diff options
author | Azamat H. Hackimov <azamat.hackimov@gmail.com> | 2011-01-21 01:47:46 +0500 |
---|---|---|
committer | Azamat H. Hackimov <azamat.hackimov@gmail.com> | 2011-01-21 01:47:46 +0500 |
commit | c759c7e5a40021796d178ca812c249a2cd54c928 (patch) | |
tree | e42648484baa2f342141fdd0fd4eb3f2f62d753e /shandbook | |
parent | Sync with CVS, update po (diff) | |
download | gentoo-doc-translations-c759c7e5a40021796d178ca812c249a2cd54c928.tar.gz gentoo-doc-translations-c759c7e5a40021796d178ca812c249a2cd54c928.tar.bz2 gentoo-doc-translations-c759c7e5a40021796d178ca812c249a2cd54c928.zip |
Greek templates to translate
Diffstat (limited to 'shandbook')
-rw-r--r-- | shandbook/gettext/el/index.xml.po | 120 | ||||
-rw-r--r-- | shandbook/gettext/el/security-handbook.xml.po | 259 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-chroot.xml.po | 146 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-firewalls.xml.po | 1466 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-intrusion.xml.po | 674 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-kernel.xml.po | 336 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-limits.xml.po | 300 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-logging.xml.po | 404 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-mounting.xml.po | 106 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-pam.xml.po | 121 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-perms.xml.po | 227 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-pre.xml.po | 317 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-services.xml.po | 784 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-tcp.xml.po | 84 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-tight.xml.po | 216 | ||||
-rw-r--r-- | shandbook/gettext/el/shb-uptodate.xml.po | 157 |
16 files changed, 5717 insertions, 0 deletions
diff --git a/shandbook/gettext/el/index.xml.po b/shandbook/gettext/el/index.xml.po new file mode 100644 index 0000000..bc7c9d4 --- /dev/null +++ b/shandbook/gettext/el/index.xml.po @@ -0,0 +1,120 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(guide:link):5 +msgid "/doc/en/security/index.xml" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(title):6 +msgid "Gentoo Security Handbook" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(author:title):8 +msgid "Author" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(mail:link):9 +msgid "curtis119@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(mail):9 +msgid "M. Curtis Napier" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(author:title):11 +msgid "Editor" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(mail:link):12 +msgid "neysx@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(mail):12 +msgid "Xavier Neys" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(abstract):15 +msgid "This handbook is a step-by-step guide for hardening Gentoo Linux." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(version):23 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(date):24 +msgid "2005-07-06" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(title):27 +msgid "Introduction" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(p):31 +msgid "" +"This handbook is intended for people who are using Gentoo Linux in a server " +"based environment or just feel the need for better security." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(p):36 +msgid "" +"If you are interested in even more Gentoo security stuff after reading this " +"handbook then have a look at the <uri link=\"/proj/en/hardened/\">Hardened " +"Gentoo Project</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(title):46 +msgid "View the Handbook" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(th):52 +msgid "Format" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(th):53 +msgid "Description" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(ti):56 +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(ti):63 +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(ti):67 +msgid "HTML" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(uri:link):58 +msgid "security-handbook.xml" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(uri):58 +msgid "One page per chapter, perfect for online viewing" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(uri:link):64 +msgid "security-handbook.xml?full=1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(uri):64 +msgid "All in one page" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(uri:link):69 +msgid "security-handbook.xml?style=printable=1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(uri):69 +msgid "All in one page, printable version" +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//index.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/security-handbook.xml.po b/shandbook/gettext/el/security-handbook.xml.po new file mode 100644 index 0000000..aff09a3 --- /dev/null +++ b/shandbook/gettext/el/security-handbook.xml.po @@ -0,0 +1,259 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):6 +msgid "Gentoo Security Handbook" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):8 +msgid "Author" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):9 +msgid "kn@insecurity.dk" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):9 +msgid "Kim Nielsen" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):11 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):14 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):17 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):20 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):23 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):26 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):29 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):32 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):35 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):38 +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author:title):41 +msgid "Editor" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(author):11 +msgid "John P. Davis" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):15 +msgid "stocke2@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):15 +msgid "Eric R. Stockbridge" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):18 +msgid "carl@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):18 +msgid "Carl Anderson" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):21 +msgid "peesh@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):21 +msgid "Jorge Paulo" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):24 +msgid "swift@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):24 +msgid "Sven Vermeulen" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):27 +msgid "bennyc@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):27 +msgid "Benny Chuang" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):30 +msgid "jaervosz@itu.dk" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):30 +msgid "Sune Jeppesen" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):33 +msgid "blubber@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):33 +msgid "Tiemo Kieft" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):36 +msgid "klasikahl@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):36 +msgid "Zack Gilburd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):39 +msgid "krispykringle@gentoo.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail):39 +msgid "Dan Margolis" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(mail:link):42 +msgid "nightmorph" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):45 +msgid "This is a step-by-step guide for hardening Gentoo Linux." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(version):51 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(date):52 +msgid "2010-04-02" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):96 +msgid "System Security" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):97 +msgid "Harden different parts of your system to make it more secure." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):102 +msgid "Pre-Installation Concerns" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):103 +msgid "Why is security an important part for every server admin?" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):110 +msgid "Tightening Security" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):111 +msgid "Tightening security during and after installation." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):118 +msgid "Logging" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):119 +msgid "Gentoo Linux lets you choose between 3 different loggers." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):126 +msgid "Mounting Partitions" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):127 +msgid "/etc/fstab provides many security options." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):134 +msgid "User/Group Limitations" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):135 +msgid "Control your resource usage." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):142 +msgid "File Permissions" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):143 +msgid "Securing your files." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):150 +msgid "PAM" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):151 +msgid "Pluggable Authentication Modules." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):158 +msgid "TCP Wrappers" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):159 +msgid "Control access to services." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):166 +msgid "Kernel Security" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):167 +msgid "Secure your kernel." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):174 +msgid "Securing Services" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):175 +msgid "Ensure that your daemons are secure." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):182 +msgid "Chrooting and Virtual Servers" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):183 +msgid "Isolate your servers." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):190 +msgid "Firewalls" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):191 +msgid "Filter your packets." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):198 +msgid "Intrusion Detection" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):199 +msgid "Detect intruders." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(title):206 +msgid "Keeping up-to-date" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(abstract):207 +msgid "Ensure you have the latest security updates." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//security-handbook.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-chroot.xml.po b/shandbook/gettext/el/shb-chroot.xml.po new file mode 100644 index 0000000..dc93c66 --- /dev/null +++ b/shandbook/gettext/el/shb-chroot.xml.po @@ -0,0 +1,146 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(version):10 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(date):11 +msgid "2005-12-15" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(title):14 +msgid "Chrooting" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):17 +msgid "" +"Chrooting a service is a way of limiting a service (or user) environment to " +"only accessing what it should and not gaining access (or information) that " +"could lead to root access. By running the service as another user than " +"<c>root</c> (<c>nobody</c>, <c>apache</c>, <c>named</c>) an attacker can " +"only access files with the permissions of this user. This means that an " +"attacker cannot gain <c>root</c> access even if the services has a security " +"flaw." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):26 +msgid "" +"Some services like <c>pure-ftpd</c> and <c>bind</c> have features for " +"chrooting, and other services do not. If the service supports it, use it, " +"otherwise you have to figure out how to create your own. Lets see how to " +"create a chroot, for a basic understanding of how chroots work, we will test " +"it with <c>bash</c> (easy way of learning)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):34 +msgid "" +"Create the <path>/chroot</path> directory with <c>mkdir /chroot</c>. And " +"find what dynamic libraries that <c>bash</c> is compiled with (if it is " +"compiled with <c>-static</c> this step is not necessary):" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):40 +msgid "" +"The following command will create a list of libraries used by <c>bash</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(pre:caption):44 +msgid "Get listing of used libraries" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(pre):44 +#, no-wrap +msgid "" +"\n" +"# <i>ldd /bin/bash</i>\n" +" libncurses.so.5 => /lib/libncurses.so.5 (0x4001b000)\n" +" libdl.so.2 => /lib/libdl.so.2 (0x40060000)\n" +" libc.so.6 => /lib/libc.so.6 (0x40063000)\n" +" /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):52 +msgid "Now lets create the environment for <c>bash</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(pre:caption):56 +msgid "Create chroot-environment for bash" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(pre):56 +#, no-wrap +msgid "" +"\n" +"# <i>mkdir /chroot/bash</i>\n" +"# <i>mkdir /chroot/bash/bin</i>\n" +"# <i>mkdir /chroot/bash/lib</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):62 +msgid "" +"Next copy the files used by <c>bash</c> (<path>/lib</path>) to the chrooted " +"<path>lib</path> and copy the bash command to the chrooted <path>bin</path> " +"directory. This will create the exact same environment, just with less " +"functionality. After copying try it out: <c>chroot /chroot/bash /bin/bash</" +"c>. If you get an prompt saying <path>/</path> it works! Otherwise it will " +"properly tell you what a file is missing. Some shared libraries depend on " +"each other." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):71 +msgid "" +"You will notice that inside the chroot nothing works except <c>echo</c>. " +"This is because we have no other commands in out chroot environment than " +"bash and <c>echo</c> is a build-in functionality." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):77 +msgid "" +"This is basically the same way you would create a chrooted service. The only " +"difference is that services sometimes rely on devices and configuration " +"files in <path>/etc</path>. Simply copy them (devices can be copied with " +"<c>cp -a</c>) to the chrooted environment, edit the init script to use " +"chroot before executing. It can be difficult to find what devices and " +"configuration files a services need. This is where the <c>strace</c> command " +"becomes handy. Start the service with <c>/usr/bin/strace</c> bash and look " +"for open, read, stat and maybe connect. This will give you a clue on what " +"files to copy. But in most cases just copy the passwd file (edit the copy " +"and remove users that has nothing to do with the service), <path>/dev/zero</" +"path>, <path>/dev/log</path> and <path>/dev/random</path>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(title):94 +msgid "User Mode Linux" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):97 +msgid "" +"Another way of creating a more secure environment is by running a virtual " +"machine. A virtual machine, as the name implies, is a process that runs on " +"top of your real operating system providing a hardware and operating system " +"environment that appears to be its own unique machine. The security benefit " +"is that if the server running on the virtual machine is compromised, only " +"the virtual server is affected and not the parent installation." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(p):106 +msgid "" +"For more information about how to setup User Mode Linux consult the <uri " +"link=\"/doc/en/uml.xml\">User Mode Linux Guide</uri>." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-chroot.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-firewalls.xml.po b/shandbook/gettext/el/shb-firewalls.xml.po new file mode 100644 index 0000000..7db2844 --- /dev/null +++ b/shandbook/gettext/el/shb-firewalls.xml.po @@ -0,0 +1,1466 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(version):10 +msgid "1.4" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(date):11 +msgid "2007-02-20" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(title):14 +msgid "A firewall" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):17 +msgid "" +"People often think that a firewall provides the ultimate security, but they " +"are wrong. In most cases a misconfigured firewall gives less security than " +"not having one at all. A firewall is also a piece of software and should be " +"treated the same way as any other piece of software, because it is just as " +"likely to contain bugs." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):25 +msgid "" +"So think before implementing a firewall! Do you really need one? If you " +"think you need one write a policy on how it should work, what type of " +"firewall, and who should operate it. But first read this guide." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):31 +msgid "Firewalls are used for two purposes:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):36 +msgid "To keep users (worms/attackers) out" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):37 +msgid "To keep users (employees/children) in" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):40 +msgid "Basically there are three types of firewalls:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):45 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(title):58 +msgid "Packet filtering" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):46 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(title):129 +msgid "Circuit relay" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):47 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(title):167 +msgid "Application gateway" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):50 +msgid "" +"A firewall should be a dedicated machine running no services (or <c>sshd</c> " +"as the only one) and secured the way this guide recommends it be." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):61 +msgid "" +"All network traffic is sent in the form of packets. Large amounts of traffic " +"is split up into small packets for easy handling and then reassembled when " +"it arrives at its destination. In the packet header every packet contains " +"information on how and where it should be delivered. And this information is " +"exactly what a packing filtering firewall uses. Filtering is based on:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):70 +msgid "Allow or disallow packets based on source/destination IP address" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):71 +msgid "Allow or disallow packets based on source/destination port" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):72 +msgid "Allow or disallow packets based on protocol" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):73 +msgid "Allow or disallow packets based on flags within a specific protocol" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):76 +msgid "" +"In other words, this filtering is based on all the data within the header of " +"a packet and not its content." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):81 +msgid "Weaknesses:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):86 +msgid "" +"Address information in a packet can potentially be a bogus IP address (or as " +"we say <e>spoofed</e> by the sender)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):90 +msgid "" +"Data or requests within the allowed packet may contain unwanted data that " +"the attacker can use to exploit known bugs in the services on or behind the " +"firewall" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):94 +msgid "Usually single point of failure" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):97 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):184 +msgid "Advantages:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):102 +msgid "Simple and easy to implement" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):103 +msgid "" +"Can give warnings of a possible attack before it happens (ie. by detecting " +"port scans)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):107 +msgid "Good for stopping SYN attacks" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):110 +msgid "Examples of free packet filters on Linux:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri:link):115 +msgid "http://www.iptables.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri):115 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(title):221 +msgid "Iptables" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri:link):117 +msgid "http://www.linuxdocs.org/HOWTOs/IPCHAINS-HOWTO.html" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri):117 +msgid "Ipchains" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri:link):119 +msgid "http://www.smoothwall.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri):119 +msgid "SmoothWall" +msgstr "" + +#. FIXME: should SmoothWall really be included, since it uses iptables? +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(note):122 +msgid "It is recommended that you use iptables. Ipchains is obsoleted." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):132 +msgid "" +"A circuit level gateway is a firewall that validates connections before " +"allowing data to be exchanged. This means that it does not simply allow or " +"deny packets based on the packet header but determines whether the " +"connection between both ends is valid according to configurable rules before " +"it opens a session and allows data to be exchanged. Filtering is based on:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):141 +msgid "Source/destination IP address" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):142 +msgid "Source/destination port" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):143 +msgid "A period of time" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):144 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):395 +msgid "Protocol" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):145 +msgid "User" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):146 +msgid "Password" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):149 +msgid "" +"All traffic is validated and monitored, and unwanted traffic can be dropped." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):153 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):196 +msgid "Weakness:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):158 +msgid "" +"Operates at the Transport Layer and may require substantial modification of " +"the programs that normally provide transport functions." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):170 +msgid "" +"The application level gateway is a proxy for applications, exchanging data " +"with remote systems on behalf of the clients. It is kept away from the " +"public safely behind a DMZ (De-Militarized Zone: the portion of a private " +"network that is visible through the firewall) or a firewall allowing no " +"connections from the outside. Filtering is based on:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):179 +msgid "Allow or disallow based on source/destination IP address" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):180 +msgid "Based on the packet's content" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):181 +msgid "Limiting file access based on file type or extension" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):189 +msgid "Can cache files, increasing network performance" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):190 +msgid "Detailed logging of all connections" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):191 +msgid "Scales well (some proxy servers can \"share\" the cached data)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):192 +msgid "No direct access from the outside" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):193 +msgid "Can even alter the packet content on the fly" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):201 +msgid "Configuration is complex" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):204 +msgid "" +"Application gateways are considered to be the most secure solution since " +"they do not have to run as root and the hosts behind them are not reachable " +"from the Internet." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):210 +msgid "Example of a free application gateway:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri:link):215 +msgid "http://www.squid-cache.org/" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(uri):215 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(title):825 +msgid "Squid" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):224 +msgid "" +"In order to use iptables, it must be enabled in the kernel. I have added " +"iptables as modules (the <c>iptables</c> command will load them as they are " +"needed) and recompiled my kernel (but you may want to compile iptables in, " +"if you intend to disable Loadable Kernel Modules as discussed previously). " +"For more information on how to configure your kernel for iptables go to the " +"<uri link=\"http://iptables-tutorial.frozentux.net/iptables-tutorial." +"html#PREPARATIONS\">Iptables Tutorial Chapter 5: Preparations</uri>. After " +"you have compiled your new kernel (or while compiling the kernel), you must " +"add the <c>iptables</c> command. Just <c>emerge iptables</c> and it should " +"work." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):236 +msgid "" +"Now test that it works by running <c>iptables -L</c>. If this fails " +"something is wrong and you have to check you configuration once more." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):241 +msgid "" +"Iptables is the new and heavily improved packet filter in the Linux 2.4.x " +"kernel. It is the successor of the previous ipchains packet filter in the " +"Linux 2.2.x kernel. One of the major improvements is that iptables is able " +"to perform stateful packet filtering. With stateful packet filtering it is " +"possible to keep track of each established TCP connection." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):249 +msgid "" +"A TCP connection consists of a series of packets containing information " +"about source IP address, destination IP address, source port, destination " +"port, and a sequence number so the packets can be reassembled without losing " +"data. TCP is a connection-oriented protocol, in contrast to UDP, which is " +"connectionless." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):256 +msgid "" +"By examining the TCP packet header, a stateful packet filter can determine " +"if a received TCP packet is part of an already established connection or not " +"and decide either to accept or drop the packet." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):262 +msgid "" +"With a stateless packet filter it is possible to fool the packet filter into " +"accepting packets that should be dropped by manipulating the TCP packet " +"headers. This could be done by manipulating the SYN flag or other flags in " +"the TCP header to make a malicious packet appear to be a part of an " +"established connection (since the packet filter itself does not do " +"connection tracking). With stateful packet filtering it is possible to drop " +"such packets, as they are not part of an already established connection. " +"This will also stop the possibility of \"stealth scans\", a type of port " +"scan in which the scanner sends packets with flags that are far less likely " +"to be logged by a firewall than ordinary SYN packets." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):275 +msgid "" +"Iptables provides several other features like NAT (Network Address " +"Translation) and rate limiting. Rate limiting is extremely useful when " +"trying to prevent certain DoS (Denial of Service) attacks like SYN floods." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):281 +msgid "" +"A TCP connection is established by a so called three-way handshake. When " +"establishing a TCP connection the client-side sends a packet to the server " +"with the SYN flag set. When the server-side receives the SYN packet it " +"responds by sending a SYN+ACK packet back to the client-side. When the SYN" +"+ACK is received the client-side responds with a third ACK packet in effect " +"acknowledging the connection." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):290 +msgid "" +"A SYN flood attack is performed by sending the SYN packet but failing to " +"respond to the SYN+ACK packet. The client-side can forge a packet with a " +"fake source IP address because it does not need a reply. The server-side " +"system will add an entry to a queue of half-open connections when it " +"receives the SYN packet and then wait for the final ACK packet before " +"deleting the entry from the queue. The queue has a limited number of slots " +"and if all the slots are filled it is unable to open any further " +"connections. If the ACK packet is not received before a specified timeout " +"period the entry will automatically be deleted from the queue. The timeout " +"settings vary but will typically be 30-60 seconds or even more. The client-" +"side initiates the attack by forging a lot of SYN packets with different " +"source IP addresses and sends them to the target IP address as fast as " +"possible and thereby filling up the queue of half-open connections and thus " +"preventing other clients from establishing a legitimate connection with the " +"server." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):307 +msgid "" +"This is where the rate limit becomes handy. It is possible to limit the rate " +"of accepted SYN packets by using the <c>-m limit --limit 1/s</c>. This will " +"limit the number of SYN packets accepted to one per second and therefore " +"restricting the SYN flood on our resources." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(note):314 +msgid "" +"Another option for preventing SYN floods are <uri link=\"http://cr.yp.to/" +"syncookies.html\">SYN cookies</uri>, which allow your computer to respond to " +"SYN packets without filling space in the connection queue. SYN cookies can " +"be enabled in the Linux kernel configuration, but they are considered " +"experimental at this time." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):322 +msgid "Now some practical stuff!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):326 +msgid "" +"When iptables is loaded in the kernel it has 5 hooks where you can place " +"your rules. They are called <c>INPUT</c>, <c>OUTPUT</c>, <c>FORWARD</c>, " +"<c>PREROUTING</c> and <c>POSTROUTING</c>. Each of these is called a chain " +"and consists of a list of rules. Each rule says if the packet header looks " +"like this, then here is what to do with the packet. If the rule does not " +"match the packet the next rule in the chain is consulted." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):335 +msgid "" +"You can place rules directly in the 5 main chains or create new chains and " +"add them to as a rule to an existing chain. Iptables supports the following " +"options." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(th):342 +msgid "Option:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(th):343 +msgid "Description:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):346 +msgid "-A" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):347 +msgid "Append" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):350 +msgid "-D" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):351 +msgid "Delete" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):354 +msgid "-I" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):355 +msgid "Insert" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):358 +msgid "-R" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):359 +msgid "Replace" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):362 +msgid "-L" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):363 +msgid "List" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):366 +msgid "-F" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):367 +msgid "Delete all rules in chain or all chains" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):370 +msgid "-Z" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):371 +msgid "Zero counters in chain or all chains" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):374 +msgid "-C" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):375 +msgid "Test this packet on chain" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):378 +msgid "-N" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):379 +msgid "Create a new user-defined chain" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):382 +msgid "-X" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):383 +msgid "Delete a user-defined chain" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):386 +msgid "-P" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):387 +msgid "Change policy on chain to target" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):390 +msgid "-E" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):391 +msgid "Change chain name" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):394 +msgid "-p" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):398 +msgid "-s" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):399 +msgid "Source address/mask" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):402 +msgid "-d" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):403 +msgid "Destination address/mask" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):406 +msgid "-i" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):407 +msgid "Input name (Ethernet name)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):410 +msgid "-o" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):411 +msgid "Output name (Ethernet name)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):414 +msgid "-j" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):415 +msgid "Jump (target for rule)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):418 +msgid "-m" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):419 +msgid "Extended match (might use extension)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):422 +msgid "-n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):423 +msgid "Numeric output of addresses and ports" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):426 +msgid "-t" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):427 +msgid "Table to manipulate" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):430 +msgid "-v" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):431 +msgid "Verbose mode" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):434 +msgid "-x" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):435 +msgid "Expand numbers (display exact values)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):438 +msgid "-f" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):439 +msgid "Match second or further fragments only" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):442 +msgid "-V" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):443 +msgid "Packet version" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):446 +msgid "--line-numbers" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):447 +msgid "Print line numbers when listing" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):451 +msgid "" +"First we will try to block all ICMP packets to our machine, just to get " +"familiar with iptables." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):456 +msgid "Block all ICMP packets" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):456 +#, no-wrap +msgid "" +"\n" +"# <i>iptables -A INPUT -p icmp -j DROP</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):460 +msgid "" +"First we specify the chain our rule should be appended to, then the protocol " +"of the packets to match, and finally the target. The target can be the name " +"of a user specified chain or one of the special targets <c>ACCEPT</c>, " +"<c>DROP</c>, <c>REJECT</c>, <c>LOG</c>, <c>QUEUE</c>, or <c>MASQUERADE</c>. " +"In this case we use <c>DROP</c>, which will drop the packet without " +"responding to the client." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(note):468 +msgid "" +"The <c>LOG</c> target is what's known as \"non-terminating\". If a packet " +"matches a rule with the <c>LOG</c> target, rather than halting evaluation, " +"the packet will continue to be matched to further rules. This allows you to " +"log packets while still processing them normally." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):475 +msgid "" +"Now try <c>ping localhost</c>. You will not get any response, since iptables " +"will drop all incoming ICMP messages. You will also not be able to ping " +"other machines, since the ICMP reply packet will be dropped as well. Now " +"flush the chain to get ICMP flowing again." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):482 +msgid "Flush all rules" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):482 +#, no-wrap +msgid "" +"\n" +"# <i>iptables -F</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):486 +msgid "" +"Now lets look at the stateful packet filtering in iptables. If we wanted to " +"enable stateful inspection of packets incoming on eth0 we would issue the " +"command:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):492 +msgid "Accept packets that originate from an already established connection" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):492 +#, no-wrap +msgid "" +"\n" +"# <i>iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):496 +msgid "" +"This will accept any packet from an already established connection or " +"related in the INPUT chain. And you could drop any packet that is not in the " +"state table by issuing <c>iptables -A INPUT -i eth0 -m state --state INVALID " +"-j DROP</c> just before the previous command. This enables the stateful " +"packet filtering in iptables by loading the extension \"state\". If you " +"wanted to allow others to connect to your machine, you could use the flag " +"<c>--state NEW</c>. Iptables contains some modules for different purposes. " +"Some of them are:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(th):508 +msgid "Module/Match" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(th):509 +msgid "Description" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(th):510 +msgid "Extended options" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):513 +msgid "mac" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):514 +msgid "Matching extension for incoming packets mac address." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):515 +msgid "--mac-source" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):518 +msgid "state" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):519 +msgid "Enables stateful inspection" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):520 +msgid "--state (states are ESTABLISHED,RELATED, INVALID, NEW)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):523 +msgid "limit" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):524 +msgid "Rate matching limiting" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):525 +msgid "--limit, --limit-burst" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):528 +msgid "owner" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):529 +msgid "Attempt to match various characteristics of the packet creator" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):530 +msgid "" +"--uid-owner userid --gid-owner groupid --pid-owner processid --sid-owner " +"sessionid" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):536 +msgid "unclean" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(ti):537 +msgid "Various random sanity checks on packets" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):541 +msgid "" +"Lets try to create a user-defined chain and apply it to one of the existing " +"chains:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):546 +msgid "Creating a user defined chain" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):546 +#, no-wrap +msgid "" +"\n" +"<comment>(Create a new chain with one rule)</comment>\n" +"# <i>iptables -X mychain</i>\n" +"# <i>iptables -N mychain</i>\n" +"# <i>iptables -A mychain -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT</i>\n" +"<comment>(The default policy is all outgoing traffic is allowed. Incoming is dropped.)</comment>\n" +"# <i>iptables -P OUTPUT ACCEPT</i>\n" +"# <i>iptables -P INPUT DROP</i>\n" +"<comment>(And add it to the INPUT chain)</comment>\n" +"# <i>iptables -A INPUT -j mychain</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):558 +msgid "" +"By applying the rule to the input chain we get the policy: All outgoing " +"packets are allowed and all incoming packets are dropped." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):563 +msgid "" +"One can find documentation at <uri link=\"http://www.iptables.org/" +"documentation/index.html#HOWTO\">Netfilter/iptables documentation</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):569 +msgid "" +"Lets see a full blown example. In this case my firewall/gateway policy " +"states:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):574 +msgid "Connections to the firewall are only allowed through SSH (port 22)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):575 +msgid "" +"The local network should have access to HTTP, HTTPS and SSH (DNS should also " +"be allowed)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):579 +msgid "" +"ICMP traffic can contain payload and should not be allowed. Of course we " +"have to allow some ICMP traffic." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):583 +msgid "Port scans should be detected and logged" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):584 +msgid "SYN attacks should be avoided" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):585 +msgid "All other traffic should be dropped and logged" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):588 +msgid "/etc/init.d/firewall" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):588 +#, no-wrap +msgid "" +"\n" +"#!/sbin/runscript\n" +"IPTABLES=/sbin/iptables\n" +"IPTABLESSAVE=/sbin/iptables-save\n" +"IPTABLESRESTORE=/sbin/iptables-restore\n" +"FIREWALL=/etc/firewall.rules\n" +"DNS1=212.242.40.3\n" +"DNS2=212.242.40.51\n" +"#inside\n" +"IIP=10.0.0.2\n" +"IINTERFACE=eth0\n" +"LOCAL_NETWORK=10.0.0.0/24\n" +"#outside\n" +"OIP=217.157.156.144\n" +"OINTERFACE=eth1\n" +"\n" +"opts=\"${opts} showstatus panic save restore showoptions rules\"\n" +"\n" +"depend() {\n" +" need net\n" +"}\n" +"\n" +"rules() {\n" +" stop\n" +" ebegin \"Setting internal rules\"\n" +"\n" +" einfo \"Setting default rule to drop\"\n" +" $IPTABLES -P FORWARD DROP\n" +" $IPTABLES -P INPUT DROP\n" +" $IPTABLES -P OUTPUT DROP\n" +"\n" +" #default rule\n" +" einfo \"Creating states chain\"\n" +" $IPTABLES -N allowed-connection\n" +" $IPTABLES -F allowed-connection\n" +" $IPTABLES -A allowed-connection -m state --state ESTABLISHED,RELATED -j ACCEPT\n" +" $IPTABLES -A allowed-connection -i $IINTERFACE -m limit -j LOG --log-prefix \\\n" +" \"Bad packet from ${IINTERFACE}:\"\n" +" $IPTABLES -A allowed-connection -j DROP\n" +"\n" +" #ICMP traffic\n" +" einfo \"Creating icmp chain\"\n" +" $IPTABLES -N icmp_allowed\n" +" $IPTABLES -F icmp_allowed\n" +" $IPTABLES -A icmp_allowed -m state --state NEW -p icmp --icmp-type \\\n" +" time-exceeded -j ACCEPT\n" +" $IPTABLES -A icmp_allowed -m state --state NEW -p icmp --icmp-type \\\n" +" destination-unreachable -j ACCEPT\n" +" $IPTABLES -A icmp_allowed -p icmp -j LOG --log-prefix \"Bad ICMP traffic:\"\n" +" $IPTABLES -A icmp_allowed -p icmp -j DROP\n" +"\n" +" #Incoming traffic\n" +" einfo \"Creating incoming ssh traffic chain\"\n" +" $IPTABLES -N allow-ssh-traffic-in\n" +" $IPTABLES -F allow-ssh-traffic-in\n" +" #Flood protection\n" +" $IPTABLES -A allow-ssh-traffic-in -m limit --limit 1/second -p tcp --tcp-flags \\\n" +" ALL RST --dport ssh -j ACCEPT\n" +" $IPTABLES -A allow-ssh-traffic-in -m limit --limit 1/second -p tcp --tcp-flags \\\n" +" ALL FIN --dport ssh -j ACCEPT\n" +" $IPTABLES -A allow-ssh-traffic-in -m limit --limit 1/second -p tcp --tcp-flags \\\n" +" ALL SYN --dport ssh -j ACCEPT\n" +" $IPTABLES -A allow-ssh-traffic-in -m state --state RELATED,ESTABLISHED -p tcp --dport ssh -j ACCEPT\n" +"\n" +" #outgoing traffic\n" +" einfo \"Creating outgoing ssh traffic chain\"\n" +" $IPTABLES -N allow-ssh-traffic-out\n" +" $IPTABLES -F allow-ssh-traffic-out\n" +" $IPTABLES -A allow-ssh-traffic-out -p tcp --dport ssh -j ACCEPT\n" +"\n" +" einfo \"Creating outgoing dns traffic chain\"\n" +" $IPTABLES -N allow-dns-traffic-out\n" +" $IPTABLES -F allow-dns-traffic-out\n" +" $IPTABLES -A allow-dns-traffic-out -p udp -d $DNS1 --dport domain \\\n" +" -j ACCEPT\n" +" $IPTABLES -A allow-dns-traffic-out -p udp -d $DNS2 --dport domain \\\n" +" -j ACCEPT\n" +"\n" +" einfo \"Creating outgoing http/https traffic chain\"\n" +" $IPTABLES -N allow-www-traffic-out\n" +" $IPTABLES -F allow-www-traffic-out\n" +" $IPTABLES -A allow-www-traffic-out -p tcp --dport www -j ACCEPT\n" +" $IPTABLES -A allow-www-traffic-out -p tcp --dport https -j ACCEPT\n" +"\n" +" #Catch portscanners\n" +" einfo \"Creating portscan detection chain\"\n" +" $IPTABLES -N check-flags\n" +" $IPTABLES -F check-flags\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -m limit \\\n" +" --limit 5/minute -j LOG --log-level alert --log-prefix \"NMAP-XMAS:\"\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL ALL -m limit --limit \\\n" +" 5/minute -j LOG --log-level 1 --log-prefix \"XMAS:\"\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL ALL -j DROP\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG \\\n" +" -m limit --limit 5/minute -j LOG --log-level 1 --log-prefix \"XMAS-PSH:\"\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL NONE -m limit \\\n" +" --limit 5/minute -j LOG --log-level 1 --log-prefix \"NULL_SCAN:\"\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags ALL NONE -j DROP\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -m limit \\\n" +" --limit 5/minute -j LOG --log-level 5 --log-prefix \"SYN/RST:\"\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags SYN,RST SYN,RST -j DROP\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit \\\n" +" --limit 5/minute -j LOG --log-level 5 --log-prefix \"SYN/FIN:\"\n" +" $IPTABLES -A check-flags -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP\n" +"\n" +" # Apply and add invalid states to the chains\n" +" einfo \"Applying chains to INPUT\"\n" +" $IPTABLES -A INPUT -m state --state INVALID -j DROP\n" +" $IPTABLES -A INPUT -p icmp -j icmp_allowed\n" +" $IPTABLES -A INPUT -j check-flags\n" +" $IPTABLES -A INPUT -i lo -j ACCEPT\n" +" $IPTABLES -A INPUT -j allow-ssh-traffic-in\n" +" $IPTABLES -A INPUT -j allowed-connection\n" +"\n" +" einfo \"Applying chains to FORWARD\"\n" +" $IPTABLES -A FORWARD -m state --state INVALID -j DROP\n" +" $IPTABLES -A FORWARD -p icmp -j icmp_allowed\n" +" $IPTABLES -A FORWARD -j check-flags\n" +" $IPTABLES -A FORWARD -o lo -j ACCEPT\n" +" $IPTABLES -A FORWARD -j allow-ssh-traffic-in\n" +" $IPTABLES -A FORWARD -j allow-www-traffic-out\n" +" $IPTABLES -A FORWARD -j allowed-connection\n" +"\n" +" einfo \"Applying chains to OUTPUT\"\n" +" $IPTABLES -A OUTPUT -m state --state INVALID -j DROP\n" +" $IPTABLES -A OUTPUT -p icmp -j icmp_allowed\n" +" $IPTABLES -A OUTPUT -j check-flags\n" +" $IPTABLES -A OUTPUT -o lo -j ACCEPT\n" +" $IPTABLES -A OUTPUT -j allow-ssh-traffic-out\n" +" $IPTABLES -A OUTPUT -j allow-dns-traffic-out\n" +" $IPTABLES -A OUTPUT -j allow-www-traffic-out\n" +" $IPTABLES -A OUTPUT -j allowed-connection\n" +"\n" +" #Allow client to route through via NAT (Network Address Translation)\n" +" $IPTABLES -t nat -A POSTROUTING -o $OINTERFACE -j MASQUERADE\n" +" eend $?\n" +"}\n" +"\n" +"start() {\n" +" ebegin \"Starting firewall\"\n" +" if [ -e \"${FIREWALL}\" ]; then\n" +" restore\n" +" else\n" +" einfo \"${FIREWALL} does not exists. Using default rules.\"\n" +" rules\n" +" fi\n" +" eend $?\n" +"}\n" +"\n" +"stop() {\n" +" ebegin \"Stopping firewall\"\n" +" $IPTABLES -F\n" +" $IPTABLES -t nat -F\n" +" $IPTABLES -X\n" +" $IPTABLES -P FORWARD ACCEPT\n" +" $IPTABLES -P INPUT ACCEPT\n" +" $IPTABLES -P OUTPUT ACCEPT\n" +" eend $?\n" +"}\n" +"\n" +"showstatus() {\n" +" ebegin \"Status\"\n" +" $IPTABLES -L -n -v --line-numbers\n" +" einfo \"NAT status\"\n" +" $IPTABLES -L -n -v --line-numbers -t nat\n" +" eend $?\n" +"}\n" +"\n" +"panic() {\n" +" ebegin \"Setting panic rules\"\n" +" $IPTABLES -F\n" +" $IPTABLES -X\n" +" $IPTABLES -t nat -F\n" +" $IPTABLES -P FORWARD DROP\n" +" $IPTABLES -P INPUT DROP\n" +" $IPTABLES -P OUTPUT DROP\n" +" $IPTABLES -A INPUT -i lo -j ACCEPT\n" +" $IPTABLES -A OUTPUT -o lo -j ACCEPT\n" +" eend $?\n" +"}\n" +"\n" +"save() {\n" +" ebegin \"Saving Firewall rules\"\n" +" $IPTABLESSAVE > $FIREWALL\n" +" eend $?\n" +"}\n" +"\n" +"restore() {\n" +" ebegin \"Restoring Firewall rules\"\n" +" $IPTABLESRESTORE < $FIREWALL\n" +" eend $?\n" +"}\n" +"\n" +"restart() {\n" +" svc_stop; svc_start\n" +"}\n" +"\n" +"showoptions() {\n" +" echo \"Usage: $0 {start|save|restore|panic|stop|restart|showstatus}\"\n" +" echo \"start) will restore setting if exists else force rules\"\n" +" echo \"stop) delete all rules and set all to accept\"\n" +" echo \"rules) force settings of new rules\"\n" +" echo \"save) will store settings in ${FIREWALL}\"\n" +" echo \"restore) will restore settings from ${FIREWALL}\"\n" +" echo \"showstatus) Shows the status\"\n" +"}\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):798 +msgid "Some advice when creating a firewall:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):803 +msgid "Create your firewall policy before implementing it" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):804 +msgid "Keep it simple" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):805 +msgid "" +"Know how each protocol works (read the relevant <uri link=\"http://www.ietf." +"org/\">RFC</uri>(Request For Comments))" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):809 +msgid "" +"Keep in mind that a firewall is just another piece of software running as " +"root." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):812 +msgid "Test your firewall" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):815 +msgid "" +"If you think that iptables is hard to understand or takes to long to setup a " +"decent firewall you could use <uri link=\"http://www.shorewall.net" +"\">Shorewall</uri>. It basically uses iptables to generate firewall rules, " +"but concentrates on rules and not specific protocols." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):828 +msgid "" +"Squid is a very powerful proxy server. It can filter traffic based on time, " +"regular expressions on path/URI, source and destination IP addresses, " +"domain, browser, authenticated user name, MIME type, and port number " +"(protocol). I probably forgot some features, but it can be hard to cover the " +"entire list right here." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):836 +msgid "" +"In the following example I have added a banner filter instead of a filter " +"based on porn sites. The reason for this is that Gentoo.org should <e>not</" +"e> be listed as some porn site. And I do not want to waste my time trying to " +"find some good sites for you." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):843 +msgid "In this case, my policy states:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):848 +msgid "" +"Surfing (HTTP/HTTPS) is allowed during work hours (mon-fri 8-17 and sat " +"8-13), but if employees are here late they should work, not surf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):852 +msgid "" +"Downloading files is not allowed (.exe, .com, .arj, .zip, .asf, .avi, .mpg, ." +"mpeg, etc)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):856 +msgid "" +"We do not like banners, so they are filtered and replaced with a transparent " +"gif (this is where you get creative!)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):860 +msgid "All other connections to and from the Internet are denied." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):865 +msgid "This is implemented in 4 <e>easy</e> steps." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):869 +msgid "/etc/squid/squid.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):869 +#, no-wrap +msgid "" +"\n" +"# Bind to a ip and port\n" +"http_port 10.0.2.1:3128\n" +"\n" +"# Standard configuration\n" +"hierarchy_stoplist cgi-bin ?\n" +"acl QUERY urlpath_regex cgi-bin \\?\n" +"no_cache deny QUERY\n" +"\n" +"# Add basic access control lists\n" +"acl all src 0.0.0.0/0.0.0.0\n" +"acl manager proto cache_object\n" +"acl localhost src 127.0.0.1/255.255.255.255\n" +"\n" +"# Add who can access this proxy server\n" +"acl localnet src 10.0.0.0/255.255.0.0\n" +"\n" +"# And ports\n" +"acl SSL_ports port 443\n" +"acl Safe_ports port 80\n" +"acl Safe_ports port 443\n" +"acl purge method PURGE\n" +"\n" +"# Add access control list based on regular\n" +"# expressions within urls\n" +"acl archives urlpath_regex \"/etc/squid/files.acl\"\n" +"acl url_ads url_regex \"/etc/squid/banner-ads.acl\"\n" +"\n" +"# Add access control list based on time and day\n" +"acl restricted_weekdays time MTWHF 8:00-17:00\n" +"acl restricted_weekends time A 8:00-13:00\n" +"\n" +"acl CONNECT method CONNECT\n" +"\n" +"#allow manager access from localhost\n" +"http_access allow manager localhost\n" +"http_access deny manager\n" +"\n" +"# Only allow purge requests from localhost\n" +"http_access allow purge localhost\n" +"http_access deny purge\n" +"\n" +"# Deny requests to unknown ports\n" +"http_access deny !Safe_ports\n" +"\n" +"# Deny CONNECT to other than SSL ports\n" +"http_access deny CONNECT !SSL_ports\n" +"\n" +"# My own rules\n" +"\n" +"# Add a page do be displayed when\n" +"# a banner is removed\n" +"deny_info NOTE_ADS_FILTERED url_ads\n" +"\n" +"# Then deny them\n" +"http_access deny url_ads\n" +"\n" +"# Deny all archives\n" +"http_access deny archives\n" +"\n" +"# Restrict access to work hours\n" +"http_access allow localnet restricted_weekdays\n" +"http_access allow localnet restricted_weekends\n" +"\n" +"# Deny the rest\n" +"http_access deny all\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):937 +msgid "" +"Next fill in the files you do not want your users to download files. I have " +"added zip, viv, exe, mp3, rar, ace, avi, mov, mpg, mpeg, au, ra, arj, tar, " +"gz and z files." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):943 +msgid "/etc/squid/files.acl" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):943 +#, no-wrap +msgid "" +"\n" +"\\.[Zz][Ii][pP]$\n" +"\\.[Vv][Ii][Vv].*\n" +"\\.[Ee][Xx][Ee]$\n" +"\\.[Mm][Pp]3$\n" +"\\.[Rr][Aa][Rr]$\n" +"\\.[Aa][Cc][Ee]$\n" +"\\.[Aa][Ss][Ff]$\n" +"\\.[Aa][Vv][Ii]$\n" +"\\.[Mm][Oo][Vv]$\n" +"\\.[Mm][Pp][Gg]$\n" +"\\.[Mm][Pp][Ee][Gg]$\n" +"\\.[Aa][Uu]$\n" +"\\.[Rr][Aa]$\n" +"\\.[Aa][Rr][Jj]$\n" +"\\.[Tt][Aa][Rr]$\n" +"\\.[Gg][Zz]$\n" +"\\.[Zz]$\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(note):963 +msgid "" +"Please note the [] with upper and lowercase of every character. This is done " +"so no one can fool our filter by accessing a file called AvI instead of avi." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):968 +msgid "" +"Next we add the regular expressions for identifying banners. You will " +"probably be a lot more creative than I:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):973 +msgid "/etc/squid/banner-ads.acl" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):973 +#, no-wrap +msgid "" +"\n" +"/adv/.*\\.gif$\n" +"/[Aa]ds/.*\\.gif$\n" +"/[Aa]d[Pp]ix/\n" +"/[Aa]d[Ss]erver\n" +"/[Aa][Dd]/.*\\.[GgJj][IiPp][FfGg]$\n" +"/[Bb]annerads/\n" +"/adbanner.*\\.[GgJj][IiPp][FfGg]$\n" +"/images/ad/\n" +"/reklame/\n" +"/RealMedia/ads/.*\n" +"^http://www\\.submit-it.*\n" +"^http://www\\.eads.*\n" +"^http://ads\\.\n" +"^http://ad\\.\n" +"^http://ads02\\.\n" +"^http://adaver.*\\.\n" +"^http://adforce\\.\n" +"adbot\\.com\n" +"/ads/.*\\.gif.*\n" +"_ad\\..*cgi\n" +"/Banners/\n" +"/SmartBanner/\n" +"/Ads/Media/Images/\n" +"^http://static\\.wired\\.com/advertising/\n" +"^http://*\\.dejanews\\.com/ads/\n" +"^http://adfu\\.blockstackers\\.com/\n" +"^http://ads2\\.zdnet\\.com/adverts\n" +"^http://www2\\.burstnet\\.com/gifs/\n" +"^http://www.\\.valueclick\\.com/cgi-bin/cycle\n" +"^http://www\\.altavista\\.com/av/gifs/ie_horiz\\.gif\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):1006 +msgid "" +"And as the last part we want this file to be displayed when a banner is " +"removed. It is basically a half html file with a 4x4 transparent gif image." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):1011 +msgid "/etc/squid/errors/NOTE_ADS_FILTERED" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):1011 +#, no-wrap +msgid "" +"\n" +"<HTML>\n" +"<HEAD>\n" +"<META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0; URL=http://localhost/images/4x4.gif\">\n" +"<TITLE>ERROR: The requested URL could not be retrieved</TITLE>\n" +"</HEAD>\n" +"<BODY>\n" +"<H1>Add filtered!</H1>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(note):1021 +msgid "" +"Do not close the <HTML> <BODY> tags. This will be done by squid." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):1025 +msgid "" +"As you can see, Squid has a lot of possibilities and it is very effective at " +"both filtering and proxying. It can even use alternative Squid proxies to " +"scale on very large networks. The configuration I have listed here is mostly " +"suited for a small network with 1-20 users." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):1032 +msgid "" +"But combining the packet filter (iptables) and the application gateway " +"(Squid) is probably the best solution, even if Squid is located somewhere " +"safe and nobody can access it from the outside. We still need to be " +"concerned about attacks from the inside." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):1039 +msgid "" +"Now you have to configure your clients browsers to use the proxy server. The " +"gateway will prevent the users from having any contact with the outside " +"unless they use the proxy." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(note):1045 +msgid "" +"In Mozilla Firefox this is done in Edit->Preferences->Advanced->" +"Network." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):1049 +msgid "" +"It can also be done transparently by using iptables to forward all outbound " +"traffic to a Squid proxy. This can be done by adding a forwarding/prerouting " +"rule on the gateway:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre:caption):1055 +msgid "Enable portforwarding to our proxyserver" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(pre):1055 +#, no-wrap +msgid "" +"\n" +"# <i>iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to proxyhost:3128</i>\n" +"# <i>iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to proxyhost:3128</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(note):1060 +msgid "" +"If the proxy is running on the packet filtering host--though this is not " +"recommended, it may be necessary if you do not have enough spare machines--" +"use a <c>REDIRECT</c> target instead of <c>DNAT</c> (<c>REDIRECT</c> directs " +"packets to the localhost)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(title):1070 +msgid "Lessons learned" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):1073 +msgid "We have learned that:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):1078 +msgid "" +"A firewall can be a risk in itself. A badly configured firewall is worse " +"than not having one at all." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):1082 +msgid "How to setup a basic gateway and a transparent proxy." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):1083 +msgid "The key to a good firewall is to know the protocols you want do allow." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):1084 +msgid "" +"That IP traffic does not always contain legitimate data, e.g. ICMP packets, " +"which can contain a malicious payload." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):1088 +msgid "How to prevent SYN attack." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):1089 +msgid "" +"Filtering HTTP traffic by removing offensive pictures and downloads of " +"viruses." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(li):1090 +msgid "" +"Combining packet filters and application gateways provides better control." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(p):1095 +msgid "" +"Now, if you <e>really</e> need to, go create a firewall that matches your " +"needs." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-firewalls.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-intrusion.xml.po b/shandbook/gettext/el/shb-intrusion.xml.po new file mode 100644 index 0000000..45c0e8f --- /dev/null +++ b/shandbook/gettext/el/shb-intrusion.xml.po @@ -0,0 +1,674 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(version):10 +msgid "2" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(date):11 +msgid "2010-07-19" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(title):14 +msgid "AIDE (Advanced Intrusion Detection Environment)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):17 +msgid "" +"AIDE is a Host-Based Intrusion Detection System (HIDS), a free alternative " +"to Tripwire (if you already know Tripwire you should have no difficulties " +"learning the configuration file for AIDE). HIDS are used to detect changes " +"to important system configuration files and binaries, generally by making a " +"unique cryptographic hash for the files to be checked and storing it in a " +"secure place. On a regular basis (such as once a day), the stored \"known-" +"good\" hash is compared to the one generated from the current copy of each " +"file, to determine if that file has changed. HIDS are a great way to detect " +"disallowed changes to your system, but they take a little work to implement " +"properly and make good use of." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):30 +msgid "" +"The configuration file is based on regular expressions, macros and rules for " +"files and directories. We have the following macros:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):37 +msgid "Macro" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):38 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):95 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):182 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):218 +msgid "Description" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):39 +msgid "Syntax" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):42 +msgid "ifdef" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):43 +msgid "If definded" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):44 +msgid "@@ifdef \"name\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):47 +msgid "ifndef" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):48 +msgid "If not defined" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):49 +msgid "@@ifndef \"name\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):52 +msgid "define" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):53 +msgid "Define a variable" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):54 +msgid "@@define \"name\" \"value\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):57 +msgid "undef" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):58 +msgid "Undefine a variable" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):59 +msgid "@@undef \"name\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):62 +msgid "ifhost" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):63 +msgid "if \"hostname\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):64 +msgid "@@ifhost \"hostname\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):67 +msgid "ifnhost" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):68 +msgid "if not \"hostname\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):69 +msgid "@@ifnhost \"hostname\"" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):72 +msgid "endif" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):73 +msgid "" +"Endif must be used after any of the above macros except define and undef" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):76 +msgid "@@endif" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):80 +msgid "" +"These macros become very handy if you have more than one Gentoo box and want " +"to use AIDE on all of them. But not all machines run the same services or " +"even have the same users." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):86 +msgid "" +"Next we have sets of flags to check for on files and directories. These are " +"a combination of permissions, file properties and cryptographic hashes (i.e. " +"checksums)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):94 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):181 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(th):217 +msgid "Flag" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):98 +msgid "p" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):99 +msgid "permissions" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):102 +msgid "i" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):103 +msgid "inode" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):106 +msgid "n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):107 +msgid "number of links" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):110 +msgid "u" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):111 +msgid "user" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):114 +msgid "g" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):115 +msgid "group" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):118 +msgid "s" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):119 +msgid "size" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):122 +msgid "b" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):123 +msgid "block count" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):126 +msgid "m" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):127 +msgid "mtime" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):130 +msgid "a" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):131 +msgid "atime" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):134 +msgid "c" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):135 +msgid "ctime" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):138 +msgid "S" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):139 +msgid "check for growing size" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):142 +msgid "md5" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):143 +msgid "md5 checksum" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):146 +msgid "sha1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):147 +msgid "sha1 checksum" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):150 +msgid "rmd160" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):151 +msgid "rmd160 checksum" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):154 +msgid "tiger" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):155 +msgid "tiger checksum" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):158 +msgid "R" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):159 +msgid "p+i+n+u+g+s+m+c+md5" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):162 +msgid "L" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):163 +msgid "p+i+n+u+g" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):166 +msgid "E" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):167 +msgid "Empty group" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):170 +msgid ">" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):171 +msgid "Growing logfile p+u+g+i+n+S" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):175 +msgid "" +"And if AIDE is compiled with mhash support it supports a few other features:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):185 +msgid "haval" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):186 +msgid "haval checksum" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):189 +msgid "gost" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):190 +msgid "gost checksum" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):193 +msgid "crc32" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):194 +msgid "crc32 checksum" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):198 +msgid "" +"Now you can create you own rules based on the above flags by combining them " +"like this:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre:caption):203 +msgid "Create a ruleset for AIDE" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre):203 +#, no-wrap +msgid "" +"\n" +"All=R+a+sha1+rmd160\n" +"Norm=s+n+b+md5+sha1+rmd160\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):208 +msgid "" +"The last thing we need to create our own configuration file is to see how to " +"add a rule to a file or directory. To enter a rule, combine the file or " +"directory name and the rule. AIDE will add all files recursively unless you " +"specify an alternate rule." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):221 +msgid "!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):222 +msgid "Don't add this file or directory." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):225 +msgid "=" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(ti):226 +msgid "Add this directory, but not recursively." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):230 +msgid "So lets watch a full blown example:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre:caption):234 +msgid "/etc/aide/aide.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre):234 +#, no-wrap +msgid "" +"\n" +"@@ifndef TOPDIR\n" +"@@define TOPDIR /\n" +"@@endif\n" +"\n" +"@@ifndef AIDEDIR\n" +"@@define AIDEDIR /etc/aide\n" +"@@endif\n" +"\n" +"@@ifhost smbserv\n" +"@@define smbactive\n" +"@@endif\n" +"\n" +"# The location of the database to be read.\n" +"database=file:@@{AIDEDIR}/aide.db\n" +"\n" +"# The location of the database to be written.\n" +"database_out=file:aide.db.new\n" +"\n" +"verbose=20\n" +"report_url=stdout\n" +"\n" +"# Rule definition\n" +"All=R+a+sha1+rmd160\n" +"Norm=s+n+b+md5+sha1+rmd160\n" +"\n" +"@@{TOPDIR} Norm\n" +"!@@{TOPDIR}etc/aide\n" +"!@@{TOPDIR}dev\n" +"!@@{TOPDIR}media\n" +"!@@{TOPDIR}mnt\n" +"!@@{TOPDIR}proc\n" +"!@@{TOPDIR}root\n" +"!@@{TOPDIR}sys\n" +"!@@{TOPDIR}tmp\n" +"!@@{TOPDIR}var/log\n" +"!@@{TOPDIR}var/run\n" +"!@@{TOPDIR}usr/portage\n" +"@@ifdef smbactive\n" +"!@@{TOPDIR}etc/smb/private/secrets.tdb\n" +"@@endif\n" +"=@@{TOPDIR}home Norm\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):278 +msgid "" +"In the above example we specify with some macros where the topdir starts and " +"where the AIDE directory is. AIDE checks the <path>/etc/aide/aide.db</path> " +"file when checking for file integrity. But when updating or creating a new " +"file it stores the information in <path>/etc/aide/aide.db.new</path>. This " +"is done so it won't automatically overwrite the old db file. The option " +"<c>report_URL</c> is not yet implemented, but the author's intention was " +"that it should be able to e-mail or maybe even execute scripts." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):288 +msgid "" +"The AIDE ebuild now comes with a working default configuration file, a " +"helper script and a crontab script. The helper script does a number of tasks " +"for you and provides an interface that is a little more script friendly. To " +"see all available options, try <c>aide --help</c>. To get started, all that " +"needs to be done is <c>aide -i</c> and the crontab script should detect the " +"database and send mails as appropriate every day. We recommend that you " +"review the <path>/etc/aide/aide.conf</path> file and ensure that the " +"configuration accurately reflects what is in place on the machine." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(note):299 +msgid "" +"Depending on your CPU, disk access speed, and the flags you have set on " +"files, this can take some time." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(note):304 +msgid "" +"Remember to set an alias so you get roots mail. Otherwise you will never " +"know what AIDE reports." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):309 +msgid "" +"Now there is some risk inherent with storing the db files locally, since the " +"attacker will (if they know that AIDE is installed) most certainly try to " +"alter the db file, update the db file or modify <path>/usr/bin/aide</path>. " +"So you should create a CD or other media and put on it a copy of the .db " +"file and the AIDE binaries." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):317 +msgid "" +"One can find information at the <uri link=\"http://www.cs.tut.fi/~rammer/" +"aide.html\">AIDE</uri> project page." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(title):325 +msgid "Snort" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):328 +msgid "" +"Snort is a Network Intrusion Detection System (NIDS). To install and " +"configure it use the following examples." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre:caption):333 +msgid "/etc/conf.d/snort" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre):333 +#, no-wrap +msgid "" +"\n" +"PIDFILE=/var/run/snort_eth0.pid\n" +"MODE=\"full\"\n" +"NETWORK=\"10.0.0.0/24\"\n" +"LOGDIR=\"/var/log/snort\"\n" +"CONF=/etc/snort/snort.conf\n" +"SNORT_OPTS=\"-D -s -u snort -dev -l $LOGDIR -h $NETWORK -c $CONF\"\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre:caption):342 +msgid "/etc/snort/snort.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre):342 +#, no-wrap +msgid "" +"\n" +"<comment>(Step 1)</comment>\n" +"var HOME_NET 10.0.0.0/24\n" +"var EXTERNAL_NET any\n" +"var SMTP $HOME_NET\n" +"var HTTP_SERVERS $HOME_NET\n" +"var SQL_SERVERS $HOME_NET\n" +"var DNS_SERVERS [10.0.0.2/32,212.242.40.51/32]\n" +"var RULE_PATH ./\n" +"\n" +"<comment>(Step 2)</comment>\n" +"preprocessor frag2\n" +"preprocessor stream4: detect_scans detect_state_problems detect_scans disable_evasion_alerts\n" +"preprocessor stream4_reassemble: ports all\n" +"preprocessor http_decode: 80 8080 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace\n" +"preprocessor rpc_decode: 111 32771\n" +"preprocessor bo: -nobrute\n" +"preprocessor telnet_decode\n" +"\n" +"<comment>(Step 3)</comment>\n" +"include classification.config\n" +"\n" +"<comment>(Step 4)</comment>\n" +"include $RULE_PATH/bad-traffic.rules\n" +"include $RULE_PATH/exploit.rules\n" +"include $RULE_PATH/scan.rules\n" +"include $RULE_PATH/finger.rules\n" +"include $RULE_PATH/ftp.rules\n" +"include $RULE_PATH/telnet.rules\n" +"include $RULE_PATH/smtp.rules\n" +"include $RULE_PATH/rpc.rules\n" +"include $RULE_PATH/rservices.rules\n" +"include $RULE_PATH/dos.rules\n" +"include $RULE_PATH/ddos.rules\n" +"include $RULE_PATH/dns.rules\n" +"include $RULE_PATH/tftp.rules\n" +"include $RULE_PATH/web-cgi.rules\n" +"include $RULE_PATH/web-coldfusion.rules\n" +"include $RULE_PATH/web-iis.rules\n" +"include $RULE_PATH/web-frontpage.rules\n" +"include $RULE_PATH/web-misc.rules\n" +"include $RULE_PATH/web-attacks.rules\n" +"include $RULE_PATH/sql.rules\n" +"include $RULE_PATH/x11.rules\n" +"include $RULE_PATH/icmp.rules\n" +"include $RULE_PATH/netbios.rules\n" +"include $RULE_PATH/misc.rules\n" +"include $RULE_PATH/attack-responses.rules\n" +"include $RULE_PATH/backdoor.rules\n" +"include $RULE_PATH/shellcode.rules\n" +"include $RULE_PATH/policy.rules\n" +"include $RULE_PATH/porn.rules\n" +"include $RULE_PATH/info.rules\n" +"include $RULE_PATH/icmp-info.rules\n" +"include $RULE_PATH/virus.rules\n" +"# include $RULE_PATH/experimental.rules\n" +"include $RULE_PATH/local.rules\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre:caption):401 +msgid "/etc/snort/classification.config" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre):401 +#, no-wrap +msgid "" +"\n" +"config classification: not-suspicious,Not Suspicious Traffic,3\n" +"config classification: unknown,Unknown Traffic,3\n" +"config classification: bad-unknown,Potentially Bad Traffic, 2\n" +"config classification: attempted-recon,Attempted Information Leak,2\n" +"config classification: successful-recon-limited,Information Leak,2\n" +"config classification: successful-recon-largescale,Large Scale Information Leak,2\n" +"config classification: attempted-dos,Attempted Denial of Service,2\n" +"config classification: successful-dos,Denial of Service,2\n" +"config classification: attempted-user,Attempted User Privilege Gain,1\n" +"config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1\n" +"config classification: successful-user,Successful User Privilege Gain,1\n" +"config classification: attempted-admin,Attempted Administrator Privilege Gain,1\n" +"config classification: successful-admin,Successful Administrator Privilege Gain,1\n" +"\n" +"# NEW CLASSIFICATIONS\n" +"config classification: rpc-portmap-decode,Decode of an RPC Query,2\n" +"config classification: shellcode-detect,Executable code was detected,1\n" +"config classification: string-detect,A suspicious string was detected,3\n" +"config classification: suspicious-filename-detect,A suspicious filename was detected,2\n" +"config classification: suspicious-login,An attempted login using a suspicious username was detected,2\n" +"config classification: system-call-detect,A system call was detected,2\n" +"config classification: tcp-connection,A TCP connection was detected,4\n" +"config classification: trojan-activity,A Network Trojan was detected, 1\n" +"config classification: unusual-client-port-connection,A client was using an unusual port,2\n" +"config classification: network-scan,Detection of a Network Scan,3\n" +"config classification: denial-of-service,Detection of a Denial of Service Attack,2\n" +"config classification: non-standard-protocol,Detection of a non-standard protocol or event,2\n" +"config classification: protocol-command-decode,Generic Protocol Command Decode,3\n" +"config classification: web-application-activity,access to a potentially vulnerable web application,2\n" +"config classification: web-application-attack,Web Application Attack,1\n" +"config classification: misc-activity,Misc activity,3\n" +"config classification: misc-attack,Misc Attack,2\n" +"config classification: icmp-event,Generic ICMP event,3\n" +"config classification: kickass-porn,SCORE! Get the lotion!,1\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):438 +msgid "" +"More information is at the <uri link=\"http://www.snort.org\">Snort</uri> " +"web site." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(title):446 +msgid "Detecting malware with chkrootkit" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):449 +msgid "" +"HIDS like AIDE are a great way to detect changes to your system, but it " +"never hurts to have another line of defence. <c>chkrootkit</c> is a utility " +"that scans common system files for the presence of rootkits--software " +"designed to hide an intruder's actions and allow him to retain his access--" +"and scans your system for likely traces of key loggers and other \"malware" +"\". While <c>chkrootkit</c> (and alternatives like <c>rkhunter</c>) are " +"useful tools, both for system maintenance and for tracking an intruder after " +"an attack has occurred, they cannot guarantee your system is secure." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(p):460 +msgid "" +"The best way to use <c>chkrootkit</c> to detect an intrusion is to run it " +"routinely from <c>cron</c>. To start, emerge <path>app-forensics/chkrootkit</" +"path>. <c>chkrootkit</c> can be run from the command line by the command of " +"the same name, or from <c>cron</c> with an entry such as this:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre:caption):468 +msgid "Schedule chkrootkit as a cronjob" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(pre):468 +#, no-wrap +msgid "" +"\n" +"0 3 * * * /usr/sbin/chkrootkit\n" +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-intrusion.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-kernel.xml.po b/shandbook/gettext/el/shb-kernel.xml.po new file mode 100644 index 0000000..48ac3d4 --- /dev/null +++ b/shandbook/gettext/el/shb-kernel.xml.po @@ -0,0 +1,336 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(version):10 +msgid "1.2" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(date):11 +msgid "2008-04-15" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(title):14 +msgid "Removing functionality" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):17 +msgid "" +"The basic rule when configuring the kernel is to remove everything that you " +"do not need. This will not only create a small kernel but also remove the " +"vulnerabilities that may lie inside drivers and other features." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):23 +msgid "" +"Also consider turning off loadable module support. Even though it is " +"possible to add root kits without this features, it does make it harder for " +"normal attackers to install root kits via kernel modules." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(title):32 +msgid "The proc filesystem" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):35 +msgid "" +"Many kernel parameters can be altered through the <path>/proc</path> file " +"system or by using <c>sysctl</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):40 +msgid "" +"To dynamically change kernel parameters and variables on the fly, you need " +"<c>CONFIG_SYSCTL</c> defined in your kernel. This is on by default in a " +"standard 2.4 kernel." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):46 +msgid "Deactivate IP forwarding" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):46 +#, no-wrap +msgid "" +"\n" +"# <i>/bin/echo \"0\" > /proc/sys/net/ipv4/ip_forward</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):50 +msgid "" +"Make sure that IP forwarding is turned off. We only want this for a multi-" +"homed host. It's advised to set or unset this flag before all other flags " +"since it enabled/disables other flags as well." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):56 +msgid "Drop ping packets" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):56 +#, no-wrap +msgid "" +"\n" +"# <i>/bin/echo \"1\" > /proc/sys/net/ipv4/icmp_echo_ignore_all</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):60 +msgid "" +"This will cause the kernel to simply ignore all ping messages (also known as " +"ICMP type 0 messages). The reason for this is that an IP packet carrying an " +"ICMP message can contain a payload with information other than you think. " +"Administrators use ping as a diagnostic tool and often complain if it is " +"disabled, but there is no reason for an outsider to be able to ping. " +"However, since it sometimes can be handy for insiders to be able to ping, " +"you can disable ICMP type 0 messages in the firewall (allowing local " +"administrators to continue to use this tool)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):71 +msgid "Ignore broadcast pings" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):71 +#, no-wrap +msgid "" +"\n" +"# <i>/bin/echo \"1\" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):75 +msgid "" +"This disables response to ICMP broadcasts and will prevent Smurf attacks. " +"The Smurf attack works by sending an ICMP type 0 (ping) message to the " +"broadcast address of a network. Typically the attacker will use a spoofed " +"source address. All the computers on the network will respond to the ping " +"message and thereby flood the host at the spoofed source address." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):83 +msgid "Disable source routed packets" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):83 +#, no-wrap +msgid "" +"\n" +"# <i>/bin/echo \"0\" > /proc/sys/net/ipv4/conf/all/accept_source_route</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):87 +msgid "" +"Do not accept source routed packets. Attackers can use source routing to " +"generate traffic pretending to originate from inside your network, but that " +"is actually routed back along the path from which it came, so attackers can " +"compromise your network. Source routing is rarely used for legitimate " +"purposes, so it is safe to disable it." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):95 +msgid "Disable redirect acceptance" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):95 +#, no-wrap +msgid "" +"\n" +"# <i>/bin/echo \"0\" > /proc/sys/net/ipv4/conf/all/accept_redirects</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):99 +msgid "" +"Do not accept ICMP redirect packets. ICMP redirects can be used to alter " +"your routing tables, possibly to a malicious end." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):104 +msgid "Protect against bad error messages" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):104 +#, no-wrap +msgid "" +"\n" +"# <i>/bin/echo \"1\" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):108 +msgid "Enable protection against bogus error message responses." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):112 +msgid "Enable reverse path filtering" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):112 +#, no-wrap +msgid "" +"\n" +"# <i>for i in /proc/sys/net/ipv4/conf/*; do\n" +" /bin/echo \"1\" > $i/rp_filter\n" +"done</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):118 +msgid "" +"Turn on reverse path filtering. This helps make sure that packets use " +"legitimate source addresses by automatically rejecting incoming packets if " +"the routing table entry for their source address does not match the network " +"interface they are arriving on. This has security advantages because it " +"prevents IP spoofing. We need to enable it for each <path>net/ipv4/conf/*</" +"path> otherwise source validation isn't fully functional." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(warn):127 +msgid "" +"However turning on reverse path filtering can be a problem if you use " +"asymmetric routing (packets from you to a host take a different path than " +"packets from that host to you) or if you operate a non-routing host which " +"has several IP addresses on different interfaces." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):134 +msgid "Log all spoofed, source routed and redirect packets" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):134 +#, no-wrap +msgid "" +"\n" +"# <i>/bin/echo \"1\" > /proc/sys/net/ipv4/conf/all/log_martians</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):138 +msgid "Log spoofed packets, source routed packets and redirect packets." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):142 +msgid "" +"All these settings will be reset when the machine is rebooted. I suggest " +"that you add them to <path>/etc/sysctl.conf</path>, which is automatically " +"sourced by the <path>/etc/init.d/bootmisc</path> init script." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):148 +msgid "" +"The syntax for <path>/etc/sysctl.conf</path> is pretty straightforward. " +"Strip off the <path>/proc/sys/</path> from the previously mentioned paths " +"and substitute <path>/</path> with <path>.</path>:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre:caption):154 +msgid "Translating to sysctl.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(pre):154 +#, no-wrap +msgid "" +"\n" +"<comment>(Manual using echo):</comment>\n" +"/bin/echo \"0\" > /proc/sys/net/ipv4/ip_forward\n" +"\n" +"<comment>(Automatic in sysctl.conf:)</comment>\n" +"net.ipv4.ip_forward = 0\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(title):165 +msgid "Grsecurity" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):168 +msgid "" +"The patch from <uri link=\"http://grsecurity.net\">Grsecurity</uri> is " +"standard in the <c>sys-kernel/hardened-sources</c> but is disabled by " +"default. Configure your kernel as you normally do and then configure the " +"Grsecurity options. An in-depth explanation on the available Grsecurity " +"options is available on the <uri link=\"/proj/en/hardened\">Gentoo Hardened</" +"uri> project page." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):176 +msgid "" +"Recent <c>hardened-sources</c> provide the 2.* version of Grsecurity. For " +"more information on this improved Grsecurity patch set, please consult the " +"documentation available on the <uri link=\"http://www.grsecurity.net/" +"\">Grsecurity home page</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(title):186 +msgid "Kerneli" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):189 +msgid "" +"<uri link=\"http://www.Kerneli.org\">Kerneli</uri> is a patch that adds " +"encryption to the existing kernel. By patching your kernel you will get new " +"options such as cryptographic ciphers, digest algorithms and cryptographic " +"loop filters." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(warn):195 +msgid "" +"The kerneli patch is currently not in a stable version for the latest " +"kernel, so be careful when using it." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(title):203 +msgid "Other kernel patches" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri:link):207 +msgid "http://www.openwall.com" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri):207 +msgid "The OpenWall Project" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri:link):208 +msgid "http://www.lids.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri):208 +msgid "Linux Intrusion Detection System" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri:link):209 +msgid "http://www.rsbac.org" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri):209 +msgid "Rule Set Based Access Control" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri:link):211 +msgid "http://www.nsa.gov/selinux" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri):211 +msgid "NSA's security enhanced kernel" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri:link):213 +msgid "http://sourceforge.net/projects/wolk/" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(uri):213 +msgid "Wolk" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(p):216 +msgid "And there are probably a lot more." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-kernel.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-limits.xml.po b/shandbook/gettext/el/shb-limits.xml.po new file mode 100644 index 0000000..6c1c6a3 --- /dev/null +++ b/shandbook/gettext/el/shb-limits.xml.po @@ -0,0 +1,300 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(version):10 +msgid "1.5" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(date):11 +msgid "2010-04-26" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(title):14 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):24 +msgid "/etc/security/limits.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):17 +msgid "" +"Controlling resource usage can be very effective when trying to prevent a " +"local Denial of Service or restricting the maximum allowed logins for a " +"group or user. However, too strict settings will impede on your system's " +"behavior and will result in program failures so make sure that you check " +"each setting first." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):24 +#, no-wrap +msgid "" +"\n" +"* soft core 0\n" +"* hard core 0\n" +"* hard nproc 15\n" +"* hard rss 10000\n" +"* - maxlogins 2\n" +"@dev hard core 100000\n" +"@dev soft nproc 20\n" +"@dev hard nproc 35\n" +"@dev - maxlogins 10\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):36 +msgid "" +"If you find yourself trying to set <c>nproc</c> or <c>maxlogins</c> to 0, " +"maybe you should delete the user instead. The example above sets the group " +"<c>dev</c> settings for processes, core file and <c>maxlogins</c>. The rest " +"is set to a default value." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(note):43 +msgid "" +"<path>/etc/security/limits.conf</path> is part of the PAM package and will " +"only apply to packages that use PAM." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(title):51 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):61 +msgid "/etc/limits" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):54 +msgid "" +"<path>/etc/limits</path> is very similar to the limit file <path>/etc/" +"security/limits.conf</path>. The only difference is the format and that it " +"only works on users or wild cards (not groups). Let's have a look at a " +"sample configuration:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):61 +#, no-wrap +msgid "" +"\n" +"* L2 C0 U15 R10000\n" +"kn L10 C100000 U35\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):66 +msgid "" +"Here we set the default settings and a specific setting for the user kn. " +"Limits are part of the sys-apps/shadow package. It is not necessary to set " +"any limits in this file if you have enabled <c>pam</c> in <path>/etc/make." +"conf</path>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(title):75 +msgid "Quotas" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(warn):78 +msgid "" +"Make sure the file systems you are working with support quotas. In order to " +"use quotas on ReiserFS, you must patch your kernel with patches available " +"from <uri link=\"ftp://ftp.namesys.com/pub/reiserfs-for-2.4/testing/" +"quota-2.4.20\">Namesys</uri>. User tools are available from <uri link=" +"\"http://www.sf.net/projects/linuxquota/\">the Linux DiskQuota project</" +"uri>. While quotas do work with ReiserFS, you may encounter other issues " +"while trying to use them--you have been warned!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):89 +msgid "" +"Putting quotas on a file system restricts disk usage on a per-user or per-" +"group basis. Quotas are enabled in the kernel and added to a mount point in " +"<path>/etc/fstab</path>. The kernel option is enabled in the kernel " +"configuration under <c>File systems->Quota support</c>. Apply the " +"following settings, rebuild the kernel and reboot using the new kernel." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):97 +msgid "" +"Start by installing quotas with <c>emerge quota</c>. Then modify your <path>/" +"etc/fstab</path> and add <c>usrquota</c> and <c>grpquota</c> to the " +"partitions that you want to restrict disk usage on, like in the example " +"below." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):103 +msgid "/etc/fstab" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):103 +#, no-wrap +msgid "" +"\n" +"/dev/sda1 /boot ext2 noauto,noatime 1 1\n" +"/dev/sda2 none swap sw 0 0\n" +"/dev/sda3 / reiserfs notail,noatime 0 0\n" +"/dev/sda4 /tmp ext3 noatime,nodev,nosuid,noexec,usrquota,grpquota 0 0\n" +"/dev/sda5 /var ext3 noatime,nodev,usrquota,grpquota 0 0\n" +"/dev/sda6 /home ext3 noatime,nodev,nosuid,usrquota,grpquota 0 0\n" +"/dev/sda7 /usr reiserfs notail,noatime,nodev,ro 0 0\n" +"/dev/cdroms/cdrom0 /mnt/cdrom iso9660 noauto,ro 0 0\n" +"proc /proc proc defaults 0 0\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):115 +msgid "" +"On every partition that you have enabled quotas, create the quota files " +"(<path>aquota.user</path> and <path>aquota.group</path>) and place them in " +"the root of the partition." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):121 +msgid "Creating the quota files" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):121 +#, no-wrap +msgid "" +"\n" +"# <i>touch /tmp/aquota.user</i>\n" +"# <i>touch /tmp/aquota.group</i>\n" +"# <i>chmod 600 /tmp/aquota.user</i>\n" +"# <i>chmod 600 /tmp/aquota.group</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):128 +msgid "" +"This step has to be done on every partition where quotas are enabled. After " +"adding and configuring the quota files, we need to add the <c>quota</c> " +"script to the boot run level." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(impo):134 +msgid "" +"XFS does all quota checks internally, and does <e>not</e> need the <c>quota</" +"c> script added to the boot runlevel. There may be other filesystems not " +"listed in this document with similar behavior, so please read the manpages " +"for your filesystem to learn more about how it handles quota checks." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):141 +msgid "Adding quota to the boot runlevel" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):141 +#, no-wrap +msgid "" +"\n" +"# <i>rc-update add quota boot</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):145 +msgid "" +"We will now configure the system to check the quotas once a week by adding " +"the following line to <path>/etc/crontab</path>:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):150 +msgid "Adding quota check to crontab" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):150 +#, no-wrap +msgid "" +"\n" +"0 3 * * 0 /usr/sbin/quotacheck -avug.\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):154 +msgid "" +"After rebooting the machine, it is time to setup the quotas for users and " +"groups. <c>edquota -u kn</c> will start the editor defined in $EDITOR " +"(default is nano) and let you edit the quotas of the user kn. <c>edquota -g</" +"c> will do the same thing for groups." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):161 +msgid "Setting up quota's for user kn" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):161 +#, no-wrap +msgid "" +"\n" +"Quotas for user kn:\n" +"/dev/sda4: blocks in use: 2594, limits (soft = 5000, hard = 6500)\n" +" inodes in use: 356, limits (soft = 1000, hard = 1500)\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):167 +msgid "" +"For more detail read <c>man edquota</c> or the <uri link=\"http://www.tldp." +"org/HOWTO/Quota.html\">Quota mini howto</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(title):175 +msgid "/etc/login.defs" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):178 +msgid "" +"If your security policy states that users should change their password every " +"other week, change the value <c>PASS_MAX_DAYS</c> to 14 and " +"<c>PASS_WARN_AGE</c> to 7. It is recommended that you use password aging " +"since brute force methods can find any password, given enough time. We also " +"encourage you to set <c>LOG_OK_LOGINS</c> to yes." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(title):189 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre:caption):206 +msgid "/etc/security/access.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):192 +msgid "" +"The <path>access.conf</path> file is also part of the <c>sys-libs/pam</c> " +"package, which provides a login access control table. This table is used to " +"control who can and cannot login based on user name, group name or host " +"name. By default, all users on the system are allowed to login, so the file " +"consists only of comments and examples. Whether you are securing your server " +"or workstation, we recommend that you setup this file so no one other than " +"yourself (the admin) has access to the console." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(note):202 +msgid "These settings apply for root, as well." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(pre):206 +#, no-wrap +msgid "" +"\n" +"-:ALL EXCEPT wheel sync:console\n" +"-:wheel:ALL EXCEPT LOCAL .gentoo.org\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(impo):211 +msgid "" +"Be careful when configuring these options, since mistakes will leave you " +"with no access to the machine if you do not have root access." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(note):216 +msgid "" +"These settings do not apply to SSH, since SSH does not execute <c>/bin/" +"login</c> per default. This can be enabled by setting <c>UseLogin yes</c> in " +"<path>/etc/ssh/sshd_config</path>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(p):222 +msgid "" +"This will setup login access so members of the wheel group can login locally " +"or from the gentoo.org domain. Maybe too paranoid, but better to be safe " +"than sorry." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-limits.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-logging.xml.po b/shandbook/gettext/el/shb-logging.xml.po new file mode 100644 index 0000000..42933ff --- /dev/null +++ b/shandbook/gettext/el/shb-logging.xml.po @@ -0,0 +1,404 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(version):10 +msgid "1.3" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(date):11 +msgid "2010-04-02" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(title):14 +msgid "Introduction" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):16 +msgid "" +"Extra logging should be added to catch warnings or errors that might " +"indicate an ongoing attack or a successful compromise. Attackers often scan " +"or probe before attacking." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):22 +msgid "" +"It's also vital that your log files are easily readable and manageable. " +"Gentoo Linux lets you choose between 3 different loggers when installing." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(title):30 +msgid "Logging: Syslogd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):33 +msgid "" +"Syslogd is the most common logger for Linux and Unix in general. It has some " +"log rotation facilities, but using <path>/usr/sbin/logrotate</path> in a " +"cron job (logrotate is configured in <path>/etc/logrotate.conf</path>) might " +"prove to be more powerful as <c>logrotate</c> has many features. How often " +"log rotation should be done depends on the system load." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):42 +msgid "" +"Below is the standard <path>syslog.conf</path> with some added features. We " +"have uncommented the <c>cron</c> and <c>tty</c> lines and added a remote " +"logging server. To further enhance security you could add logging to two " +"places." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre:caption):48 +msgid "/etc/syslog.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre):48 +#, no-wrap +msgid "" +"\n" +"# /etc/syslog.conf Configuration file for syslogd.\n" +"#\n" +"# For more information see syslog.conf(5)\n" +"# manpage.\n" +"# This is from Debian, we are using it for now\n" +"# Daniel Robbins, 5/15/99\n" +"\n" +"#\n" +"# First some standard logfiles. Log by facility.\n" +"#\n" +"\n" +"auth,authpriv.* /var/log/auth.log\n" +"*.*;auth,authpriv.none -/var/log/syslog\n" +"cron.* /var/log/cron.log\n" +"daemon.* -/var/log/daemon.log\n" +"kern.* -/var/log/kern.log\n" +"lpr.* -/var/log/lpr.log\n" +"mail.* /var/log/mail.log\n" +"user.* -/var/log/user.log\n" +"uucp.* -/var/log/uucp.log\n" +"local6.debug /var/log/imapd.log\n" +"\n" +"#\n" +"# Logging for the mail system. Split it up so that\n" +"# it is easy to write scripts to parse these files.\n" +"#\n" +"mail.info -/var/log/mail.info\n" +"mail.warn -/var/log/mail.warn\n" +"mail.err /var/log/mail.err\n" +"\n" +"# Logging for INN news system\n" +"#\n" +"news.crit /var/log/news/news.crit\n" +"news.err /var/log/news/news.err\n" +"news.notice -/var/log/news/news.notice\n" +"\n" +"#\n" +"# Some `catch-all' logfiles.\n" +"#\n" +"*.=debug;\\\n" +" auth,authpriv.none;\\\n" +" news.none;mail.none -/var/log/debug\n" +"*.=info;*.=notice;*.=warn;\\\n" +" auth,authpriv.none;\\\n" +" cron,daemon.none;\\\n" +" mail,news.none -/var/log/messages\n" +"\n" +"#\n" +"# Emergencies and alerts are sent to everybody logged in.\n" +"#\n" +"*.emerg *\n" +"*.=alert *\n" +"\n" +"#\n" +"# I like to have messages displayed on the console, but only on a virtual\n" +"# console I usually leave idle.\n" +"#\n" +"daemon,mail.*;\\\n" +" news.=crit;news.=err;news.=notice;\\\n" +" *.=debug;*.=info;\\\n" +" *.=notice;*.=warn /dev/tty8\n" +"\n" +"#Setup a remote logging server\n" +"*.* @logserver\n" +"\n" +"# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,\n" +"# you must invoke `xconsole' with the `-file' option:\n" +"#\n" +"# $ xconsole -file /dev/xconsole [...]\n" +"#\n" +"# NOTE: adjust the list below, or you'll go crazy if you have a reasonably\n" +"# busy site..\n" +"#\n" +"#daemon.*,mail.*;\\\n" +"# news.crit;news.err;news.notice;\\\n" +"# *.=debug;*.=info;\\\n" +"# *.=notice;*.=warn |/dev/xconsole\n" +"\n" +"local2.* --/var/log/ppp.log\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):130 +msgid "" +"Attackers will most likely try to erase their tracks by editing or deleting " +"log files. You can make it harder for them by logging to one or more remote " +"logging servers on other machines. Get more info about syslogd by executing " +"<c>man syslog</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(title):140 +msgid "Metalog" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):143 +msgid "" +"<uri link=\"http://metalog.sourceforge.net\">Metalog</uri> by Frank Dennis " +"is not able to log to a remote server, but it does have advantages when it " +"comes to performance and logging flexibility. It can log by program name, " +"urgency, facility (like syslogd), and comes with regular expression matching " +"with which you can launch external scripts when specific patterns are found. " +"It is very good at taking action when needed." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):152 +msgid "" +"The standard configuration is usually enough. If you want to be notified by " +"email whenever a password failure occurs use one of the following scripts." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):157 +msgid "For postfix:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre:caption):161 +msgid "/usr/local/sbin/mail_pwd_failures.sh for postfix" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre):161 +#, no-wrap +msgid "" +"\n" +"#! /bin/sh\n" +"echo \"$3\" | mail -s \"Warning (program : $2)\" root\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):166 +msgid "For netqmail:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre:caption):170 +msgid "/usr/local/sbin/mail_pwd_failures.sh for netqmail" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre):170 +#, no-wrap +msgid "" +"\n" +"#!/bin/sh\n" +"echo \"To: root\n" +"Subject:Failure (Warning: $2)\n" +"$3\n" +"\" | /var/qmail/bin/qmail-inject -f root\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):178 +msgid "" +"Remember to make the script executable by issuing <c>/bin/chmod +x /usr/" +"local/sbin/mail_pwd_failures.sh</c>" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):183 +msgid "" +"Then uncomment the command line under \"Password failures\" in <path>/etc/" +"metalog/metalog.conf</path> like:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre:caption):188 +msgid "/etc/metalog/metalog.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre):188 +#, no-wrap +msgid "" +"\n" +"command = \"/usr/local/sbin/mail_pwd_failures.sh\"\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(title):195 +msgid "Syslog-ng" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):198 +msgid "" +"Syslog-ng provides some of the same features as syslog and metalog with a " +"small difference. It can filter messages based on level and content (like " +"metalog), provide remote logging like syslog, handle logs from syslogd (even " +"streams from Solaris), write to a TTY, execute programs, and it can act as a " +"logging server. Basically it is the best of both loggers combined with " +"advanced configuration." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):206 +msgid "Below is a classic configuration file slightly modified." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre:caption):210 +msgid "/etc/syslog-ng/syslog-ng.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(pre):210 +#, no-wrap +msgid "" +"\n" +"options {\n" +" chain_hostnames(no);\n" +"\n" +" <comment># The default action of syslog-ng is to log a STATS line\n" +" # to the file every 10 minutes. That's pretty ugly after a while.\n" +" # Change it to every 12 hours so you get a nice daily update of\n" +" # how many messages syslog-ng missed (0).</comment>\n" +" stats_freq(43200);\n" +"};\n" +"\n" +"source src {\n" +" unix-stream(\"/dev/log\" max-connections(256));\n" +" internal();\n" +"};\n" +"\n" +"source kernsrc { file(\"/proc/kmsg\"); };\n" +"\n" +"<comment># define destinations</comment>\n" +"destination authlog { file(\"/var/log/auth.log\"); };\n" +"destination syslog { file(\"/var/log/syslog\"); };\n" +"destination cron { file(\"/var/log/cron.log\"); };\n" +"destination daemon { file(\"/var/log/daemon.log\"); };\n" +"destination kern { file(\"/var/log/kern.log\"); };\n" +"destination lpr { file(\"/var/log/lpr.log\"); };\n" +"destination user { file(\"/var/log/user.log\"); };\n" +"destination mail { file(\"/var/log/mail.log\"); };\n" +"\n" +"destination mailinfo { file(\"/var/log/mail.info\"); };\n" +"destination mailwarn { file(\"/var/log/mail.warn\"); };\n" +"destination mailerr { file(\"/var/log/mail.err\"); };\n" +"\n" +"destination newscrit { file(\"/var/log/news/news.crit\"); };\n" +"destination newserr { file(\"/var/log/news/news.err\"); };\n" +"destination newsnotice { file(\"/var/log/news/news.notice\"); };\n" +"\n" +"destination debug { file(\"/var/log/debug\"); };\n" +"destination messages { file(\"/var/log/messages\"); };\n" +"destination console { usertty(\"root\"); };\n" +"\n" +"<comment># By default messages are logged to tty12...</comment>\n" +"destination console_all { file(\"/dev/tty12\"); };\n" +"\n" +"<comment># ...if you intend to use /dev/console for programs like xconsole\n" +"# you can comment out the destination line above that references /dev/tty12\n" +"# and uncomment the line below.</comment>\n" +"#destination console_all { file(\"/dev/console\"); };\n" +"\n" +"<comment># create filters</comment>\n" +"filter f_authpriv { facility(auth, authpriv); };\n" +"filter f_syslog { not facility(authpriv, mail); };\n" +"filter f_cron { facility(cron); };\n" +"filter f_daemon { facility(daemon); };\n" +"filter f_kern { facility(kern); };\n" +"filter f_lpr { facility(lpr); };\n" +"filter f_mail { facility(mail); };\n" +"filter f_user { facility(user); };\n" +"filter f_debug { not facility(auth, authpriv, news, mail); };\n" +"filter f_messages { level(info..warn)\n" +" and not facility(auth, authpriv, mail, news); };\n" +"filter f_emergency { level(emerg); };\n" +"\n" +"filter f_info { level(info); };\n" +"filter f_notice { level(notice); };\n" +"filter f_warn { level(warn); };\n" +"filter f_crit { level(crit); };\n" +"filter f_err { level(err); };\n" +"filter f_failed { message(\"failed\"); };\n" +"filter f_denied { message(\"denied\"); };\n" +"\n" +"<comment># connect filter and destination</comment>\n" +"log { source(src); filter(f_authpriv); destination(authlog); };\n" +"log { source(src); filter(f_syslog); destination(syslog); };\n" +"log { source(src); filter(f_cron); destination(cron); };\n" +"log { source(src); filter(f_daemon); destination(daemon); };\n" +"log { source(kernsrc); filter(f_kern); destination(kern); };\n" +"log { source(src); filter(f_lpr); destination(lpr); };\n" +"log { source(src); filter(f_mail); destination(mail); };\n" +"log { source(src); filter(f_user); destination(user); };\n" +"log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };\n" +"log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };\n" +"log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };\n" +"\n" +"log { source(src); filter(f_debug); destination(debug); };\n" +"log { source(src); filter(f_messages); destination(messages); };\n" +"log { source(src); filter(f_emergency); destination(console); };\n" +"\n" +"<comment># default log</comment>\n" +"log { source(src); destination(console_all); };\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):301 +msgid "" +"Syslog-ng is very easy to configure, but it is also very easy to miss " +"something in the configuration file since it is huge. The author still " +"promises some extra features like encryption, authentication, compression " +"and MAC (Mandatory Access Control) control. With these options it will be a " +"perfect for network logging, since the attacker cannot spy on the log." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):309 +msgid "" +"And syslog-ng does have one other advantage: it does not have to run as root!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(title):317 +msgid "Log analysis with Logcheck" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):320 +msgid "" +"Of course, keeping logs alone is only half the battle. An application such " +"as Logcheck can make regular log analysis much easier. Logcheck is a script, " +"accompanied by a binary called <c>logtail</c>, that runs from your cron " +"daemon and checks your logs against a set of rules for suspicious activity. " +"It then mails the output to root's mailbox." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):327 +msgid "" +"Logcheck and logtail are part of the <c>app-admin/logsentry</c> package." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(p):330 +msgid "" +"Logcheck uses four files to filter important log entries from the " +"unimportant. These files are <path>logcheck.hacking</path>, which contains " +"known hacking attack messages, <path>logcheck.violations</path>, which " +"contains patterns indicating security violations, <path>logcheck.violations." +"ignore</path>, which contains keywords likely to be matched by the " +"violations file, allowing normal entries to be ignored, and <path>logcheck." +"ignore</path>, which matches those entries to be ignored." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(warn):341 +msgid "" +"Do not leave <path>logcheck.violations.ignore</path> empty. Logcheck uses " +"<c>grep</c> to parse logs, some versions of which will take an empty file to " +"mean wildcard. All violations would thus be ignored." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-logging.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-mounting.xml.po b/shandbook/gettext/el/shb-mounting.xml.po new file mode 100644 index 0000000..13738e3 --- /dev/null +++ b/shandbook/gettext/el/shb-mounting.xml.po @@ -0,0 +1,106 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(version):10 +msgid "1.0" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(date):11 +msgid "2005-05-31" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(title):14 +msgid "Mounting partitions" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(p):17 +msgid "" +"When mounting an <c>ext2</c>, <c>ext3</c>, or <c>reiserfs</c> partition, you " +"have several options you can apply to the file <path>/etc/fstab</path>. The " +"options are:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(li):24 +msgid "" +"<c>nosuid</c> - Will ignore the SUID bit and make it just like an ordinary " +"file" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(li):28 +msgid "<c>noexec</c> - Will prevent execution of files from this partition" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(li):31 +msgid "<c>nodev</c> - Ignores devices" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(p):36 +msgid "" +"Unfortunately, these settings can easily be circumvented by executing a non-" +"direct path. However, setting <path>/tmp</path> to noexec will stop the " +"majority of exploits designed to be executed directly from <path>/tmp</path>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(pre:caption):42 +msgid "/etc/fstab" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(pre):42 +#, no-wrap +msgid "" +"\n" +"/dev/sda1 /boot ext2 noauto,noatime 1 1\n" +"/dev/sda2 none swap sw 0 0\n" +"/dev/sda3 / reiserfs notail,noatime 0 0\n" +"/dev/sda4 /tmp reiserfs notail,noatime,nodev,nosuid,noexec 0 0\n" +"/dev/sda5 /var reiserfs notail,noatime,nodev 0 0\n" +"/dev/sda6 /home reiserfs notail,noatime,nodev,nosuid 0 0\n" +"/dev/sda7 /usr reiserfs notail,noatime,nodev,ro 0 0\n" +"/dev/cdroms/cdrom0 /mnt/cdrom iso9660 noauto,ro 0 0\n" +"proc /proc proc defaults 0 0\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(warn):54 +msgid "" +"Placing <path>/tmp</path> in <c>noexec</c> mode can prevent certain scripts " +"from executing properly." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(note):59 +msgid "" +"For disk quotas see <uri link=\"?part=1&chap=5#quotas\">the Quotas " +"section</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(note):63 +msgid "" +"I do not set <path>/var</path> to <c>noexec</c> or <c>nosuid</c>, even if " +"files normally are never executed from this mount point. The reason for this " +"is that netqmail is installed in <path>/var/qmail</path> and must be allowed " +"to execute and access one SUID file. I setup <path>/usr</path> in read-only " +"mode since I never write anything there unless I want to update Gentoo. Then " +"I remount the file system in read-write mode, update and remount again." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(note):72 +msgid "" +"Even if you do not use netqmail, Gentoo still needs the executable bit set " +"on <path>/var/tmp</path> since ebuilds are made here. But an alternative " +"path can be setup if you insist on having <path>/var</path> mounted in " +"<c>noexec</c> mode." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-mounting.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-pam.xml.po b/shandbook/gettext/el/shb-pam.xml.po new file mode 100644 index 0000000..7eb3728 --- /dev/null +++ b/shandbook/gettext/el/shb-pam.xml.po @@ -0,0 +1,121 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(version):10 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(date):11 +msgid "2006-08-03" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(title):14 +msgid "PAM" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(p):17 +msgid "" +"PAM is a suite of shared libraries that provide an alternative way providing " +"user authentication in programs. The <c>pam</c> USE flag is turned on by " +"default. Thus the PAM settings on Gentoo Linux are pretty reasonable, but " +"there is always room for improvement. First install cracklib." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre:caption):24 +msgid "Installing cracklib" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre):24 +#, no-wrap +msgid "" +"\n" +"# <i>emerge cracklib</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre:caption):28 +msgid "/etc/pam.d/passwd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre):28 +#, no-wrap +msgid "" +"\n" +"auth required pam_unix.so shadow nullok\n" +"account required pam_unix.so\n" +"password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=-2 ocredit=-2\n" +"password required pam_unix.so md5 use_authtok\n" +"session required pam_unix.so\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(p):36 +msgid "" +"This will add the cracklib which will ensure that the user passwords are at " +"least 8 characters and contain a minimum of 2 digits, 2 other characters, " +"and are more than 3 characters different from the last password. This forces " +"the user to choose a good password (password policy). Check the <uri link=" +"\"http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_cracklib." +"html\">PAM</uri> documentation for more options." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre:caption):45 +msgid "/etc/pam.d/sshd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre):45 +#, no-wrap +msgid "" +"\n" +"auth required pam_unix.so nullok\n" +"auth required pam_shells.so\n" +"auth required pam_nologin.so\n" +"auth required pam_env.so\n" +"account required pam_unix.so\n" +"password required pam_cracklib.so difok=3 retry=3 minlen=8 dcredit=-2 ocredit=-2 use_authtok\n" +"password required pam_unix.so shadow md5\n" +"session required pam_unix.so\n" +"session required pam_limits.so\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(p):57 +msgid "" +"Every service not configured with a PAM file in <path>/etc/pam.d</path> will " +"use the rules in <path>/etc/pam.d/other</path>. The defaults are set to " +"<c>deny</c>, as they should be. But I like to have a lot of logs, which is " +"why I added <c>pam_warn.so</c>. The last configuration is <c>pam_limits</c>, " +"which is controlled by <path>/etc/security/limits.conf</path>. See the <uri " +"link=\"?part=1&chap=5#limits_conf\">/etc/security/limits.conf</uri> " +"section for more on these settings." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre:caption):67 +msgid "/etc/pam.d/other" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(pre):67 +#, no-wrap +msgid "" +"\n" +"auth required pam_deny.so\n" +"auth required pam_warn.so\n" +"account required pam_deny.so\n" +"account required pam_warn.so\n" +"password required pam_deny.so\n" +"password required pam_warn.so\n" +"session required pam_deny.so\n" +"session required pam_warn.so\n" +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pam.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-perms.xml.po b/shandbook/gettext/el/shb-perms.xml.po new file mode 100644 index 0000000..a45cc39 --- /dev/null +++ b/shandbook/gettext/el/shb-perms.xml.po @@ -0,0 +1,227 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(version):10 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(date):11 +msgid "2006-09-16" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(title):14 +msgid "World readable" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):17 +msgid "" +"Normal users should not have access to configuration files or passwords. An " +"attacker can steal passwords from databases or web sites and use them to " +"deface--or even worse, delete--data. This is why it is important that your " +"file permissions are correct. If you are sure that a file is only used by " +"root, assign it with the permissions <c>0600</c> and assign the file to the " +"correct user with <c>chown</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(title):29 +msgid "World/Group writable" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre:caption):32 +msgid "Finding world-writable files and directories" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre):32 +#, no-wrap +msgid "" +"\n" +"# <i>find / -type f \\( -perm -2 -o -perm -20 \\) -exec ls -lg {} \\; 2>/dev/null >writable.txt</i>\n" +"# <i>find / -type d \\( -perm -2 -o -perm -20 \\) -exec ls -ldg {} \\; 2>/dev/null >>writable.txt</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):37 +msgid "" +"This will create a huge file with permission of all files having either " +"write permission set to the group or everybody. Check the permissions and " +"eliminate world writable files to everyone, by executing <c>/bin/chmod o-w</" +"c> on the files." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(title):47 +msgid "SUID/SGID files" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):50 +msgid "" +"Files with the SUID or SGID bit set execute with privileges of the " +"<e>owning</e> user or group and not the user executing the file. Normally " +"these bits are used on files that must run as root in order to do what they " +"do. These files can lead to local root compromises (if they contain security " +"holes). This is dangerous and files with the SUID or SGID bits set should be " +"avoided at any cost. If you do not use these files, use <c>chmod 0</c> on " +"them or unmerge the package that they came from (check which package they " +"belong to by using <c>equery</c>; if you do not already have it installed " +"simply type <c>emerge gentoolkit</c>). Otherwise just turn the SUID bit off " +"with <c>chmod -s</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre:caption):62 +msgid "Finding setuid files" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre):62 +#, no-wrap +msgid "" +"\n" +"# <i>find / -type f \\( -perm -004000 -o -perm -002000 \\) -exec ls -lg {} \\; 2>/dev/null >suidfiles.txt</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):66 +msgid "This will create a file containing a list of all the SUID/SGID files." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre:caption):70 +msgid "List of setuid binaries" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre):70 +#, no-wrap +msgid "" +"\n" +"/bin/su\n" +"/bin/ping\n" +"/bin/mount\n" +"/bin/umount\n" +"/var/qmail/bin/qmail-queue\n" +"/usr/bin/chfn\n" +"/usr/bin/chsh\n" +"/usr/bin/crontab\n" +"/usr/bin/chage\n" +"/usr/bin/expiry\n" +"/usr/bin/sperl5.6.1\n" +"/usr/bin/newgrp\n" +"/usr/bin/passwd\n" +"/usr/bin/gpasswd\n" +"/usr/bin/procmail\n" +"/usr/bin/suidperl\n" +"/usr/lib/misc/pt_chown\n" +"/usr/sbin/unix_chkpwd\n" +"/usr/sbin/traceroute\n" +"/usr/sbin/pwdb_chkpwd\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):93 +msgid "" +"By default Gentoo Linux does not have a lot of SUID files (though this " +"depends on what you installed), but you might get a list like the one above. " +"Most of the commands should not be used by normal users, only root. Switch " +"off the SUID bit on <c>ping</c>, <c>mount</c>, <c>umount</c>, <c>chfn</c>, " +"<c>chsh</c>, <c>newgrp</c>, <c>suidperl</c>, <c>pt_chown</c> and " +"<c>traceroute</c> by executing <c>chmod -s</c> on every file. Don't remove " +"the bit on <c>su</c>, <c>qmail-queue</c> or <c>unix_chkpwd</c>. Removing " +"setuid from those files will prevent you from <c>su</c>'ing and receiving " +"mail. By removing the bit (where it is safe to do so) you remove the " +"possibility of a normal user (or an attacker) gaining root access through " +"any of these files." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):106 +msgid "" +"The only SUID files that I have on my system are <c>su</c>, <c>passwd</c>, " +"<c>gpasswd</c>, <c>qmail-queue</c>, <c>unix_chkpwd</c> and <c>pwdb_chkpwd</" +"c>. But if you are running X, you might have some more, since X needs the " +"elevated access afforded by SUID." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(title):116 +msgid "SUID/SGID binaries and Hard links" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):119 +msgid "" +"A file is only considered deleted when there are no more links pointing to " +"it. This might sound like a strange concept, but consider that a filename " +"like <path>/usr/bin/perl</path> is actually a link to the inode where the " +"data is stored. Any number of links can point to the file, and until all of " +"them are gone, the file still exists." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):127 +msgid "" +"If your users have access to a partition that isn't mounted with <c>nosuid</" +"c> or <c>noexec</c> (for example, if <path>/tmp</path>, <path>/home</path>, " +"or <path>/var/tmp</path> are not separate partitions) you should take care " +"to ensure your users don't create hard links to SUID or SGID binaries, so " +"that after Portage updates they still have access to the old versions." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(warn):135 +msgid "" +"if you have received a warning from portage about remaining hard links, and " +"your users can write to a partition that allows executing SUID/SGID files, " +"you should read this section carefully. One of your users may be attempting " +"to circumvent your update by keeping an outdated version of a program. If " +"your users cannot create their own SUID files, or can only execute programs " +"using the dynamic loader (partitions mounted <c>noexec</c>), you do not have " +"to worry." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(note):145 +msgid "" +"Users do not need read access to a file to create a link to it, they only " +"need read permission to the directory that contains it." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):150 +msgid "" +"To check how many links a file has, you can use the <c>stat</c> command." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre:caption):154 +msgid "Stat command" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre):154 +#, no-wrap +msgid "" +"\n" +"$ stat /bin/su\n" +" File: `/bin/su'\n" +" Size: 29350 Blocks: 64 IO Block: 131072 regular file\n" +"Device: 900h/2304d Inode: 2057419 Links: 1\n" +"Access: (4711/-rws--x--x) Uid: ( 0/ root) Gid: ( 0/ root)\n" +"Access: 2005-02-07 01:59:35.000000000 +0000\n" +"Modify: 2004-11-04 01:46:17.000000000 +0000\n" +"Change: 2004-11-04 01:46:17.000000000 +0000\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(p):165 +msgid "" +"To find the SUID and SGID files with multiple links, you can use <c>find</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre:caption):169 +msgid "Finding multiply linked suid/sgid binaries" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(pre):169 +#, no-wrap +msgid "" +"\n" +"$ find / -type f \\( -perm -004000 -o -perm -002000 \\) -links +1 -ls\n" +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-perms.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-pre.xml.po b/shandbook/gettext/el/shb-pre.xml.po new file mode 100644 index 0000000..e9461b1 --- /dev/null +++ b/shandbook/gettext/el/shb-pre.xml.po @@ -0,0 +1,317 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(version):10 +msgid "1.0" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(date):11 +msgid "2005-05-31" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):14 +msgid "Physical Security" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):17 +msgid "" +"No matter how many safeguards you implement, they can all be easily " +"circumvented by an attacker with physical access to your computer. Despite " +"this, there are at least some measures that can be taken to provide a degree " +"of security against an attacker with physical access to your machine. " +"Putting your hardware in a locked closet prevents an attacker from simply " +"unplugging it and carting it off. Locking your computer's case is also a " +"good idea, to make sure that an attacker cannot simply walk away with your " +"hard drive. To prevent an attacker from booting from another disk, nicely " +"circumventing your permissions and login restrictions, try setting the hard " +"drive as the first boot device in your BIOS, and setting a BIOS password. It " +"is also important to set a LILO or GRUB boot password, to prevent a " +"malicious user from booting into single-user mode and gaining complete " +"access to your system. This is covered in more detail in Chapter 3, under " +"<uri link=\"?part=1&chap=2#passwording_GRUB\">Setting a GRUB password</" +"uri> and <uri link=\"?part=1&chap=2#passwording_LILO\">Setting a LILO " +"password</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):38 +msgid "Daemon/Service Planning" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):40 +msgid "" +"Start by documenting what services this machine should run. This will help " +"you compose a better partition scheme for your system, and allow you to " +"better plan your security measures. Of course, this is unnecessary if the " +"machine serves a single simple purpose, such as a desktop, or a dedicated " +"firewall. In those cases, you should not be running <e>any</e> services, " +"except perhaps sshd." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):47 +msgid "" +"This list can also be used to aid system administration. By keeping a " +"current list of version information, you will find it much easier to keep " +"everything up to date if a remote vulnerability is discovered in one of your " +"daemons." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):56 +msgid "Partitioning Schemes" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):59 +msgid "Partitioning rules:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):64 +msgid "" +"Any directory tree a user should be able to write to (e.g. <path>/home</" +"path>, <path>/tmp</path>) should be on a separate partition and use disk " +"quotas. This reduces the risk of a user filling up your whole filesystem. " +"Portage uses <path>/var/tmp</path> to compile files, so that partition " +"should be large." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):70 +msgid "" +"Any directory tree where you plan to install non-distribution software on " +"should be on a separate partition. According to the <uri link=\"http://www." +"pathname.com/fhs/\"> File Hierarchy Standard</uri>, this is <path>/opt</" +"path> or <path>/usr/local</path>. If these are separate partitions, they " +"will not be erased if you have to reinstall the system." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):77 +msgid "" +"For extra security, static data can be put on a separate partition that is " +"mounted read-only. For the truly paranoid, try using read-only media like CD-" +"ROM." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):87 +msgid "The root user" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):90 +msgid "" +"The user 'root' is the most vital user on the system and should not be used " +"for anything except when absolutely necessary. If an attacker gains root " +"access, the only way to ever trust your system again is to reinstall." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):96 +msgid "Golden rules about 'root'" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):101 +msgid "" +"Always create a user for everyday use and if this user needs to have root " +"access, add the user to the group 'wheel'. This makes it possible for a " +"normal user to <c>su</c> to root." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):106 +msgid "" +"Never run X or any other user application as root. root should only be used " +"when absolutely necessary; if a vulnerability exists in an application " +"running as a user, an attacker can gain user level access. But if that " +"application is running as root, the attacker gains root access." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):112 +msgid "" +"Always use absolute paths when logged in as root (or always use <c>su -</c>, " +"which replaces the environmental variables of the user with those of root, " +"while being sure root's <c>PATH</c> only includes protected directories like " +"<path>/bin</path> and <path>/sbin</path>). It's possible to trick root into " +"running a different application rather than the one meant to be run. If " +"root's <c>PATH</c> is protected or root only uses absolute paths, we can be " +"sure this won't happen." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):121 +msgid "" +"If a user only needs to run a few commands as root, instead of everything " +"that root normally can do, consider using <c>sudo</c> instead. Just be " +"careful who you give this access to, as well!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):126 +msgid "Never leave the terminal when you are logged in as root." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):131 +msgid "" +"Gentoo has some default protection against normal users trying to <c>su</c> " +"to root. The default PAM setting requires that a user be a member of the " +"group \"wheel\" in order to be able to <c>su</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(title):140 +msgid "Security policies" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):143 +msgid "" +"There are several reasons to draft a security policy for your system(s) and " +"network." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):149 +msgid "" +"A good security policy allows you to outline security as a \"system\", " +"rather than simply a jumble of different features. For example, without a " +"policy an administrator might decide to turn off telnet, because it " +"transmits unencrypted passwords, but leave on FTP access, which has the same " +"weakness. A good security policy allows you to identify which security " +"measures are worthwhile, and which are not." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):157 +msgid "" +"In order to diagnose problems, conduct audits, or track down intruders, it " +"may be necessary to intercept network traffic, inspect the login and command " +"history of users, and look in home directories. Without outlining this in " +"print, and making users aware of this, such actions may actually be illegal " +"and put <e>you</e> in legal jeopardy." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):164 +msgid "" +"Hijacked user accounts pose one of the most common threats to system " +"security. Without explaining to users why security is important, and how to " +"practice good security (such as not writing passwords on a Post-It note on " +"their desks), it is unlikely you will have any hope of secure user accounts." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):170 +msgid "" +"A well-documented network and system layout will aid you, as well as law " +"enforcement forensics examiners, if need be, in tracing an intrusion and " +"identifying weaknesses after the fact. A security policy \"issue\" banner, " +"stating that your system is a private network and all unauthorized access is " +"prohibited, will also help ensure your ability to properly prosecute an " +"intruder, once he is caught." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):180 +msgid "The need for a good security policy is hopefully now more than clear." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):184 +msgid "" +"The policy itself is a document, or several documents, that outlines the " +"network and system features (such as what services are provided), acceptable " +"use and forbidden use, security \"best practices\", and so forth. All users " +"should be made aware of your security policy, as well as changes you make to " +"keep it up to date. It is important that you take the time to help users " +"understand your policy and why that policy needs to be signed or what will " +"happens if they act directly against the policy (the policy should also " +"state this). This should be repeated at least once a year, since the policy " +"can change (but also as a reminder to the user of the policy itself)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(note):196 +msgid "" +"Create policies that are easy to read and be very precise on every subject." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):200 +msgid "A security policy should at least contain the following subjects:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):207 +msgid "Screen savers" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):208 +msgid "Password handling" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):209 +msgid "Software download and installation" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):210 +msgid "Information stating if the users are being monitored" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):211 +msgid "Use of anti-virus software" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):205 +msgid "Acceptable use <placeholder-1/>" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):216 +msgid "Clean desk and locked up classified information" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):217 +msgid "PC shutdown before leaving" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):218 +msgid "Use of encryption" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):219 +msgid "Handling of keys to trusted co-workers" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):220 +msgid "Handling of confidential material when traveling" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):214 +msgid "" +"Handling of sensitive information (any written form, paper or digital) " +"<placeholder-1/>" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):225 +msgid "Laptop handling during travels and hotel stays" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(li):223 +msgid "Handling of computer equipment when traveling <placeholder-1/>" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):230 +msgid "" +"Different users may require different levels or types of access, and as such " +"your policy may vary to accommodate them all." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):235 +msgid "" +"The security policy can become huge, and vital information can easily be " +"forgotten. The IT-staff's policy could contain information that is " +"confidential for the ordinary user, so it is wise to split it up into " +"smaller policies; e.g. Acceptable Use Policy, Password policy, Email policy " +"and Remote Access policy." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(p):243 +msgid "" +"You can find example policies at <uri link=\"http://www.sans.org/resources/" +"policies/\">The SANS Security Policy Project</uri>. If you have a small " +"network and think these policies are too much you should look at the <uri " +"link=\"ftp://ftp.isi.edu/in-notes/rfc2196.txt\">Site Security Handbook</uri>." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-pre.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-services.xml.po b/shandbook/gettext/el/shb-services.xml.po new file mode 100644 index 0000000..8409ea7 --- /dev/null +++ b/shandbook/gettext/el/shb-services.xml.po @@ -0,0 +1,784 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(version):10 +msgid "1.5" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(date):11 +msgid "2008-06-13" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):14 +msgid "Apache" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):17 +msgid "" +"Apache comes with a pretty decent configuration file but again, we need to " +"improve some things, like binding Apache to one address and preventing it " +"from leaking information. Below are the options that you should apply the " +"configuration file." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):24 +msgid "" +"If you did not disable <c>ssl</c> in your <path>/etc/make.conf</path> before " +"installing Apache, you should have access to an ssl enabled server. Inside " +"<path>/etc/apache2/vhosts.d</path> example configuration files can be found. " +"These are working examples and it is best to verify those or disable them." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):31 +msgid "" +"It is important to define your configuration(s) to listen to a particular IP " +"address (rather than all available IP addresses on your system). For " +"instance, for the <path>00_default_vhost.conf</path> file:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):37 +msgid "/etc/apache2/vhosts.d/00_default_vhost.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):37 +#, no-wrap +msgid "" +"\n" +"<comment># Make it listen on your ip</comment>\n" +"Listen 127.0.0.1\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):42 +msgid "" +"We also recommend you to disable showing any information about your Apache " +"installation to the world. By default, the configuration will add server " +"version and virtual host name to server-generated pages. To disable this, " +"change the <c>ServerSignature</c> variable to <c>Off</c>:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):49 +msgid "/etc/apache2/modules.d/00_default_settings.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):49 +#, no-wrap +msgid "" +"\n" +"ServerSignature Off\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):53 +msgid "" +"Apache is compiled with <c>--enable-shared=max</c> and <c>--enable-" +"module=all</c>. This will by default enable all modules, so you should " +"comment out all modules in the <c>LoadModule</c> section (<c>LoadModule</c> " +"and <c>AddModule</c>) that you do not use in the main <path>/etc/apache2/" +"httpd.conf</path> configuration file. Restart the service by executing <c>/" +"etc/init.d/apache2 restart</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):62 +msgid "Documentation is available at <uri>http://www.apache.org</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):70 +msgid "Bind" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):73 +msgid "" +"One can find documentation at the <uri link=\"http://www.isc.org/products/" +"BIND/bind9.html\">Internet Software Consortium</uri>. The BIND 9 " +"Administrator Reference Manual is also in the <path>doc/arm</path>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):80 +msgid "" +"The newer BIND ebuilds support chrooting out of the box. After emerging " +"<c>bind</c> follow these simple instructions:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):85 +msgid "Chrooting BIND" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):85 +#, no-wrap +msgid "" +"\n" +"# <i>emerge --config bind</i>\n" +"<comment>(Before running the above command you might want to change the chroot\n" +"directory in /etc/conf.d/named. Otherwise /chroot/dns will be used.)</comment>\n" +"\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):94 +msgid "Djbdns" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):97 +msgid "" +"Djbdns is a DNS implementation on the security of which its author is " +"willing to bet <uri link=\"http://cr.yp.to/djbdns/guarantee.html\">money</" +"uri>. It is very different from how Bind 9 works but worth a try. More " +"information can be obtained from <uri>http://www.djbdns.org</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):108 +msgid "FTP" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):111 +msgid "" +"Generally, using FTP (File Transfer Protocol) is a bad idea. It uses " +"unencrypted data (ie. passwords are sent in clear text), listens on 2 ports " +"(normally port 20 and 21), and attackers are frequently looking for " +"anonymous logins for trading warez. Since the FTP protocol contains several " +"security problems you should instead use <c>sftp</c> or HTTP. If this is not " +"possible, secure your services as well as you can and prepare yourself." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):123 +msgid "Mysql" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):126 +msgid "" +"If you only need local applications to access the <c>mysql</c> database, " +"uncomment the following line in <path>/etc/mysql/my.cnf</path>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):131 +msgid "Disable network access" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):131 +#, no-wrap +msgid "" +"\n" +"skip-networking\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):135 +msgid "" +"Then we disable the use of the LOAD DATA LOCAL INFILE command. This is to " +"prevent against unauthorized reading from local files. This is relevant when " +"new SQL Injection vulnerabilities in PHP applications are found." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):141 +msgid "Disable LOAD DATA LOCAL INFILE in the [mysqld] section" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):141 +#, no-wrap +msgid "" +"\n" +"set-variable=local-infile=0\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):145 +msgid "" +"Next, we must remove the sample database (test) and all accounts except the " +"local <c>root</c> account." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):150 +msgid "Removing sample database and all unnecessary users" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):150 +#, no-wrap +msgid "" +"\n" +"mysql> <i>drop database test;</i>\n" +"mysql> <i>use mysql;</i>\n" +"mysql> <i>delete from db;</i>\n" +"mysql> <i>delete from user where not (host=\"localhost\" and user=\"root\");</i>\n" +"mysql> <i>flush privileges;</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(warn):158 +msgid "Be careful with the above if you have already configured user accounts." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(note):162 +msgid "" +"If you have been changing passwords from the MySQL prompt, you should always " +"clean out <path>~/.mysql_history</path> and <path>/var/log/mysql/mysql.log</" +"path> as they store the executed SQL commands with passwords in clear text." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):172 +msgid "Proftpd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):175 +msgid "" +"Proftpd has had several security problems, but most of them seem to have " +"been fixed. Nonetheless, it is a good idea to apply some enhancements:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):180 +msgid "/etc/proftpd/proftpd.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):180 +#, no-wrap +msgid "" +"\n" +"ServerName \"My ftp daemon\"\n" +"#Don't show the ident of the server\n" +"ServerIdent on \"Go away\"\n" +"\n" +"#Makes it easier to create virtual users\n" +"RequireValidShell off\n" +"\n" +"#Use alternative password and group file (passwd uses crypt format)\n" +"AuthUserFile \"/etc/proftpd/passwd\"\n" +"AuthGroupFile \"/etc/proftpd/group\"\n" +"\n" +"# Permissions\n" +"Umask 077\n" +"\n" +"# Timeouts and limitations\n" +"MaxInstances 30\n" +"MaxClients 10 \"Only 10 connections allowed\"\n" +"MaxClientsPerHost 1 \"You have already logged on once\"\n" +"MaxClientsPerUser 1 \"You have already logged on once\"\n" +"TimeoutStalled 10\n" +"TimeoutNoTransfer 20\n" +"TimeoutLogin 20\n" +"\n" +"#Chroot everyone\n" +"DefaultRoot ~\n" +"\n" +"#don't run as root\n" +"User nobody\n" +"Group nogroup\n" +"\n" +"#Log every transfer\n" +"TransferLog /var/log/transferlog\n" +"\n" +"#Problems with globbing\n" +"DenyFilter \\*.*/\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):218 +msgid "One can find documentation at <uri>http://www.proftpd.org</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):225 +msgid "Pure-ftpd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):228 +msgid "" +"Pure-ftpd is an branch of the original trollftpd, modified for security " +"reasons and functionality by Frank Dennis." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):233 +msgid "" +"Use virtual users (never system accounts) by enabling the <c>AUTH</c> " +"option. Set this to <c>-lpuredb:/etc/pureftpd.pdb</c> and create your users " +"by using <c>/usr/bin/pure-pw</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):239 +msgid "/etc/conf.d/pure-ftpd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):239 +#, no-wrap +msgid "" +"\n" +"AUTH=\"-lpuredb:/etc/pureftpd.pdb\"\n" +"\n" +"## Misc. Others ##\n" +"MISC_OTHER=\"-A -E -X -U 177:077 -d -4 -L100:5 -I 15\"\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):246 +msgid "" +"Configure your <c>MISC_OTHER</c> setting to deny anonymous logins (<c>-E</" +"c>), chroot everyone (<c>-A</c>), prevent users from reading or writing to " +"files beginning with a . (dot) (<c>-X</c>), max idle time (<c>-I</c>), limit " +"recursion (<c>-L</c>), and a reasonable <c>umask</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(warn):253 +msgid "" +"Do <e>not</e> use the <c>-w</c> or <c>-W</c> options! If you want to have a " +"warez site, stop reading this guide!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):258 +msgid "One can find documentation at <uri>http://www.pureftpd.org</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):265 +msgid "Vsftpd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):268 +msgid "" +"Vsftpd (short for very secure ftp) is a small ftp daemon running a " +"reasonably default configuration. It is simple and does not have as many " +"features as pureftp and proftp." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):274 +msgid "/etc/vsftpd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):274 +#, no-wrap +msgid "" +"\n" +"anonymous_enable=NO\n" +"local_enable=YES\n" +"\n" +"#read only\n" +"write_enable=NO\n" +"\n" +"#enable logging of transfers\n" +"xferlog_std_format=YES\n" +"\n" +"idle_session_timeout=20\n" +"data_connection_timeout=20\n" +"nopriv_user=nobody\n" +"\n" +"chroot_list_enable=YES\n" +"chroot_list_file=/etc/vsftpd/chrootlist\n" +"\n" +"ls_recurse_enable=NO\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):294 +msgid "" +"As you can see, there is no way for this service to have individual " +"permissions, but when it comes to anonymous settings it is quite good. " +"Sometimes it can be nice to have an anonymous ftp server (for sharing open " +"source), and vsftpd does a really good job at this." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):304 +msgid "Netqmail" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):307 +msgid "" +"Netqmail is often considered to be a very secure mail server. It is written " +"with security (and paranoia) in mind. It does not allow relaying by default " +"and has not had a security hole since 1996. Simply <c>emerge netqmail</c> " +"and go configure!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):316 +msgid "Samba" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):319 +msgid "" +"Samba is a protocol to share files with Microsoft/Novell networks and it " +"should <e>not</e> be used over the Internet. Nonetheless, it still needs " +"securing." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):325 +msgid "/etc/samba/smb.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):325 +#, no-wrap +msgid "" +"\n" +"[global]\n" +" #Bind to an interface\n" +" interfaces = eth0 10.0.0.1/32\n" +"\n" +" #Make sure to use encrypted password\n" +" encrypt passwords = yes\n" +" directory security mask = 0700\n" +"\n" +" #allow traffic from 10.0.0.*\n" +" hosts allow = 10.0.0.\n" +"\n" +" #Enables user authentication\n" +" #(don't use the share mode)\n" +" security = user\n" +"\n" +" #Disallow privileged accounts\n" +" invalid users = root @wheel\n" +"\n" +" #Maximum size smb shows for a share (not a limit)\n" +" max disk size = 102400\n" +"\n" +" #Uphold the password policy\n" +" min password length = 8\n" +" null passwords = no\n" +"\n" +" #Use PAM (if added support)\n" +" obey pam restrictions = yes\n" +" pam password change = yes\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):356 +msgid "" +"Make sure that permissions are set correct on every share and remember to " +"read the <uri link=\"http://www.samba.org\">documentation</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):361 +msgid "" +"Now restart the server and add the users who should have access to this " +"service. This is done though the command <path>/usr/bin/smbpasswd</path> " +"with the parameter <c>-a</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):370 +msgid "ssh" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):373 +msgid "" +"The only securing that OpenSSH needs is turning on a stronger authentication " +"based on public key encryption. Too many sites (like <uri>http://www." +"sourceforge.net</uri>, <uri>http://www.php.net</uri> and <uri>http://www." +"apache.org</uri>) have suffered unauthorized intrusion due to password leaks " +"or bad passwords." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):381 +msgid "/etc/ssh/sshd_config" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):381 +#, no-wrap +msgid "" +"\n" +"#Only enable version 2\n" +"Protocol 2\n" +"\n" +"#Disable root login. Users have to su to root\n" +"PermitRootLogin no\n" +"\n" +"#Turn on Public key authentication\n" +"PubkeyAuthentication yes\n" +"AuthorizedKeysFile .ssh/authorized_keys\n" +"\n" +"#Disable .rhost and normal password authentication\n" +"HostbasedAuthentication no\n" +"PasswordAuthentication no\n" +"PermitEmptyPasswords no\n" +"\n" +"#Only allow userin the wheel or admin group to login\n" +"AllowGroups wheel admin\n" +"\n" +"#In those groups only allow the following users\n" +"#The @<domainname> is optional but replaces the\n" +"#older AllowHosts directive\n" +"AllowUsers kn@gentoo.org bs@gentoo.org\n" +"\n" +"#Logging\n" +"SyslogFacility AUTH\n" +"LogLevel INFO\n" +"\n" +"<comment>(Change this to your address)</comment>\n" +"ListenAddress 127.0.0.1\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):413 +msgid "" +"Also verify that you don't have <c>UsePAM yes</c> in your configuration file " +"as it overrides the public key authentication mechanism, or you can disable " +"either <c>PasswordAuthentication</c> or <c>ChallengeResponseAuthentication</" +"c>. More information about these options can be found in the " +"<path>sshd_config</path> manual page." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):421 +msgid "" +"Now all that your users have to do is create a key (on the machine they want " +"to login from) with the following command:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):426 +msgid "Create a DSA keypair" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):426 +#, no-wrap +msgid "" +"\n" +"# <i>/usr/bin/ssh-keygen -t dsa</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):430 +msgid "And type in a pass phrase." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):434 +msgid "Output of ssh-keygen" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):434 +#, no-wrap +msgid "" +"\n" +"Generating public/private dsa key pair.\n" +"Enter file in which to save the key (/home/kn/.ssh/id_dsa):<i>[Press enter]</i>\n" +"Created directory '/home/kn/.ssh'.\n" +"Enter passphrase (empty for no passphrase): <i>[Enter passphrase]</i>\n" +"Enter same passphrase again: <i>[Enter passphrase again]</i>\n" +"Your identification has been saved in /home/kn/.ssh/id_dsa.\n" +"Your public key has been saved in /home/kn/.ssh/id_dsa.pub.\n" +"The key fingerprint is:\n" +"07:24:a9:12:7f:83:7e:af:b8:1f:89:a3:48:29:e2:a4 kn@knielsen\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):446 +msgid "" +"This will add two files in your <path>~/.ssh/</path> directory called " +"<path>id_dsa</path> and <path>id_dsa.pub</path>. The file called " +"<path>id_dsa</path> is your private key and should be kept from other people " +"than yourself. The other file <path>id_dsa.pub</path> is to be distributed " +"to every server that you have access to. Add the key to the users home " +"directory in <path>~/.ssh/authorized_keys</path> and the user should be able " +"to login:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):455 +msgid "Adding the id_dsa.pub file to the authorized_keys file" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):455 +#, no-wrap +msgid "" +"\n" +"$ <i>scp id_dsa.pub other-host:/var/tmp/currenthostname.pub</i>\n" +"$ <i>ssh other-host</i>\n" +"password:\n" +"$ <i>cat /var/tmp/currenthostname.pub >> ~/.ssh/authorized_keys</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):462 +msgid "" +"Now your users should guard this private key well. Put it on a media that " +"they always carry with them or keep it on their workstation (put this in the " +"<uri link=\"?part=1&chap=1#security_policies\">password</uri> policy)." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):468 +msgid "" +"For more information go to the <uri link=\"http://www.openssh.org\">OpenSSH</" +"uri> web site." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):476 +msgid "Using xinetd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):479 +msgid "" +"xinetd is a replacement for <c>inetd</c> (which Gentoo does not have), the " +"Internet services daemon. It supports access control based on the address of " +"the remote host and the time of access. It also provide extensive logging " +"capabilities, including server start time, remote host address, remote user " +"name, server run time, and actions requested." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):487 +msgid "" +"As with all other services it is important to have a good default " +"configuration. But since <c>xinetd</c> is run as root and supports protocols " +"that you might not know how they work, we recommend not to use it. But if " +"you want to use it anyway, here is how you can add some security to it:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):494 +msgid "Install xinetd" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):494 +#, no-wrap +msgid "" +"\n" +"# <i>emerge xinetd tcp-wrappers</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):498 +msgid "And edit the configuration file:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):502 +msgid "/etc/xinetd.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):502 +#, no-wrap +msgid "" +"\n" +"defaults\n" +"{\n" +" only_from = localhost\n" +" instances = 10\n" +" log_type = SYSLOG authpriv info\n" +" log_on_success = HOST PID\n" +" log_on_failure = HOST\n" +" cps = 25 30\n" +"}\n" +"\n" +"# This will setup pserver (cvs) via xinetd with the following settings:\n" +"# max 10 instances (10 connections at a time)\n" +"# limit the pserver to tcp only\n" +"# use the user cvs to run this service\n" +"# bind the interfaces to only 1 ip\n" +"# allow access from 10.0.0.*\n" +"# limit the time developers can use cvs from 8am to 5pm\n" +"# use tpcd wrappers (access control controlled in\n" +"# <i>/etc/hosts.allow</i> and <i>/etc/hosts.deny</i>)\n" +"# max_load on the machine set to 1.0\n" +"# The disable flag is per default set to no but I like having\n" +"# it in case of it should be disabled\n" +"service cvspserver\n" +"{\n" +" socket_type = stream\n" +" protocol = tcp\n" +" instances = 10\n" +" protocol = tcp\n" +" wait = no\n" +" user = cvs\n" +" bind = 10.0.0.2\n" +" only_from = 10.0.0.0\n" +" access_times = 8:00-17:00\n" +" server = /usr/sbin/tcpd\n" +" server_args = /usr/bin/cvs --allow-root=/mnt/cvsdisk/cvsroot pserver\n" +" max_load = 1.0\n" +" log_on_failure += RECORD\n" +" disable = no\n" +"}\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):544 +msgid "For more information read <c>man 5 xinetd.conf</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(title):552 +msgid "X" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):555 +msgid "" +"By default Xorg is configured to act as an Xserver. This can be dangerous " +"since X uses unencrypted TCP connections and listens for xclients." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(impo):560 +msgid "If you do not need this service disable it!" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):564 +msgid "" +"But if you depend on using your workstation as a Xserver use the <c>/usr/" +"X11R6/bin/xhost</c> command with caution. This command allows clients from " +"other hosts to connect and use your display. This can become handy if you " +"need an X application from a different machine and the only way is through " +"the network, but it can also be exploited by an attacker. The syntax of this " +"command is <c>/usr/X11R6/bin/xhost +hostname</c>" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(warn):573 +msgid "" +"Do not ever use the <c>xhost +</c> feature! This will allow any client to " +"connect and take control of your X. If an attacker can get access to your X, " +"he can log your keystrokes and take control over your desktop. If you have " +"to use it always remember to specify a host." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):580 +msgid "" +"A more secure solution is to disable this feature completely by starting X " +"with <c>startx -- -nolisten tcp</c> or disable it permanently in the " +"configuration." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):585 +msgid "/usr/X11R6/bin/startx" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):585 +#, no-wrap +msgid "" +"\n" +"defaultserverargs=\"-nolisten tcp\"\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):589 +msgid "" +"To make sure that <path>startx</path> does not get overwritten when emerging " +"a new version of Xorg you must protect it. Add the following line to <path>/" +"etc/make.conf</path>:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):595 +msgid "/etc/make.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):595 +#, no-wrap +msgid "" +"\n" +"CONFIG_PROTECT_MASK=\"/usr/X11R6/bin/startx\"\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):599 +msgid "If you use a graphical login manager you need a different approach." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):603 +msgid "For <c>gdm</c> (Gnome Display Manager)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):607 +msgid "/etc/X11/gdm/gdm.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):607 +#, no-wrap +msgid "" +"\n" +"[server-Standard]\n" +"command=/usr/X11R6/bin/X -nolisten tcp\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(p):612 +msgid "For <c>xdm</c> (X Display Manager) and <c>kdm</c> (Kde Display Manager)" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre:caption):616 +msgid "/etc/X11/xdm/Xservers" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(pre):616 +#, no-wrap +msgid "" +"\n" +":0 local /usr/bin/X11/X -nolisten tcp\n" +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-services.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-tcp.xml.po b/shandbook/gettext/el/shb-tcp.xml.po new file mode 100644 index 0000000..6c716c2 --- /dev/null +++ b/shandbook/gettext/el/shb-tcp.xml.po @@ -0,0 +1,84 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(version):10 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(date):11 +msgid "2010-04-26" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(title):14 +msgid "TCP Wrappers" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(p):17 +msgid "" +"This is a way of controlling access to services normally run by inetd (which " +"Gentoo does not have), but it can also be used by xinetd and other services." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(note):22 +msgid "" +"The service should be executing tcpd in its server argument (in xinetd). See " +"the chapter on xinetd for more information." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(pre:caption):27 +msgid "/etc/hosts.deny" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(pre):27 +#, no-wrap +msgid "" +"\n" +"ALL:PARANOID\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(pre:caption):31 +msgid "/etc/hosts.allow" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(pre):31 +#, no-wrap +msgid "" +"\n" +"ALL: LOCAL @wheel\n" +"time: LOCAL, .gentoo.org\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(p):36 +msgid "" +"As you can see the format is very similar to the one in <path>/etc/security/" +"access.conf</path>. Tcpd supports a specific service; it does not overlap " +"with <path>/etc/security/access.conf</path>. These settings only apply to " +"services using tcp wrappers." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(p):43 +msgid "" +"It is also possible to execute commands when a service is accessed (this can " +"be used when activating relaying for dial-in users) but it is not " +"recommended, since people tend to create more problems than they are trying " +"to solve. An example could be that you configure a script to send an e-mail " +"every time someone hits the deny rule, but then an attacker could launch a " +"DoS attack by keep hitting the deny rule. This will create a lot of I/O and " +"e-mails so don't do it!. Read the <c>man 5 hosts_access</c> for more " +"information." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tcp.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-tight.xml.po b/shandbook/gettext/el/shb-tight.xml.po new file mode 100644 index 0000000..d624911 --- /dev/null +++ b/shandbook/gettext/el/shb-tight.xml.po @@ -0,0 +1,216 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(version):10 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(date):11 +msgid "2006-03-04" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(title):14 +msgid "USE flags" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):17 +msgid "" +"The <path>make.conf</path> file contains user defined USE flags and <path>/" +"etc/make.profile/make.defaults</path> contains the default USE flags for " +"Gentoo Linux. For this guide's purposes, the important flags are <c>pam</c> " +"(Pluggable Authentication Modules), <c>tcpd</c> (TCP wrappers), and <c>ssl</" +"c> (Secure Socket Layer). These are all in the default USE flags." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(title):28 +msgid "Password protecting GRUB" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):31 +msgid "" +"GRUB supports two different ways of adding password protection to your boot " +"loader. The first uses plain text, while the latter uses md5+salt encryption." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre:caption):36 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre:caption):79 +msgid "/boot/grub/grub.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre):36 +#, no-wrap +msgid "" +"\n" +"timeout 5\n" +"password changeme\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):41 +msgid "" +"This will add the password <c>changeme</c>. If no password is entered at " +"boot, GRUB will simply use the default boot setting." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):46 +msgid "" +"When adding an md5 password, you must convert your password into crypt " +"format, which is the same format used in <path>/etc/shadow</path>. For more " +"information see <c>man crypt</c>. The encrypted password <e>changeme</e>, " +"for example, could look like this: <c>$1$T7/dgdIJ$dJM.n2wZ8RG.oEiIOwJUs</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):53 +msgid "You can encrypt your password directly at the GRUB shell:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre:caption):57 +msgid "md5crypt in grub shell" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre):57 +#, no-wrap +msgid "" +"\n" +"#<i>/sbin/grub</i>\n" +"\n" +"GRUB version 0.92 (640K lower / 3072K upper memory)\n" +"\n" +" [ Minimal BASH-like line editing is supported. For the first word, TAB lists\n" +" possible command completions. Anywhere else TAB lists the possible\n" +" completions of a device/filename. ]\n" +"\n" +"grub> <i>md5crypt</i>\n" +"\n" +"Password: <i>********</i>\n" +"<comment>(Typed changeme at the prompt)</comment>\n" +"Encrypted: $1$T7/dgdIJ$dJM.n2wZ8RG.oEiIOwJUs.\n" +"\n" +"grub> <i>quit</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):75 +msgid "Then, cut and paste your password to <path>/boot/grub/grub.conf</path>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre):79 +#, no-wrap +msgid "" +"\n" +"timeout 5\n" +"password --md5 $1$T7/dgdIJ$dJM.n2wZ8RG.oEiIOwJUs.\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):84 +msgid "" +"The 5 seconds timeout becomes handy if the system is remote and should be " +"able to reboot without any keyboard interaction. Learn more about GRUB " +"passwords by executing <c>info grub</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(title):93 +msgid "Password protecting LILO" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):96 +msgid "" +"LILO also supports two ways of handling passwords: global and per-image, " +"both in clear text." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):101 +msgid "" +"The global password is set at the top of the configuration file, and applies " +"to every boot image:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre:caption):106 +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre:caption):116 +msgid "/etc/lilo.conf" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre):106 +#, no-wrap +msgid "" +"\n" +"password=changeme\n" +"restricted\n" +"delay=3\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):112 +msgid "The per-image password is set as below:" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre):116 +#, no-wrap +msgid "" +"\n" +"image=/boot/bzImage\n" +" read-only\n" +" password=changeme\n" +" restricted\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):123 +msgid "" +"If the <c>restricted</c> option is not entered, it will prompt for a " +"password every time." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):128 +msgid "" +"In order to store the new information in <path>lilo.conf</path>, you must " +"run <c>/sbin/lilo</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(title):136 +msgid "Restricting Console Usage" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):139 +msgid "" +"The <path>/etc/securetty</path> file allows you to specify which <c>tty</c> " +"(terminal) devices root is allowed to login to." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(p):144 +msgid "" +"We suggest that you comment out all lines except <c>vc/1</c> if you are " +"using devfs and all lines except <c>tty1</c> if you are using udev. This " +"will ensure that root only can login once and only on one terminal." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(note):150 +msgid "" +"Users in the group \"wheel\" can still <c>su -</c> to become root on other " +"TTYs." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre:caption):154 +msgid "/etc/securetty" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(pre):154 +#, no-wrap +msgid "" +"\n" +"<comment>(For devfs)</comment>\n" +"vc/1\n" +"<comment>(For udev)</comment>\n" +"tty1\n" +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-tight.xml(None):0 +msgid "translator-credits" +msgstr "" diff --git a/shandbook/gettext/el/shb-uptodate.xml.po b/shandbook/gettext/el/shb-uptodate.xml.po new file mode 100644 index 0000000..8b326f0 --- /dev/null +++ b/shandbook/gettext/el/shb-uptodate.xml.po @@ -0,0 +1,157 @@ +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2010-10-22 00:56+0600\n" +"PO-Revision-Date: 2010-10-22 00:56+0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: el\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(version):10 +msgid "1.1" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(date):11 +msgid "2005-10-13" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(title):14 +msgid "Keeping up-to-date" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(p):17 +msgid "" +"Once you have successfully installed your system and ensured a good level of " +"security you are not done. Security is an ongoing process; the vast majority " +"of intrusions result from known vulnerabilities in unpatched systems. " +"Keeping your system up-to-date is the single most valuable step you can take " +"to greater security." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(p):25 +msgid "" +"If you have a recent version of <c>portage</c> installed, you can first sync " +"your portage tree with <c>emerge --sync</c> and then issue the command " +"<c>glsa-check --list</c> to check if your system is up to date security-" +"wise. <c>glsa-check</c> is part of <c>app-portage/gentoolkit</c>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(pre:caption):32 +msgid "Example output of glsa-check -l" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(pre):32 +#, no-wrap +msgid "" +"\n" +"# <i>glsa-check -l</i>\n" +"WARNING: This tool is completely new and not very tested, so it should not be\n" +"used on production systems. It's mainly a test tool for the new GLSA release\n" +"and distribution system, it's functionality will later be merged into emerge\n" +"and equery.\n" +"Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml\n" +"before using this tool AND before reporting a bug.\n" +"\n" +"[A] means this GLSA was already applied,\n" +"[U] means the system is not affected and\n" +"[N] indicates that the system might be affected.\n" +"\n" +"200406-03 [N] sitecopy: Multiple vulnerabilities in included libneon ( net-misc/sitecopy )\n" +"200406-04 [U] Mailman: Member password disclosure vulnerability ( net-mail/mailman )\n" +".......\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(warn):50 +msgid "" +"The <c>glsa-check</c> is still experimental, so if security really is your " +"top priority it would be wise to double check the list with other sources." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(p):55 +msgid "" +"All lines with a <c>[A]</c> and <c>[U]</c> can be almost safely ignored as " +"the system is not affected by this GLSA." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(impo):60 +msgid "" +"Please note that the usual <c>emerge -vpuD world</c> will not pick up all " +"package updates. You need to use <c>glsa-check</c> if you want to make sure " +"all GLSAs are fixed on your system." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(pre:caption):66 +msgid "Check all GLSAs" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(pre):66 +#, no-wrap +msgid "" +"\n" +"<comment>(Check if your system is affected by GLSAs)</comment>\n" +"# <i>glsa-check -t all</i>\n" +"WARNING: This tool is completely new and not very tested, so it should not be\n" +"used on production systems. It's mainly a test tool for the new GLSA release\n" +"and distribution system, it's functionality will later be merged into emerge\n" +"and equery.\n" +"Please read http://www.gentoo.org/proj/en/portage/glsa-integration.xml\n" +"before using this tool AND before reporting a bug.\n" +"\n" +"This system is affected by the following GLSA:\n" +"200504-06\n" +"200510-08\n" +"200506-14\n" +"200501-35\n" +"200508-12\n" +"200507-16\n" +"\n" +"<comment>(See what packages would be emerged)</comment>\n" +"# <i>glsa-check -p $(glsa-check -t all)</i>\n" +" <comment>(partial output)</comment>\n" +"Checking GLSA 200504-06\n" +"The following updates will be performed for this GLSA:\n" +" app-arch/sharutils-4.2.1-r11 (4.2.1-r10)\n" +"\n" +" **********************************************************************\n" +"\n" +" Checking GLSA 200510-08\n" +" The following updates will be performed for this GLSA:\n" +" media-libs/xine-lib-1.1.0-r5 (1.1.0-r4)\n" +"\n" +"<comment>(Apply required fixes)</comment>\n" +"# <i>glsa-check -f $(glsa-check -t all)</i>\n" +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(p):101 +msgid "" +"If you have upgraded a running service, you should not forget to restart it." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(p):105 +msgid "" +"Keeping your <uri link=\"/doc/en/kernel-upgrade.xml\">kernel up-to-date</" +"uri> is also recommended." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(p):110 +msgid "" +"If you want an email each time a GLSA is released subscribe to the <c>gentoo-" +"announce</c> mailing list. Instructions for joining it and many other great " +"mailing lists can be found <uri link=\"/main/en/lists.xml\">Gentoo Linux " +"Mailing List Overview</uri>." +msgstr "" + +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(p):117 +msgid "" +"Another great security resource is the <uri link=\"http://www.securityfocus." +"com/archive/1\">Bugtraq mailing list</uri>." +msgstr "" + +#. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL +#: ../../gentoo/xml/htdocs/doc/en/security//shb-uptodate.xml(None):0 +msgid "translator-credits" +msgstr "" |