²ÄǽÀ­¤Î¤¢¤ë¥ë¡¼¥È¥­¥Ã¥ÈÅù¤Î¾ðÊó¤ò´Þ¤ß¤Þ¤¹¡£
+	¥Á¥§¥Ã¥¯¤ÎºÇÃæ¡¢±£¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¡¢
+	<application>OpenSSH</application> ¥×¥í¥È¥³¥ë¤ÎÁªÂò¡¢¤½¤·¤Æ¡¢
+	»þ¤Ë¤Ï¡¢¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥§¥¢¤ÎÁ²¼åÀ­¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë´Ø¤¹¤ë°ìÈÌŪ¤Ê¥»¥­¥å¥ê¥Æ¥£¤Î·Ù¹ð¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£
+	¤¹¤°¤Ë¡¢¤â¤·¤¯¤Ï¤è¤ê¾ÜºÙ¤Ê²òÀϤ¬¹Ô¤ï¤ì¤¿¸å¤Ë¡¢Âбþ¤¬²Äǽ¤Ç¤¹¡£</para>
 
-   <para>&man.vipw.8; ¤ò»È¤Ã¤Æ°Ê²¼¤Î¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£</para>
+   <para>´ÉÍý¼Ô¤Ï³§¡¢
+	ôÅö¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¾å¤Ç²¿¤¬¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¤«¤òÇÄ°®¤·¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+	<application>rkhunter</application>,
+	<application>lsof</application> ¤ä
+	&man.netstat.1; ¤ª¤è¤Ó &man.ps.1; ¤È¤¤¤Ã¤¿¥Í¥¤¥Æ¥£¥Ö¤Î¥Ä¡¼¥ë¤Ï¡¢
+	¥·¥¹¥Æ¥à¤Ë´Ø¤¹¤ë¤«¤Ê¤ê¿¤¯¤Î¾ðÊó¤òÍ¿¤¨¤Æ¤¯¤ì¤Þ¤¹¡£
+	Àµ¾ï¤Ê¾õÂÖ¤¬¤É¤Î¤è¤¦¤Ê¾õÂ֤Ǥ¢¤ë¤«¤òÇÄ°®¤·¤Æ¤ª¤­¡¢
+	ËÜÍè¤È°ã¤¦¾õ¶·¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢¼ÁÌä¤ò¤·¤¿¤ê¡¢
+	µ¿¤¤¿¼¤¯¤Ê¤Ã¤Æ¤¯¤À¤µ¤¤¡£
+	¥»¥­¥å¥ê¥Æ¥£¤¬Çˤé¤ì¤ë¤³¤È¤òÈò¤±¤ë¤³¤È¤ÏÍýÁۤǤ¹¤¬¡¢
+	Çˤé¤ì¤¿¤³¤È¤òÇÄ°®¤¹¤ë¤³¤È¤Ïɬ¿Ü¤Ç¤¹¡£</para>
+  </sect2>
 
-   <programlisting>foobar:*:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+  <sect2 xml:id="security-ids">
+   <title>¥Ð¥¤¥Ê¥ê¸¡¾Ú</title>
 
-   <para>¤³¤ÎÊѹ¹¤Ë¤è¤Ã¤Æ
-	<systemitem class="username">foobar</systemitem> ¤Ï¡¢
-	Ä̾ï¤Î¥í¥°¥¤¥ó¤Ï¤Ç¤­¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
-	¤³¤Î¤è¤¦¤Ê¥¢¥¯¥»¥¹À©¸Â¤ò¤·¤¿¸å¤Ï¡¢
-	¥µ¥¤¥È¤Ç <application>Kerberos</application> ¤ò¥»¥Ã¥È¥¢¥Ã¥×¤·¤¿¤ê¡¢
-	¥æ¡¼¥¶¤¬ &man.ssh.1;
-	¤Î¸°¤òÀßÄꤹ¤ë¤Ê¤É¤È¤¤¤Ã¤¿Ç§¾Ú¼êÃʤòÍøÍѤ·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
+   <para>¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤ª¤è¤Ó¥Ð¥¤¥Ê¥ê¤Î¸¡¾Ú¤Ï¡¢
+	¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ª¤è¤Ó¥»¥­¥å¥ê¥Æ¥£¥Á¡¼¥à¤ËÂФ·¤Æ¡¢
+	¥·¥¹¥Æ¥à¤ÎÊѹ¹¤Ë´Ø¤¹¤ë¾ðÊó¤òÄ󶡤·¤Æ¤¯¤ì¤ë¤¿¤á½ÅÍפǤ¹¡£
+	¤¤¤«¤Ê¤ë¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤â¡¢¥·¥¹¥Æ¥à´ÉÍý¥Á¡¼¥à¤ÎÃΤé¤Ê¤¤¤È¤³¤í¤Ç¡¢
+	ÆâÉô¤Î¥³¥Þ¥ó¥É¤ä¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏÊѹ¹¤¹¤Ù¤­¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+	¥·¥¹¥Æ¥à¤ÎÊѹ¹¤ò¤ò¥â¥Ë¥¿¥ê¥ó¥°¤¹¤ë¥½¥Õ¥È¥¦¥§¥¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢
+	¿¯Æþ¸¡ÃÎ¥·¥¹¥Æ¥à (Intrusion Detection System)
+	¤Þ¤¿¤Ï <acronym>IDS</acronym> ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£</para>
 
-   <para>¤³¤ì¤é¤Î¥»¥­¥å¥ê¥Æ¥£¤Î»ÅÁȤߤǤϡ¢
-	À©¸Â¤Î¶¯¤¤¥µ¡¼¥Ð¤«¤éÀ©¸Â¤Î¼å¤¤¥µ¡¼¥Ð¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òÁ°Äó¤È¤·¤Æ¤¤¤Þ¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢¥µ¡¼¥Ð¤¬¥Í¥Ã¥È¥ï¡¼¥¯¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¾ì¹ç¡¢
-	¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ç¤Ï¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
-	¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤ò½½Ê¬¤Ë°ÂÁ´¤Ë¤·¤Æ¤ª¤¯¤¿¤á¤Ë¤Ï¡¢
-	¼Â¹Ô¤¹¤ë¥µ¡¼¥Ó¥¹¤ò¥¼¥í¤Ë¤¹¤ë¤«¡¢²Äǽ¤Ê¸Â¤ê¸º¤é¤·¡¢
-	¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤¿¥¹¥¯¥ê¡¼¥ó¥»¡¼¥Ð¤òÁö¤é¤»¤Æ¤ª¤¯¤Ù¤­¤Ç¤¹¡£
-	¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¤¬Í¿¤¨¤é¤ì¤¿¤È¤¹¤ë¤È¡¢
-	¤â¤Á¤í¤ó¸À¤¦¤Þ¤Ç¤â¤Ê¤¯¡¢
-	¹¶·â¼Ô¤Ï¤¤¤«¤Ê¤ë¼ïÎà¤Î¥»¥­¥å¥ê¥Æ¥£¤ò¤â¤¦¤ÁÇˤ뤳¤È¤¬¤Ç¤­¤ë¤Î¤Ç¤¹¡£
-	¹¬¤¤¤Ë¤â¡¢¥·¥¹¥Æ¥àÇˤê¤ÎÂç¿¿ô¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯·Ðͳ¤Ç¥ê¥â¡¼¥È¤«¤é¡¢
-	¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¼êÃʤò»ý¤¿¤Ê¤¤¿Í¡¹¤Ë¤è¤Ã¤Æ¹Ô¤ï¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+   <para>&os; ¤Ï¡¢´ðËÜŪ¤Ê
+	<acronym>IDS</acronym> ¥·¥¹¥Æ¥à¤ò¥Í¥¤¥Æ¥£¥Ö¤ÇÄ󶡤·¤Æ¤¤¤Þ¤¹¡£
+	¼ÂºÝ¤Ë¡¢ËèÈդΠ&man.periodic.8; ¥»¥­¥å¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¥á¡¼¥ë¤ÎÃæ¤Ç¤Ï¡¢
+	´ÉÍý¼Ô¤ËÊѹ¹ÅÀ¤òÄÌÃΤ·¤Þ¤¹¡£
+	¾ðÊó¤Ï¥í¡¼¥«¥ë¤ËÊݸ¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢
+	°­°Õ¤Î¤¢¤ë¥æ¡¼¥¶¤¬Êѹ¹¤·¡¢¾ðÊó¤ò
+	<quote>µ½¤¯</quote> ²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
+	¤½¤Î¤¿¤á¡¢¥Ð¥¤¥Ê¥ê¤Î½ð̾¤ÎÊ̤Υ»¥Ã¥È¤òºîÀ®¤·¤Æ¡¢
+	Æɤ߼è¤êÀìÍѤΠroot ½êÍ­¤Î¥Ç¥£¥ì¥¯¥È¥ê¡¢¤Ç¤­¤ì¤Ð¡¢
+	<acronym>USB</acronym> ¥Ç¥£¥¹¥¯¤Þ¤¿¤Ï
+	<application>rsync</application>
+	¥µ¡¼¥Ð¤È¤¤¤Ã¤¿¥·¥¹¥Æ¥à¤È¤ÏÊ̤Υ·¥¹¥Æ¥à¤ËÊݸ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-   <para>Kerberos ¤ò»È¤¦¤³¤È¤Ç¡¢
-	¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤â¤·¤¯¤ÏÄä»ß¤ò°ì²Õ½ê¤Ç¹Ô¤Ê¤¦¤³¤È¤È¡¢
-	¥æ¡¼¥¶¤¬¥¢¥«¥¦¥ó¥È¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ë¨»þ¤Ë¤½¤Î¸ú²Ì¤òµÚ¤Ü¤¹¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
-	¥¢¥«¥¦¥ó¥È¤¬´í¸±¤Ë»¯¤µ¤ì¤¿¤È¤­¤Ë¡¢
-	¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¾å¤Î´ØÏ¢¤¹¤ë¥Ñ¥¹¥ï¡¼¥É¤ò¨ºÂ¤ËÊѹ¹¤¹¤ëǽÎϤò²á¾®É¾²Á¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
-	Kerberos ¤Ç¤Ï¡¢Kerberos ¥Á¥±¥Ã¥È¤Ë¥¿¥¤¥à¥¢¥¦¥È¤òÀßÄê¤Ç¤­¡¢
-	ÀßÄꤷ¤¿´ü´Ö¤¬·Ð²á¤¹¤ë¤È¥æ¡¼¥¶¤Ë¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÁª¤Ö¤è¤¦¤ËÍ׵᤹¤ë¤È¤¤¤Ã¤¿ÄɲäÎÀ©¸Â¤ò²Ý¤¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</para>
-  </sect2>
+   <para>¤Þ¤ººÇ½é¤Ë¡¢¥·¡¼¥É¤òÀ¸À®¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+	¤³¤ì¤Ï¡¢¿ôÃÍÄê¿ô¤Ç¡¢¥Ï¥Ã¥·¥åÃͤÎÀ¸À®¤ä¥Ï¥Ã¥·¥åÃͤθ¡¾Ú¤Ç»È¤ï¤ì¤Þ¤¹¡£
+	¤³¤Î¥·¡¼¥É¤¬¤Ê¤¤¤È¡¢
+	¥Õ¥¡¥¤¥ë¤Î¥Á¥§¥Ã¥¯¥µ¥à¤ÎÃͤòµ¶¤Ã¤¿¤ê¸¡¾Ú¤¬²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£
+	°Ê²¼¤ÎÎã¤Ç¤Ï¡¢¥·¡¼¥É¤Ï <option>-s</option>
+	¥Õ¥é¥°¤Ç»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+	ºÇ½é¤Ë°Ê²¼¤Î¥³¥Þ¥ó¥É¤òÍѤ¤¤Æ <filename>/bin</filename>
+	¤Î¥Ï¥Ã¥·¥åÃͤª¤è¤Ó¥Á¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-  <sect2>
-   <title>root ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤È
-	SUID/SGID ¥Ð¥¤¥Ê¥ê¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+   <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -c -K cksum,sha256digest -p /bin > bin_chksum_mtree</userinput></screen>
 
-   <indexterm>
-	<primary>º½¾ì (sandbox)</primary>
-   </indexterm>
-   <indexterm>
-	<primary>&man.sshd.8;</primary>
-   </indexterm>
+   <para>¤³¤Î¥³¥Þ¥ó¥É¤Î½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
 
-   <para>ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢É¬Íפʥµ¡¼¥Ó¥¹¤À¤±¤òÍ­¸ú¤Ë¤·¡¢
-	¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥µ¡¼¥Ð¤Ï¡¢
-	¤è¤¯¥Ð¥°¤ò»ý¤Ã¤Æ¤¤¤¬¤Á¤À¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ¤¤¤ë¤â¤Î¤Ç¤¹¡£
-	Ãí°Õ¿¼¤¯¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢·è¤·¤Æ¼Â¹Ô¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
-	¿¤¯¤Î¥Ç¡¼¥â¥ó¤Ï¡¢¥µ¡¼¥Ó¥¹ÀìÍѤΥ¢¥«¥¦¥ó¥È¡¢¤â¤·¤¯¤Ï
-	<firstterm>º½¾ì (sandbox)</firstterm> ¤Çµ¯Æ°¤µ¤»¤ë¤³¤È¤¬¤Ç¤­¤ë¤Î¤Ç¡¢
-	<systemitem class="username">root</systemitem>
-	¸¢¸Â¤Ç¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¤Ï¡¢¤è¤¯¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
-	&man.telnetd.8; ¤Þ¤¿¤Ï &man.rlogind.8;
-	¤Î¤è¤¦¤Ê°ÂÁ´¤Ç¤Ï¤Ê¤¤¥µ¡¼¥Ó¥¹¤ÏÍ­¸ú¤Ë¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£</para>
+   <screen>&prompt.root; mtree: /bin checksum: 3427012225</screen>
 
-   <para>¾¤Î¥·¥¹¥Æ¥à¤ÎÀøºßŪ¤Ê¥»¥­¥å¥ê¥Æ¥£¥Û¡¼¥ë¤Ë¤Ï¡¢
-	SUID-root ¤ª¤è¤Ó SGID ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
-	¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ï¡¢
-	&man.rlogin.1; ¤Î¤è¤¦¤Ë¡¢<filename>/bin</filename>,
-	<filename>/sbin</filename>, <filename>/usr/bin</filename>
-	¤Þ¤¿¤Ï <filename>/usr/sbin</filename>
-	¤Ë¸ºß¤¹¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
-	100% °ÂÁ´¤Ê¤â¤Î¤Ï¸ºß¤·¤Ê¤¤¤È¤Ï¤¤¤¨¡¢
-	¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î SUID/SGID ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤¤¨¤Þ¤¹¡£
-	SUID ¥Ð¥¤¥Ê¥ê¤Ï¡¢
-	¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¥¢¥¯¥»¥¹²Äǽ¤ÊÆÃÊ̤ʥ°¥ë¡¼¥×¤ËÀ©¸Â¤·¡¢
-	»È¤ï¤Ê¤¤ SUID ¥Ð¥¤¥Ê¥ê¤Ïºï½ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£
-	SGID ¥Ð¥¤¥Ê¥ê¤â¤Û¤È¤ó¤ÉƱÍÍ¤Î´í¸±¤Ê¸ºß¤Ë¤Ê¤êÆÀ¤Þ¤¹¡£
-	¿¯Æþ¼Ô¤¬ kmem ¤Ë SGID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÇˤ뤳¤È¤¬¤Ç¤­¤¿¾ì¹ç¡¢
-	¤½¤Î¿¯Æþ¼Ô¤Ï <filename>/dev/kmem</filename>
-	¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£¤Ä¤Þ¤ê¡¢
-	°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤Ç¡¢
-	¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ò¡¢ÀøºßŪ¤Ê´í¸±¤Ë»¯¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Â¾¤Ë¤â¡¢
-	<literal>kmem</literal> ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤¬ pty
-	¤òÄ̤·¤ÆÁ÷¤é¤ì¤¿¥­¡¼¥¹¥È¥í¡¼¥¯¤ò´Æ»ë¤Ç¤­¤ë¤È¤¤¤¦´í¸±¤¬¤¢¤ê¤Þ¤¹¡£
-	¥­¡¼¥¹¥È¥í¡¼¥¯¤Ë¤Ï¡¢°ÂÁ´¤ÊÊýË¡¤Ç¥í¥°¥¤¥ó¤¹¤ë¥æ¡¼¥¶¤¬»È¤Ã¤Æ¤¤¤ë pty
-	¤â´Þ¤Þ¤ì¤Þ¤¹¡£
-	<systemitem class="groupname">tty</systemitem>
-	¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤Ï¡¢¤Û¤ÜǤ°Õ¤Î¥æ¡¼¥¶¤Î
-	tty ¤Ø½ñ¤­¹þ¤ß¤¬¤Ç¤­¤Þ¤¹¡£
-	¥æ¡¼¥¶¤¬Ã¼Ëö¥×¥í¥°¥é¥à¤ä¥­¡¼¥Ü¡¼¥É¤ò¥·¥ß¥å¥ì¡¼¥·¥ç¥ó¤¹¤ëµ¡Ç½¤ò»ý¤Ã¤¿¥¨¥ß¥å¥ì¡¼¥¿¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢
-	¿¯Æþ¼Ô¤ÏÀøºßŪ¤Ë¡¢
-	·ë¶É¤½¤Î¥æ¡¼¥¶¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¥³¥Þ¥ó¥É¤ò¥æ¡¼¥¶¤ÎüËö¤Ë¥¨¥³¡¼¤µ¤»¤ë¥Ç¡¼¥¿¥¹¥È¥ê¡¼¥à¤òÀ¸À®¤Ç¤­¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£</para>
-  </sect2>
+   <para><filename>bin_cksum_mtree</filename> ¥Õ¥¡¥¤¥ë¤ò¸«¤ë¤È¡¢
+	°Ê²¼¤Î¤è¤¦¤Ê½ÐÎϤȤʤê¤Þ¤¹¡£</para>
 
-  <sect2 xml:id="secure-users">
-   <title>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+   <programlisting>#     user: root
+#    machine: dreadnaught
+#     tree: /bin
+#     date: Mon Feb 3 10:19:53 2014
+# .
+/set type=file uid=0 gid=0 mode=0555 nlink=1 flags=none
+.        type=dir mode=0755 nlink=2 size=1024 \
+        time=1380277977.000000000
+  \133    nlink=2 size=11704 time=1380277977.000000000 \
+        cksum=484492447 \
+        sha256digest=6207490fbdb5ed1904441fbfa941279055c3e24d3a4049aeb45094596400662a
+  cat     size=12096 time=1380277975.000000000 cksum=3909216944 \
+        sha256digest=65ea347b9418760b247ab10244f47a7ca2a569c9836d77f074e7a306900c1e69
+  chflags   size=8168 time=1380277975.000000000 cksum=3949425175 \
+        sha256digest=c99eb6fc1c92cac335c08be004a0a5b4c24a0c0ef3712017b12c89a978b2dac3
+  chio    size=18520 time=1380277975.000000000 cksum=2208263309 \
+        sha256digest=ddf7c8cb92a58750a675328345560d8cc7fe14fb3ccd3690c34954cbe69fc964
+  chmod    size=8640 time=1380277975.000000000 cksum=2214429708 \
+        sha256digest=a435972263bf814ad8df082c0752aa2a7bdd8b74ff01431ccbd52ed1e490bbe7</programlisting>
 
-   <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ï¡¢ÉáÄÌ¡¢°ÂÁ´À­¤ò¹â¤á¤ë¤³¤È¤¬ºÇ¤âº¤Æñ¤Ç¤¹¡£
-	µ¤¤òÇۤäƥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò´Æ»ë¤¹¤ë¤è¤ê¤Û¤«¤¢¤ê¤Þ¤»¤ó¡£
-	¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ËÂФ· &man.ssh.1; ¤ä Kerberos ¤òÍøÍѤ¹¤ë¤Ë¤Ï¡¢
-	¥·¥¹¥Æ¥à´ÉÍý¤¬¤µ¤é¤ËÁý¤¨¤¿¤ê¥Æ¥¯¥Ë¥«¥ë¥µ¥Ý¡¼¥È¤¬É¬Íפˤʤê¤Þ¤¹¤¬¡¢
-	°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÈÈæ³Ó¤¹¤ë¤È¤Ï¤ë¤«¤ËÎɤ¤ÊýË¡¤òÄ󶡤·¤Þ¤¹¡£</para>
-  </sect2>
+   <para>¥³¥ó¥Ô¥å¡¼¥¿¤Î¥Û¥¹¥È̾¡¢¸½ºß¤ÎÆüÉդȻþ´Ö¡¢&man.mtree.8;
+	¤ò¼Â¹Ô¤·¤¿¥æ¡¼¥¶¤Î¾ðÊ󤹤٤Ƥ¬¤³¤Î¥ì¥Ý¡¼¥È¤Ë¤Ï´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
+	¤Þ¤¿¡¢³Æ¥Ð¥¤¥Ê¥ê¤ËÂФ¹¤ë¥Á¥§¥Ã¥¯¥µ¥à¡¢¥µ¥¤¥º¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×¤ª¤è¤Ó
+	<acronym>SHA</acronym>256 ¥À¥¤¥¸¥§¥¹¥È¤â´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
 
-  <sect2>
-   <title>¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+   <para>¥Ð¥¤¥Ê¥ê½ð̾¤Î¸¡¾Ú¤Î¤¿¤á¤Ë¡¢
+	°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¸½ºß¤Î½ð̾¤Î¥ê¥¹¥È¤òÆɤ߹þ¤ß¡¢
+	·ë²Ì¤ò½ÐÎϤ·¤Þ¤¹¡£</para>
 
-   <para>¤Ç¤­¤ë¤À¤±Â¿¤¯¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥¢¥¹¥¿¥ê¥¹¥¯¤Ç³°¤·¡¢
-	¤½¤ì¤é¤Î¥¢¥«¥¦¥ó¥È¤Î¥¢¥¯¥»¥¹¤Ë¤Ï
-	&man.ssh.1; ¤ä Kerberos ¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¡¢Í£°ì¤Î³Î¼Â¤ÊÊýË¡¤Ç¤¹¡£
-	°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë
-	(<filename>/etc/spwd.db</filename>) ¤Ï
-	<systemitem class="username">root</systemitem>
-	¤Ç¤Î¤ßÆɤ߽Ф·²Äǽ¤À¤±¤ì¤É¤â¡¢
-	¤¿¤È¤¨¡¢¿¯Æþ¼Ô¤¬ root ¤Î½ñ¤­¹þ¤ß¸¢¸Â¤ÏÆÀ¤é¤ì¤Ê¤¯¤È¤â¡¢
-	Æɤ߽Ф·¥¢¥¯¥»¥¹¸¢¸Â¤òÆÀ¤ë¤³¤È¤Ï²Äǽ¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
+   <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -p /bin < bin_chksum_mtree >> bin_chksum_output</userinput></screen>
 
-   <para><link
-	 linkend="security-integrity">¥Õ¥¡¥¤¥ë¤Î´°Á´À­¤Î¥Á¥§¥Ã¥¯</link>
-	Àá¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢
-	¥»¥­¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤ò¥Á¥§¥Ã¥¯¤·¡¢
-	Êó¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£</para>
-  </sect2>
+   <para>¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¤¹¤Ç¤Ë¥Á¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Æ¤¤¤ë
+	<filename>/bin</filename> ¤ËÂФ·¤Æ¡¢Æ±ÍͤΥÁ¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Þ¤¹¡£
+	¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤«¤éÊѹ¹¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢
+	<filename>bin_chksum_output</filename> ¤Ø¤Î¼çÎϤ϶õ¤È¤Ê¤ê¤Þ¤¹¡£
+	Êѹ¹¤¬¹Ô¤ï¤ì¤¿¾ì¹ç¤ò¥·¥ß¥å¥ì¡¼¥È¤¹¤ë¤¿¤á¤Ë¡¢
+	<filename>/bin/cat</filename> ¥Õ¥¡¥¤¥ë¤ÎÆüÉÕ¤ò
+	&man.touch.1; ¤ò»È¤Ã¤ÆÊѹ¹¤·¤Æ¡¢
+	ºÆÅÙ¸¡¾Ú¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤ß¤Þ¤¹¡£</para>
 
-  <sect2>
-   <title>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
-	¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À­¤ò¹â¤á¤ë</title>
+   <screen>&prompt.root; <userinput>touch /bin/cat</userinput></screen>
+   <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -p /bin < bin_chksum_mtree >> bin_chksum_output</userinput></screen>
+   <screen>&prompt.root; <userinput>cat bin_chksum_output</userinput></screen>
+   <programlisting>cat changed
+	modification time expected Fri Sep 27 06:32:55 2013 found Mon Feb 3 10:28:43 2014</programlisting>
 
-   <para>ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁȤ߹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤­¸«¥Ç¥Ð¥¤¥¹
-	(packet sniffing device) ¥É¥é¥¤¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
-	&os; ¤Ç¤Ï <filename>bpf</filename> ¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£
-	¤³¤Î¥Ç¥Ð¥¤¥¹¤Ï DHCP ¤ÇɬÍפȤʤ뤿¤á¡¢
-	DHCP ¤òÄ󶡤·¤¿¤ê»È¤¦É¬ÍפΤʤ¤¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
-	¥«¥¹¥¿¥à¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤«¤é³°¤¹¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</para>
+   <para><package>security/aide</package> ¤Î¤è¤¦¤Ê¡¢
+	¤è¤ê¹âÅÙ¤Ê <acronym>IDS</acronym> ¥·¥¹¥Æ¥à¤â¤¢¤ê¤Þ¤¹¤¬¡¢
+	¤Û¤È¤ó¤É¤Î¥±¡¼¥¹¤Ë¤ª¤¤¤Æ¡¢
+	&man.mtree.8; ¤Ï´ÉÍý¼Ô¤¬É¬ÍפȤ¹¤ëµ¡Ç½¤òÄ󶡤·¤Þ¤¹¡£
+	°­°Õ¤Î¤¢¤ë¥æ¡¼¥¶¤¬¡¢
+	¥·¡¼¥ÉÃͤª¤è¤Ó¥Á¥§¥Ã¥¯¥µ¥à¤Î½ÐÎϤò¸«¤ì¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£</para>
+  </sect2>
 
-   <indexterm>
-	<primary>&man.sysctl.8;</primary>
-   </indexterm>
+  <sect2 xml:id="security-tuning">
+   <title>¥»¥­¥å¥ê¥Æ¥£¤Î¤¿¤á¤Î¥·¥¹¥Æ¥à¤ÎÄ´À°</title>
+ 
+   <para>¥·¥¹¥Æ¥à¤Îµ¡Ç½¤Î¿¤¯¤Ï¡¢&man.sysctl.8; ¤ò»È¤Ã¤ÆÄ´À°¤Ç¤­¤Þ¤¹¡£
+	Denial of Service (<acronym>DOS</acronym>)
+	¥¹¥¿¥¤¥ë¤Î¹¶·â¤òÈò¤±¤ë¤¿¤á¤Î¥»¥­¥å¥ê¥Æ¥£µ¡Ç½¤ËÂФ·¤Æ¤âƱÍͤǤ¹¡£
+	¤³¤ÎÀá¤Ç¤Ï¡¢¤è¤ê½ÅÍפÊÄ´À°¤Ë¤Ä¤¤¤Æ¤â¿¨¤ì¤Æ¤¤¤Þ¤¹¡£
+	&man.sysctl.8; ¤Ë¤è¤ê¡¢ÀßÄ꤬Êѹ¹¤µ¤ì¤¿»þ¤Ï¤¤¤Ä¤Ç¤â¡¢
+	˾¤Þ¤Ê¤¤´í³²¤¬µ¯¤³¤ë²ÄǽÀ­¤Ï¹â¤Þ¤ê¡¢
+	¥·¥¹¥Æ¥à¤Î²ÄÍÑÀ­¤Ë±Æ¶Á¤·¤Þ¤¹¡£
+	¥·¥¹¥Æ¥àÁ´ÂΤÎÀßÄê¤òÊѹ¹¤¹¤ë»þ¤Ë¤Ï¡¢
+	¥·¥¹¥Æ¥à¤Î <acronym>CIA</acronym> ¤ò¹Í¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
 
-   <para><filename>bpf</filename> ¤ò³°¤·¤Æ¤â¡¢
-	<filename>/dev/mem</filename> ¤ª¤è¤Ó
-	<filename>/dev/kmem</filename> ¤È¤¤¤¦ÌäÂ꤬¤Þ¤À»Ä¤Ã¤Æ¤¤¤Þ¤¹¡£
-	¿¯Æþ¼Ô¤Ï raw ¥Ç¥£¥¹¥¯¥Ç¥Ð¥¤¥¹¤Ë½ñ¤­¹þ¤à¤³¤È¤â¤Ç¤­¤Þ¤¹¡£
-	¤ä¤ëµ¤¤Þ¤ó¤Þ¤ó¤Î¿¯Æþ¼Ô¤Ï¡¢&man.kldload.8;
-	¤ò»È¤Ã¤Æ¼«Ê¬Æȼ«¤Î <filename>bpf</filename>¡¢
-	¤â¤·¤¯¤Ï¾¤ÎÇÁ¤­¸«¥Ç¥Ð¥¤¥¹¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤­¤Þ¤¹¡£
-	¤³¤ÎÌäÂê¤òÈò¤±¤ë¤¿¤á¡¢¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¡¢
-	¾¯¤Ê¤¯¤È¤â¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+   <para>°Ê²¼¤Ç¤Ï¡¢&man.sysctl.8; ¤Î°ìÍ÷¡¢
+	¤ª¤è¤ÓÊѹ¹¤¬¥·¥¹¥Æ¥à¤Ë¤É¤Î¤è¤¦¤Ë±Æ¶Á¤¹¤ë¤«¤òÀâÌÀ¤·¤Þ¤¹¡£</para>
 
-   <para>¥«¡¼¥Í¥ë¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¤¤¤¯¤Ä¤«¤ÎÊýË¡¤ÇÀßÄê¤Ç¤­¤Þ¤¹¡£
-	¸½ºßÆ°¤¤¤Æ¤¤¤ë¥«¡¼¥Í¥ë¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò¹â¤á¤ëºÇ¤â´Êñ¤ÊÊýË¡¤Ï¡¢
-	<varname>kern.securelevel</varname> ¤òÀßÄꤹ¤ëÊýË¡¤Ç¤¹¡£</para>
-
-   <screen>&prompt.root; <userinput>sysctl kern.securelevel=1</userinput></screen>
-
    <para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os; ¤Î¥«¡¼¥Í¥ë¤Ï¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë
 	-1 ¤Çµ¯Æ°¤·¤Þ¤¹¡£
 	¤³¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¡¢
@@ -521,479 +511,65 @@
 	<literal>YES</literal> ¤È¤·¡¢
 	<varname>kern_securelevel</varname>
 	¤ËɬÍפȤ¹¤ëÃͤòÀßÄꤹ¤ë¤³¤È¤Ç¡¢
-	¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥­¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£</para>
-
-   <para>¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤹ¤ë¤È¡¢
-	ÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĥե¡¥¤¥ë¤Î¥Õ¥é¥°¤ò³°¤¹¤³¤È¤Ï¤Ç¤­¤Ê¤¯¤Ê¤ê¡¢
-	¤Þ¤¿ raw ¥Ç¥Ð¥¤¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤¬µñÈݤµ¤ì¤Þ¤¹¡£
-	¤è¤ê¹â¤¤¥ì¥Ù¥ë¤ËÀßÄꤹ¤ë¤È¡¢¤è¤ê¿¤¯¤ÎÁàºî¤ËÀ©¸Â¤¬¤«¤«¤ê¤Þ¤¹¡£
-	³Æ¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Î´°Á´¤ÊÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+	¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥­¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
+	¤³¤ì¤é¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¤Î¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢
 	&man.security.7; ¤ª¤è¤Ó &man.init.8; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
 
-   <note>
-	<para>¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
-	 <filename>/dev/io</filename> ¤Ø¤Î¥¢¥¯¥»¥¹¤¬¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¤¿¤á¡¢
-	 <application>&xorg;</application> ¤ä¡¢
-	 <buildtarget>installworld</buildtarget> ¤Î¥×¥í¥»¥¹¤Ç¤Ï¡¢
-	 ¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤ÎÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĤΥե饰¤Ï°ì»þŪ¤Ë¥ê¥»¥Ã¥È¤µ¤ì¤ë¤¿¤á¡¢
-	 ¥½¡¼¥¹¤«¤é &os;
-	 ¤ò¹½ÃÛ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤­¤Ê¤É¤ÇÌäÂ꤬°ú¤­µ¯¤³¤µ¤ì¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
-	 <application>&xorg;</application> ¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¡¢
-	 µ¯Æ°¥×¥í¥»¥¹½é´ü¤Î¥»¥­¥å¥¢¥ì¥Ù¥ë¤¬½½Ê¬Ä㤤¤È¤­¤Ë
-	 &man.xdm.1; ¤òµ¯Æ°¤¹¤ë¤³¤È¤Ç¡¢¤³¤ÎÌäÂê¤ËÂбþ¤Ç¤­¤Þ¤¹¡£
-	 ¤³¤Î¤è¤¦¤Ê±þµÞ½èÃ֤ϡ¢
-	 ¤¹¤Ù¤Æ¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ä¤½¤ì¤é¤¬²Ý¤¹ÀøºßŪ¤Ê¤¹¤Ù¤Æ¤ÎÀ©¸Â¤Ë¤ÏÂбþ¤Ç¤­¤Ê¤¤¤Ç¤·¤ç¤¦¡£
-	 ¾¯¤·Àè¤ò¸«±Û¤·¤¿·×²èŪ¤ÊÂбþ¤ò¤¹¤Ù¤­¤Ç¤¹¡£
-	 ³Æ¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç²Ý¤µ¤ì¤ëÀ©¸Â¤Ï¡¢
-	 ¥·¥¹¥Æ¥à¤ò»ÈÍѤ¹¤ë¤³¤È¤Ë¤è¤ëÍøÊØÀ­¤òÃø¤·¤¯¸º¤é¤·¤Æ¤·¤Þ¤¦¤¿¤á¡¢
-	 ¤³¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ï½ÅÍפǤ¹¡£
-	 ¤Þ¤¿¡¢³Æ¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ç¡¢
-	 ¥Ç¥Õ¥©¥ë¥È¤ÎÀßÄê¤ò¤è¤ê¥·¥ó¥×¥ë¤Ë¤Ç¤­¡¢
-	 ÀßÄê¤Ë´Ø¤¹¤ë°Õ³°À­¤ò¾¯¤Ê¤¯¤Ç¤­¤ë¤Ç¤·¤ç¤¦¡£</para>
-   </note>
+   <warning>
+	<para><varname>securelevel</varname> ¤òÂ礭¤¯¤·¤¹¤®¤ë¤È¡¢
+	 <application>Xorg</application>
+	 ¤¬Æ°¤«¤Ê¤¯¤Ê¤Ã¤¿¤ê¡¢Â¾¤ÎÌäÂ꤬µ¯¤­¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
+	 ¥Ç¥Ð¥Ã¥°¤Î¿´¤Å¤â¤ê¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+   </warning>
 
-   <para>¥«¡¼¥Í¥ë¤Î¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
-	¥·¥¹¥Æ¥àµ¯Æ°¤Ë´Ø¤ï¤ë½ÅÍפʥХ¤¥Ê¥ê¤ä¥Ç¥£¥ì¥¯¥È¥ê¡¢
-	¥¹¥¯¥ê¥×¥È¥Õ¥¡¥¤¥ë¡¢¤½¤·¤Æ¡¢
-	¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤¬ÀßÄꤵ¤ì¤ë¤Þ¤Ç¤Î´Ö¤Ë¼Â¹Ô¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¤â¤Î¤ËÂФ·¤Æ¡¢
-	<literal>schg</literal> ¥Õ¥é¥°¤òÀßÄꤹ¤ë¤³¤È¤ÏÍ­ÍѤǤ·¤ç¤¦¡£
-	¥·¥¹¥Æ¥à¤ò¤è¤ê¹â¤¤¥»¥­¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤¹¤ë¤¬¡¢
-	<literal>schg</literal>
-	¥Õ¥é¥°¤òÀßÄꤷ¤Ê¤¤¤È¤¤¤¦¤È¤³¤í¤ÇÂŶ¨¤¹¤ë¤È¤¤¤¦¼ê¤â¤¢¤ê¤Þ¤¹¡£
-	¤â¤¦°ì¤Ä¤Î²ÄǽÀ­¤È¤·¤Æ¤Ï¡¢Ã±½ã¤Ë
-	<filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename>
-	¤òÆɤ߹þ¤ßÀìÍѤǥޥ¦¥ó¥È¤¹¤ë¤³¤È¤Ç¤¹¡£
-	¤³¤³¤ÇÆÃÉ®¤¹¤Ù¤­¤³¤È¤Ï¡¢¥·¥¹¥Æ¥à¤ò¼é¤í¤¦¤È¤·¤Æ¸·¤·¤¯¤·¤¹¤®¤ë¤È¡¢
-	¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
-  </sect2>
+   <para>¤Ä¤®¤ËÊѹ¹¤ò¸¡Æ¤¤¹¤Ù¤­ &man.sysctl.8; ¤Ï¡¢
+	net.inet.tcp.blackhole ¤ª¤è¤Ó net.inet.udp.blackhole ¤Ç¤¹¡£
+	¤³¤ì¤é¤òÀßÄꤹ¤ë¤È¡¢ÊĤ¸¤¿¥Ý¡¼¥È¤ËÂФ·¤ÆÆϤ¯
+	<acronym>SYN</acronym> ¥Ñ¥±¥Ã¥È¤Ï¥É¥í¥Ã¥×¤µ¤ì¡¢
+	<acronym>RST</acronym> ¥ì¥¹¥Ý¥ó¥¹¤òÊÖ¤·¤Þ¤»¤ó¡£
+	Ä̾ï¤Ï¡¢<acronym>RST</acronym> ¤òÊÖ¤·¡¢
+	¤½¤Î¥Ý¡¼¥È¤¬ÊĤ¸¤é¤ì¤Æ¤¤¤ë¤³¤È¤òÅÁ¤¨¤Þ¤¹¡£
+	¤³¤ì¤Ë¤è¤ê¡¢¥·¥¹¥Æ¥à¤ËÂФ¹¤ë <quote>¥¹¥Æ¥ë¥¹</quote>
+	¥¹¥­¥ã¥ó¤ËÂФ·¡¢¤¢¤ëÄøÅÙ¤ÎËɸæ¤È¤Ê¤ê¤Þ¤¹¡£
+	net.inet.tcp.blackhole ¤ò <quote>2</quote>¡¢
+	net.inet.udp.blackhole ¤ò <quote>1</quote> ¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£ 
+	¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ &man.blackhole.4; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
 
-  <sect2 xml:id="security-integrity">
-   <title>¥Õ¥¡¥¤¥ë¤Î´°Á´À­¤Î¥Á¥§¥Ã¥¯</title>
+   <para>¤µ¤é¤Ë¡¢net.inet.icmp.drop_redirect ¤ª¤è¤Ó
+	net.inet.ip.redirect ¤âÀßÄꤹ¤Ù¤­¤Ç¤¹¡£
+	¤³¤ì¤é 2 ¤Ä¤Î
+	&man.sysctl.8; ¤Ï¡¢¥ê¥À¥¤¥ì¥¯¥È¹¶·â¤òËɤ°½õ¤±¤È¤Ê¤ë¤Ç¤·¤ç¤¦¡£
+	¥ê¥À¥¤¥ì¥¯¥È¹¶·â¤Ï¡¢
+	¸Î°Õ¤ËÄ̾ï¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ç¤ÏɬÍפȤ·¤Ê¤¤¤è¤¦¤ÊÂçÎ̤Î
+	<acronym>ICMP</acronym> ¥¿¥¤¥× 5 ¤Î¥Ñ¥±¥Ã¥È¤òȯÀ¸¤·¤Þ¤¹¡£
+	¤½¤Î¤¿¤á net.inet.icmp.drop_redirect ¤ò <quote>1</quote>¡¢
+	net.inet.ip.redirect ¤ò <quote>0</quote> ¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£</para>
 
-   <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤­¤ë¤³¤È¤Ï¡¢
-	ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤½¤Î½¹¤¤Æ¬¤ò¾å¤²¤Ê¤¤ÄøÅ٤ˡ¢
-	¥³¥¢¥·¥¹¥Æ¥à¤ÎÀßÄê¤ÈÀ©¸æ¥Õ¥¡¥¤¥ë¤òËɸ椹¤ë¤³¤È¤À¤±¤Ç¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢<filename>/</filename> ¤ª¤è¤Ó
-	<filename>/usr</filename>
-	¤Ë¤¢¤ëÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal>
-	¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿¤á¤Ë &man.chflags.1;
-	¤ò»ÈÍѤ¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯µÕ¸ú²Ì¤Ç¤·¤ç¤¦¡£
-	¤Ê¤¼¤Ê¤é¡¢¤½¤¦¤¹¤ë¤³¤È¤Ç¥Õ¥¡¥¤¥ë¤ÏÊݸî¤Ç¤­¤Þ¤¹¤¬¡¢
-	¿¯Æþ¤ò¸¡½Ð¤¹¤ëÁë¤òÊĤ¶¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤â¤Ê¤ë¤«¤é¤Ç¤¹¡£
-	¥»¥­¥å¥ê¥Æ¥£Âкö¤Ï¡¢
-	¿¯Æþ¤Î²ÄǽÀ­¤ò¸¡½Ð¤Ç¤­¤Ê¤±¤ì¤Ð¡¢Í­ÍѤǤϤʤ¯¡¢
-	¤â¤Ã¤È°­¤±¤ì¤Ð¡¢°ÂÁ´À­¤ËÂФ¹¤ë´Ö°ã¤Ã¤¿´¶³Ð¤ò¿¢¤¨ÉÕ¤±¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
-	¥»¥­¥å¥ê¥Æ¥£¤ËÂФ¹¤ë»Å»ö¤ÎȾʬ¤Ï¡¢
-	¹¶·â¼Ô¤ò¹¶·â¤ÎºÇÃæ¤ËÊᤨ¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢
-	¹¶·â¼Ô¤ò¿©¤¤»ß¤á¤ë¤Î¤Ç¤Ï¤Ê¤¯¿¯Æþ¤òÃ٤餻¤ë¤³¤È¤Ê¤Î¤Ç¤¹¡£</para>
+   <para>¥½¡¼¥¹¥ë¡¼¥Æ¥£¥ó¥°¤Ï¡¢
+	ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ç¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤­¤Ê¤¤¥¢¥É¥ì¥¹¤ò¸¡½Ð¤·¤¿¤ê¥¢¥¯¥»¥¹¤¹¤ë¤¿¤á¤ÎÊýË¡¤Ç¤¹¡£
+	Ä̾ï¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤­¤Ê¤¤¥¢¥É¥ì¥¹¤Ï¡¢
+	°Õ¿Þ¤·¤Æ¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤­¤Ê¤¤¤è¤¦¤Ë¤·¤Æ¤¤¤ë¤Î¤Ç¡¢
+	¤³¤ÎÀßÄê¤Ï¤ª¤½¤é¤¯Ìµ¸ú¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
+	¤³¤Îµ¡Ç½¤ò̵¸ú¤Ë¤¹¤ë¤Ë¤Ï¡¢
+	net.inet.ip.sourceroute ¤ª¤è¤Ó net.inet.ip.accept_sourceroute
+	¤ò <quote>0</quote> ¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-   <para>¿¯Æþ¤ò¸¡½Ð¤¹¤ëºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢Êѹ¹¤µ¤ì¤Æ¤¤¤¿¤ê¡¢
-	¾Ã¤¨¤Æ¤¤¤¿¤ê¡¢Æþ¤ì¤¿³Ð¤¨¤¬¤Ê¤¤¤Î¤ËÆþ¤Ã¤Æ¤¤¤ë¥Õ¥¡¥¤¥ë¤òõ¤¹¤³¤È¤Ç¤¹¡£
-	Êѹ¹¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤òõ¤¹¤Î¤ËºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢¤â¤¦°ì¤Ä¤Î
-	¤·¤Ð¤·¤ÐÃæ±û¤Ë½¸¤á¤é¤ì¤¿¡¢
-	¥¢¥¯¥»¥¹¤¬À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¤«¤é¹Ô¤Ê¤¦¤â¤Î¤Ç¤¹¡£
-	¤µ¤é¤Ë°ÂÁ´¤Ç¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¾å¤Ç¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤±¤Ð¡¢
-	¥¹¥¯¥ê¥×¥È¤ÏÀøºßŪ¤Ê¹¶·â¼Ô¤«¤é¤Ï¤Û¤Ü¸«¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
-	¤³¤ÎÍ­¸úÀ­¤òºÇÂç¸Â¤Ë³èÍѤ¹¤ë¤¿¤á¤Ë¤Ï¡¢
-	¥¢¥¯¥»¥¹¤ÎÀ©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¾¤Î¥Þ¥·¥ó¤Ø¤Î¤«¤Ê¤ê¤Î¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
-	ÉáÄ̤ϡ¢Æɤ߹þ¤ßÀìÍѤΠ<acronym>NFS</acronym> ¥¨¥¯¥¹¥Ý¡¼¥È¤ò¤·¤¿¤ê¡¢
-	&man.ssh.1; ¸°¤Î¥Ú¥¢¤òÀßÄꤷ¤¿¤ê¤·¤Þ¤¹¡£
-	¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òÊ̤ˤ·¤Æ¡¢
-	<acronym>NFS</acronym> ¤ÏºÇ¤â²Ä»ëÀ­¤Î¤Ê¤¤ÊýË¡¤Ç¤¹¡£
-	´ÉÍý¼Ô¤Ï¡¢³Æ¥¯¥é¥¤¥¢¥ó¥È¾å¤Î¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¡¢
-	»ö¼Â¾å¸¡½Ð¤µ¤ì¤º¤Ë´Æ»ë¤Ç¤­¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
-	¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥¹¥¤¥Ã¥Á¤òÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
-	¤¿¤¤¤Æ¤¤ <acronym>NFS</acronym> ¤¬¤è¤êÎɤ¤ÁªÂò»è¤Ç¤¹¡£
-	¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¡¢
-	¤¤¤¯¤Ä¤«¤Î¥ë¡¼¥Æ¥£¥ó¥°ÁؤòÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤·¤Æ¤¤¤ë¾ì¹ç¡¢
-	<acronym>NFS</acronym> ¤Ï¤¢¤Þ¤ê¤Ë¤â´í¸±¤Ê¤Î¤Ç¡¢
-	&man.ssh.1; ¤ÎÊý¤¬Îɤ¤ÊýË¡¤Ç¤·¤ç¤¦¡£</para>
+   <para>¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥¢¥É¥ì¥¹¤ËÂФ¹¤ë¤¹¤Ù¤Æ¤Î
+	<acronym>ICMP</acronym> ¥¨¥³¡¼¥ê¥¯¥¨¥¹¥È¤Ï¡¢¥É¥í¥Ã¥×¤·¤Æ¤¯¤À¤µ¤¤¡£
+	¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¥³¥ó¥Ô¥å¡¼¥¿¤¬¥µ¥Ö¥Í¥Ã¥È¤Ë¤¢¤ë¤¹¤Ù¤Æ¤Î¥Û¥¹¥È¤Ë¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ëɬÍפ¬¤¢¤ë¾ì¹ç¤Ë¤Ï¡¢
+	¥á¥Ã¥»¡¼¥¸¤Ï¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥¢¥É¥ì¥¹¤ËÁ÷¤é¤ì¤Þ¤¹¡£
+	³°Éô¤Î¥Û¥¹¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+	¤³¤Î¤è¤¦¤ÊÁ÷¿®¤ò¤¹¤ëɬÍפϤʤ¤¤Î¤Ç¡¢
+	³°Éô¤«¤é¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤Ø¤Î¥ê¥¯¥¨¥¹¥È¤ò¤¹¤Ù¤ÆµñÈݤ¹¤ë¤è¤¦¤Ë¡¢
+	net.inet.icmp.bmcastecho ¤ò <quote>0</quote>
+	¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-   <para>¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤Ë¡¢
-	´Æ»ë¤·¤è¤¦¤È¤¹¤ë¥¯¥é¥¤¥¢¥ó¥È¥·¥¹¥Æ¥à¤Ø¤Î¾¯¤Ê¤¯¤È¤âÆɤ߹þ¤ß¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤¿¤é¡¢
-	¼¡¤Ë´Æ»ë¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È¤ò½ñ¤«¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
-	<acronym>NFS</acronym> ¥Þ¥¦¥ó¥È¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1;
-	¤Ê¤É¤Îñ½ã¤Ê¥·¥¹¥Æ¥à¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
-	¾¯¤Ê¤¯¤È¤â 1 Æü 1 ²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤òľÀÜ
-	&man.md5.1; ¤Ë¤«¤±¡¢
-	¤µ¤é¤Ë¤â¤Ã¤ÈÉÑÈË¤Ë <filename>/etc</filename> ¤ª¤è¤Ó
-	<filename>/usr/local/etc</filename>
-	¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ¥Õ¥¡¥¤¥ë¤ò»î¸³¤¹¤ë¤Î¤¬°ìÈ֤Ǥ¹¡£
-	¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤¬Àµ¤·¤¤¤ÈÃΤäƤ¤¤ë¡¢
-	´ð¤È¤Ê¤ë md5 ¾ðÊó¤ÈÈæ¤Ù¤Æ°ã¤¤¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡¢
-	¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë·Ù¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
-	Í¥¤ì¤¿¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
-	<filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename>
-	¤Ê¤É¤Î¥·¥¹¥Æ¥à¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤ÇÉÔŬÅö¤Ë
-	SUID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢
-	¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¤Ç¤·¤ç¤¦¡£</para>
-
-   <para><acronym>NFS</acronym> ¤Ç¤Ï¤Ê¤¯¡¢&man.ssh.1; ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢
-	¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤Î¤Ï¤è¤êÆñ¤·¤¤¤³¤È¤Ç¤¹¡£
-	¤¿¤È¤¨¤Ð¡¢¥¹¥¯¥ê¥×¥È¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ·¤Æ¥¹¥¯¥ê¥×¥È¤ò
-	&man.scp.1; ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¤·¡¢
-	¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Î &man.ssh.1;
-	¥¯¥é¥¤¥¢¥ó¥È¤Ï¤¹¤Ç¤Ë¹¶·â¤µ¤ì¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-	°ÂÁ´¤Ç¤Ê¤¤¥ê¥ó¥¯¾å¤Î¾ì¹ç¤Ï
-	&man.ssh.1; ¤ÏɬÍפ«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
-	°·¤¤¤Ï¤È¤Æ¤âÂçÊѤˤʤê¤Þ¤¹¡£</para>
-
-   <para>Í¥¤ì¤¿¥»¥­¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
-	<filename>.rhosts</filename>,
-	<filename>.ssh/authorized_keys</filename>
-	¤Ê¤É¤Î±£¤·ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤â¥Á¥§¥Ã¥¯¤¹¤ë¤â¤Î¤Ç¤¹¡£
-	¤³¤ì¤é¤Ï <literal>MD5</literal>
-	¥Á¥§¥Ã¥¯¤ÎÈϰϳ°¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤¢¤í¤¦¥Õ¥¡¥¤¥ë·²¤Ç¤¹¡£</para>
-
-   <para>¥æ¡¼¥¶ÍѤΥǥ£¥¹¥¯ÍÆÎ̤¬Èó¾ï¤ËÂ礭¤¤¾ì¹ç¤Ï¡¢
-	¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤Î³Æ¥Õ¥¡¥¤¥ë¤ò¸«¤Æ²ó¤ë¤Î¤ËÂçÊѤʻþ´Ö¤¬¤«¤«¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
-	¤³¤Î¾ì¹ç¤Ï¡¢&man.mount.8; ¤Ë¤è¤ê <literal>nosuid</literal>
-	¤ò»È¤¦¤³¤È¤Ç¡¢¥Þ¥¦¥ó¥È¥Õ¥é¥°¤òÀßÄꤷ¤Æ¡¢
-	SUID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÃÖ¤±¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Î¤¬Îɤ¤¹Í¤¨¤Ç¤¹¡£
-	¾¯¤Ê¤¯¤È¤â½µ¤Ë 1 Å٤ϥե¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¥¹¥­¥ã¥ó¤¹¤ë¤Ù¤­¤Ç¤¹¡£
-	¤Ê¤¼¤Ê¤é¡¢ÌÜŪ¤Ï¡¢¿¯Æþ¤¬À®¸ù¤·¤¿¤«¤É¤¦¤«¤Ë´Ø¤ï¤é¤º¡¢
-	ÉÔÀµ¿¯Æþ¤Î»î¤ß¤¬¤¢¤Ã¤¿¤³¤È¤Î¸¡½Ð¤ò¤¹¤ë¤³¤È¤À¤«¤é¤Ç¤¹¡£</para>
-
-   <para>¥×¥í¥»¥¹¥¢¥«¥¦¥ó¥Æ¥£¥ó¥° (&man.accton.8; »²¾È) ¤Ï¡¢
-	¥Þ¥·¥ó¤Ø¤Î¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤¿¤á¤Î¥á¥«¥Ë¥º¥à¤È¤·¤Æ¿ä¾©¤Ç¤­¤ë¡¢
-	Èæ³ÓŪ¥ª¡¼¥Ð¥Ø¥Ã¥É¤Î¾¯¤Ê¤¤ &os; ¤Îµ¡Ç½¤Ç¤¹¡£
-	¿¯Æþ¤ò¼õ¤±¤¿¸å¤Ç¤âÅö³º¥Õ¥¡¥¤¥ë¤¬Ìµ½ý¤Ç¤¢¤ë¾ì¹ç¤Ë¡¢
-	¿¯Æþ¼Ô¤¬¤É¤Î¤è¤¦¤Ë¤·¤Æ¥·¥¹¥Æ¥à¤Ë¿¯Æþ¤·¤¿¤«¤òÄÉÀפ¹¤ë¤Î¤ËÆäËÌòΩ¤Á¤Þ¤¹¡£</para>
-
-   <para>ºÇ¸å¤Ë¡¢
-	¥»¥­¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ï¥í¥°¥Õ¥¡¥¤¥ë¤ò½èÍý¤¹¤ë¤è¤¦¤Ë¤·¡¢
-	¥í¥°¥Õ¥¡¥¤¥ë¼«ÂΤâ¤Ç¤­¤ë¤À¤±°ÂÁ´À­¤Î¹â¤¤ÊýË¡¤ÇÀ¸À®¤¹¤ë¤è¤¦¤Ë¤·¡¢
-	¥ê¥â¡¼¥È¤Î syslog ¥µ¡¼¥Ð¤ËÁ÷¿®¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤­¤Ç¤¹¡£
-	¿¯Æþ¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפòʤ¤¤±£¤½¤¦¤È¤·¤Þ¤¹¤·¡¢¤Þ¤¿¡¢
-	¥í¥°¥Õ¥¡¥¤¥ë¤Ï¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ºÇ½é¤Î¿¯Æþ¤Î»þ¹ï¤ÈÊýË¡¤òÄÉÀפ·¤Æ¤æ¤¯¤¿¤á¤Ë¶Ë¤á¤Æ½ÅÍפǤ¹¡£
-	¥í¥°¥Õ¥¡¥¤¥ë¤ò±Êµ×¤Ë»Ä¤·¤Æ¤ª¤¯¤¿¤á¤Î 1 ¤Ä¤ÎÊýË¡¤Ï¡¢
-	¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë¤ò¥·¥ê¥¢¥ë¥Ý¡¼¥È¤Ë¤Ä¤Ê¤¤¤ÇÁö¤é¤»¡¢
-	¥³¥ó¥½¡¼¥ë¤ò´Æ»ë¤·¤Æ¤¤¤ë°ÂÁ´¤Ê¥Þ¥·¥ó¤Ë¾ðÊó¤ò½¸¤á¤ë¤³¤È¤Ç¤¹¡£</para>
-  </sect2>
-
-  <sect2>
-   <title>Êм¹¶¸ÅªÊýË¡</title>
-
-   <para>¿¾¯Êм¹¶¸Åª¤Ë¤Ê¤Ã¤Æ¤â·è¤·¤Æ°­¤¤¤³¤È¤Ë¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
-	¸¶Â§Åª¤Ë¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢
-	ÊØÍø¤µ¤Ë±Æ¶Á¤òÍ¿¤¨¤Ê¤¤ÈϰϤǤ¤¤¯¤Ä¤Ç¤â¥»¥­¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤¬¤Ç¤­¤Þ¤¹¡£
-	¤Þ¤¿¡¢¤¤¤¯¤é¤«¹Íθ¤·¤¿·ë²Ì¡¢
-	ÊØÍø¤µ¤Ë<emphasis>±Æ¶Á¤òÍ¿¤¨¤ë</emphasis>¥»¥­¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤â¤Ç¤­¤Þ¤¹¡£
-	¤è¤ê½ÅÍפʤ³¤È¤Ï¡¢
-	¥»¥­¥å¥ê¥Æ¥£´ÉÍý¼Ô¤Ï¤³¤ì¤ò¿¾¯º®¤¼¤³¤¼¤Ë¤·¤Æ»È¤¦¤Ù¤­¤À¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
-	¤â¤·¤³¤Î¾Ï¤Ç½ñ¤«¤ì¤Æ¤¤¤ë¿ä¾©¤µ¤ì¤ëÊýË¡¤ò¤½¤Î¤Þ¤Þ»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢
-	ͽÁÛ¤µ¤ì¤ë¹¶·â¼Ô¤Ï¤ä¤Ï¤ê¤³¤Îʸ½ñ¤òÆɤó¤Ç¤¤¤ë¤ï¤±¤Ç¤¹¤«¤é¡¢
-	Ëɸæºö¤ò¶µ¤¨¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
-  </sect2>
-
-  <sect2>
-   <title>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â</title>
-
-   <indexterm>
-	<primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary>
-   </indexterm>
-
-   <para><acronym>DoS</acronym> ¹¶·â¤Ï¡¢ÉáÄ̤ϡ¢¥Ñ¥±¥Ã¥È¹¶·â¤Ç¤¹¡£
-	¥Í¥Ã¥È¥ï¡¼¥¯¤ò˰Ϥµ¤»¤ëºÇÀèü¤Îµ¶Â¤¥Ñ¥±¥Ã¥È (spoofed packet)
-	¹¶·â¤ËÂФ·¤Æ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ÂǤƤë¼ê¤Ï¤½¤ì¤Û¤É¿¤¯¤¢¤ê¤Þ¤»¤ó¤¬¡¢
-	°ìÈÌŪ¤Ë¡¢°Ê²¼¤Î¤è¤¦¤ÊÊýË¡¤Ë¤è¤ê¡¢
-	¤½¤Î¼ï¤Î¹¶·â¤Ë¤è¤Ã¤Æ¥µ¡¼¥Ð¤¬¥À¥¦¥ó¤·¤Ê¤¤¤³¤È¤ò³Î¼Â¤Ë¤¹¤ë¤³¤È¤Ç¡¢
-	Èï³²¤ò¤¢¤ë¸ÂÅ٤˿©¤¤»ß¤á¤ë¤³¤È¤Ï¤Ç¤­¤Þ¤¹¡£</para>
-
-   <orderedlist>

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***


More information about the svn-doc-all mailing list