msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2010-10-22 00:56+0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(version):10 msgid "1.0" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(date):11 msgid "2005-05-31" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):14 msgid "Physical Security" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):17 msgid "No matter how many safeguards you implement, they can all be easily circumvented by an attacker with physical access to your computer. Despite this, there are at least some measures that can be taken to provide a degree of security against an attacker with physical access to your machine. Putting your hardware in a locked closet prevents an attacker from simply unplugging it and carting it off. Locking your computer's case is also a good idea, to make sure that an attacker cannot simply walk away with your hard drive. To prevent an attacker from booting from another disk, nicely circumventing your permissions and login restrictions, try setting the hard drive as the first boot device in your BIOS, and setting a BIOS password. It is also important to set a LILO or GRUB boot password, to prevent a malicious user from booting into single-user mode and gaining complete access to your system. This is covered in more detail in Chapter 3, under Setting a GRUB password and Setting a LILO password." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):38 msgid "Daemon/Service Planning" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):40 msgid "Start by documenting what services this machine should run. This will help you compose a better partition scheme for your system, and allow you to better plan your security measures. Of course, this is unnecessary if the machine serves a single simple purpose, such as a desktop, or a dedicated firewall. In those cases, you should not be running any services, except perhaps sshd." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):47 msgid "This list can also be used to aid system administration. By keeping a current list of version information, you will find it much easier to keep everything up to date if a remote vulnerability is discovered in one of your daemons." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):56 msgid "Partitioning Schemes" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):59 msgid "Partitioning rules:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):64 msgid "Any directory tree a user should be able to write to (e.g. /home, /tmp) should be on a separate partition and use disk quotas. This reduces the risk of a user filling up your whole filesystem. Portage uses /var/tmp to compile files, so that partition should be large." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):70 msgid "Any directory tree where you plan to install non-distribution software on should be on a separate partition. According to the File Hierarchy Standard, this is /opt or /usr/local. If these are separate partitions, they will not be erased if you have to reinstall the system." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):77 msgid "For extra security, static data can be put on a separate partition that is mounted read-only. For the truly paranoid, try using read-only media like CD-ROM." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):87 msgid "The root user" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):90 msgid "The user 'root' is the most vital user on the system and should not be used for anything except when absolutely necessary. If an attacker gains root access, the only way to ever trust your system again is to reinstall." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):96 msgid "Golden rules about 'root'" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):101 msgid "Always create a user for everyday use and if this user needs to have root access, add the user to the group 'wheel'. This makes it possible for a normal user to su to root." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):106 msgid "Never run X or any other user application as root. root should only be used when absolutely necessary; if a vulnerability exists in an application running as a user, an attacker can gain user level access. But if that application is running as root, the attacker gains root access." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):112 msgid "Always use absolute paths when logged in as root (or always use su -, which replaces the environmental variables of the user with those of root, while being sure root's PATH only includes protected directories like /bin and /sbin). It's possible to trick root into running a different application rather than the one meant to be run. If root's PATH is protected or root only uses absolute paths, we can be sure this won't happen." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):121 msgid "If a user only needs to run a few commands as root, instead of everything that root normally can do, consider using sudo instead. Just be careful who you give this access to, as well!" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):126 msgid "Never leave the terminal when you are logged in as root." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):131 msgid "Gentoo has some default protection against normal users trying to su to root. The default PAM setting requires that a user be a member of the group \"wheel\" in order to be able to su." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):140 msgid "Security policies" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):143 msgid "There are several reasons to draft a security policy for your system(s) and network." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):149 msgid "A good security policy allows you to outline security as a \"system\", rather than simply a jumble of different features. For example, without a policy an administrator might decide to turn off telnet, because it transmits unencrypted passwords, but leave on FTP access, which has the same weakness. A good security policy allows you to identify which security measures are worthwhile, and which are not." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):157 msgid "In order to diagnose problems, conduct audits, or track down intruders, it may be necessary to intercept network traffic, inspect the login and command history of users, and look in home directories. Without outlining this in print, and making users aware of this, such actions may actually be illegal and put you in legal jeopardy." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):164 msgid "Hijacked user accounts pose one of the most common threats to system security. Without explaining to users why security is important, and how to practice good security (such as not writing passwords on a Post-It note on their desks), it is unlikely you will have any hope of secure user accounts." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):170 msgid "A well-documented network and system layout will aid you, as well as law enforcement forensics examiners, if need be, in tracing an intrusion and identifying weaknesses after the fact. A security policy \"issue\" banner, stating that your system is a private network and all unauthorized access is prohibited, will also help ensure your ability to properly prosecute an intruder, once he is caught." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):180 msgid "The need for a good security policy is hopefully now more than clear." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):184 msgid "The policy itself is a document, or several documents, that outlines the network and system features (such as what services are provided), acceptable use and forbidden use, security \"best practices\", and so forth. All users should be made aware of your security policy, as well as changes you make to keep it up to date. It is important that you take the time to help users understand your policy and why that policy needs to be signed or what will happens if they act directly against the policy (the policy should also state this). This should be repeated at least once a year, since the policy can change (but also as a reminder to the user of the policy itself)." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(note):196 msgid "Create policies that are easy to read and be very precise on every subject." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):200 msgid "A security policy should at least contain the following subjects:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):207 msgid "Screen savers" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):208 msgid "Password handling" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):209 msgid "Software download and installation" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):210 msgid "Information stating if the users are being monitored" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):211 msgid "Use of anti-virus software" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):205 msgid "Acceptable use " msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):216 msgid "Clean desk and locked up classified information" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):217 msgid "PC shutdown before leaving" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):218 msgid "Use of encryption" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):219 msgid "Handling of keys to trusted co-workers" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):220 msgid "Handling of confidential material when traveling" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):214 msgid "Handling of sensitive information (any written form, paper or digital) " msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):225 msgid "Laptop handling during travels and hotel stays" msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):223 msgid "Handling of computer equipment when traveling " msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):230 msgid "Different users may require different levels or types of access, and as such your policy may vary to accommodate them all." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):235 msgid "The security policy can become huge, and vital information can easily be forgotten. The IT-staff's policy could contain information that is confidential for the ordinary user, so it is wise to split it up into smaller policies; e.g. Acceptable Use Policy, Password policy, Email policy and Remote Access policy." msgstr "" #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):243 msgid "You can find example policies at The SANS Security Policy Project. If you have a small network and think these policies are too much you should look at the Site Security Handbook." msgstr "" #. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL #: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(None):0 msgid "translator-credits" msgstr ""