diff options
| -rw-r--r-- | en_US.ISO8859-1/books/handbook/mac/chapter.xml | 62 |
1 files changed, 35 insertions, 27 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.xml b/en_US.ISO8859-1/books/handbook/mac/chapter.xml index 52289f3590..2b1446038c 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.xml @@ -763,7 +763,14 @@ test: biba/high</screen> option is called <option>multilabel</option>.</para> </sect1> - <sect1 xml:id="mac-seeotheruids"> + <sect1 xml:id="mac-policies"> + <title>Available MAC Policies</title> + + <para>&os; includes a group of policies that will cover + most security requirements. Each policy is discussed + below.</para> + + <sect2 xml:id="mac-seeotheruids"> <title>The MAC See Other UIDs Policy</title> <indexterm> @@ -816,9 +823,9 @@ test: biba/high</screen> may not be set.</para> </listitem> </itemizedlist> - </sect1> + </sect2> - <sect1 xml:id="mac-bsdextended"> + <sect2 xml:id="mac-bsdextended"> <title>The MAC BSD Extended Policy</title> <indexterm> @@ -855,7 +862,7 @@ test: biba/high</screen> module as incorrect use could block access to certain parts of the file system.</para> - <sect2> + <sect3> <title>Examples</title> <para>After the &man.mac.bsdextended.4; module has been loaded, @@ -895,10 +902,10 @@ test: biba/high</screen> <para>For more information, refer to &man.mac.bsdextended.4; and &man.ugidfw.8;</para> - </sect2> - </sect1> + </sect3> + </sect2> - <sect1 xml:id="mac-ifoff"> + <sect2 xml:id="mac-ifoff"> <title>The MAC Interface Silencing Policy</title> <indexterm> @@ -947,9 +954,9 @@ test: biba/high</screen> <package>security/aide</package> to automatically block network traffic if it finds new or altered files in protected directories.</para> - </sect1> + </sect2> - <sect1 xml:id="mac-portacl"> + <sect2 xml:id="mac-portacl"> <title>The MAC Port Access Control List Policy</title> <indexterm> @@ -1035,7 +1042,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen> <para>See the examples below or refer to &man.mac.portacl.4; for further information.</para> - <sect2> + <sect3> <title>Examples</title> <para>Since the <systemitem class="username">root</systemitem> user should not be @@ -1060,10 +1067,10 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen> <screen>&prompt.root; <userinput>sysctl security.mac.portacl.rules=uid:1001:tcp:110,uid:1001:tcp:995</userinput></screen> - </sect2> - </sect1> + </sect3> + </sect2> - <sect1 xml:id="mac-partition"> + <sect2 xml:id="mac-partition"> <title>The MAC Partition Policy</title> <indexterm> @@ -1113,7 +1120,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen> spawned by users in the <literal>insecure</literal> class will stay in the <literal>partition/13</literal> label.</para> - <sect2> + <sect3> <title>Examples</title> <para>The following command will display the partition label @@ -1143,10 +1150,10 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen> options, including their limitations, are further explained in the module manual pages.</para> </note> - </sect2> - </sect1> + </sect3> + </sect2> - <sect1 xml:id="mac-mls"> + <sect2 xml:id="mac-mls"> <title>The MAC Multi-Level Security Module</title> <indexterm> @@ -1277,7 +1284,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen> to <command>setfmac</command>. This method will be explained after all policies are covered.</para> - <sect2> + <sect3> <title>Planning Mandatory Sensitivity</title> <para>When using the MLS policy module, an administrator plans @@ -1302,10 +1309,10 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen> include an e-commerce web server, a file server holding critical company information, and financial institution environments.</para> - </sect2> - </sect1> + </sect3> + </sect2> - <sect1 xml:id="mac-biba"> + <sect2 xml:id="mac-biba"> <title>The MAC Biba Module</title> <indexterm> @@ -1419,7 +1426,7 @@ net.inet.ip.portrange.reservedhigh=0</userinput></screen> &prompt.root; <userinput>getfmac test</userinput> test: biba/low</screen> - <sect2> + <sect3> <title>Planning Mandatory Integrity</title> <para>Integrity, which is different from sensitivity, guarantees @@ -1457,10 +1464,10 @@ test: biba/low</screen> development and test machine, and a source code repository. A less useful implementation would be a personal workstation, a machine used as a router, or a network firewall.</para> - </sect2> - </sect1> + </sect3> + </sect2> - <sect1 xml:id="mac-lomac"> + <sect2 xml:id="mac-lomac"> <title>The MAC LOMAC Module</title> <indexterm> @@ -1495,7 +1502,7 @@ test: biba/low</screen> policy may provide for greater compatibility and require less initial configuration than Biba.</para> - <sect2> + <sect3> <title>Examples</title> <para>Like the Biba and <acronym>MLS</acronym> policies, @@ -1508,7 +1515,8 @@ test: biba/low</screen> <para>The auxiliary grade <literal>low</literal> is a feature provided only by the <acronym>MAC</acronym> LOMAC policy.</para> - </sect2> + </sect3> + </sect2> </sect1> <sect1 xml:id="mac-implementing"> |