aboutsummaryrefslogtreecommitdiff
path: root/en_US.ISO8859-1/books/handbook/mac
diff options
context:
space:
mode:
authorTom Rhodes <trhodes@FreeBSD.org>2006-04-27 07:31:52 +0000
committerTom Rhodes <trhodes@FreeBSD.org>2006-04-27 07:31:52 +0000
commit45f15433afa56e300d7f3bbaa17e334354a8d96e (patch)
tree2db8d6dfdcbb290074a3b4fb60382b8a2c25aa18 /en_US.ISO8859-1/books/handbook/mac
parent5e3eff0328b6b99c9516d67b78a267ab9a7920f4 (diff)
downloaddoc-45f15433afa56e300d7f3bbaa17e334354a8d96e.tar.gz
doc-45f15433afa56e300d7f3bbaa17e334354a8d96e.zip
Instead of paragraphs, use one of the various list tags.
Submitted by: keramida
Notes
Notes: svn path=/head/; revision=27641
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
-rw-r--r--en_US.ISO8859-1/books/handbook/mac/chapter.sgml41
1 files changed, 30 insertions, 11 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
index 97fe1fc223..c2ca29bdc9 100644
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@@ -835,21 +835,40 @@ test: biba/high</screen>
<sect1 id="mac-planning">
<title>Planning the Security Configuration</title>
- <para>As with implementing any technology, there must be a planning
- phase. During this time is it best an administrator looks at
- their plight as a whole and defines exactly what is needed.
- Examine thoroughly what requirements exist, how to accomplish
- the final goal. How must information be classified or restricted,
- what users should be given access and which <acronym>MAC</acronym>
- module or modules will be required to achieve this goal.</para>
-
- <para>Although it is always possible to reconfigure and change the
- system resources and security settings, it is inconvenient to
+ <para>Whenever a new technology is implemented, a planning phase is
+ always a good idea. During the planning stages, an administrator
+ should in general look at the <quote>big picture</quote>, trying
+ to keep in view at least the following:</para>
+
+ <itemizedlist>
+ <listitem>The implementation requirements</listitem>
+
+ <listitem>The implementation goals</listitem>
+ </itemizedlist>
+
+ <para>For <acronym>MAC</acronym> installations, these include:</para>
+
+ <itemizedlist>
+ <listitem>How to classify information and resources available on
+ the target systems.</listitem>
+
+ <listitem>What sorts of information or resources to restrict
+ access to and the type of restrictions that should be
+ applied.</listitem>
+
+ <listitem>Which <acronym>MAC</acronym> module or modules will be
+ required to achieve this goal.</listitem>
+ </itemizedlist>
+
+ <para>It is always possible to reconfigure and change the
+ system resources and security settings, it is quite often very inconvenient to
search through the system and fix existing files and user
accounts. Planning helps to ensure a trouble-free and efficient
trusted system implementation. A trial run of the trusted system,
including the configuration, is often vital and definitely
- beneficial before. The idea of just letting loose on a system
+ beneficial <emphasis>before</emphasis> a <acronym>MAC</acronym>
+ implementation is used on production systems. The idea of just
+ letting loose on a system
with <acronym>MAC</acronym> is like setting up for failure.</para>
<para>Different environments may have explicit needs and