aboutsummaryrefslogtreecommitdiff
path: root/documentation/content/el/books/handbook/security/_index.adoc
diff options
context:
space:
mode:
Diffstat (limited to 'documentation/content/el/books/handbook/security/_index.adoc')
-rw-r--r--documentation/content/el/books/handbook/security/_index.adoc5
1 files changed, 3 insertions, 2 deletions
diff --git a/documentation/content/el/books/handbook/security/_index.adoc b/documentation/content/el/books/handbook/security/_index.adoc
index 33114a15cf..37905327dc 100644
--- a/documentation/content/el/books/handbook/security/_index.adoc
+++ b/documentation/content/el/books/handbook/security/_index.adoc
@@ -5,7 +5,8 @@ prev: books/handbook/users
next: books/handbook/jails
showBookMenu: true
weight: 19
-path: "/books/handbook/"
+params:
+ path: "/books/handbook/security/"
---
[[security]]
@@ -189,7 +190,7 @@ A good security script will also check for changes to user and staff members acc
If you have a huge amount of user disk space, it may take too long to run through every file on those partitions. In this case, setting mount flags to disallow suid binaries and devices on those partitions is a good idea. The `nodev` and `nosuid` options (see man:mount[8]) are what you want to look into. You should probably scan them anyway, at least once a week, since the object of this layer is to detect a break-in attempt, whether or not the attempt succeeds.
-Process accounting (see man:accton[8]) is a relatively low-overhead feature of the operating system which might help as a post-break-in evaluation mechanism. It is especially useful in tracking down how an intruder has actually broken into a system, assuming the file is still intact after the break-in has occured.
+Process accounting (see man:accton[8]) is a relatively low-overhead feature of the operating system which might help as a post-break-in evaluation mechanism. It is especially useful in tracking down how an intruder has actually broken into a system, assuming the file is still intact after the break-in has occurred.
Finally, security scripts should process the log files, and the logs themselves should be generated in as secure a manner as possible - remote syslog can be very useful. An intruder will try to cover his tracks, and log files are critical to the sysadmin trying to track down the time and method of the initial break-in. One way to keep a permanent record of the log files is to run the system console to a serial port and collect the information to a secure machine monitoring the consoles.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 00:22:47 +0000