diff options
Diffstat (limited to 'slackbook/html/security-current.html')
-rw-r--r-- | slackbook/html/security-current.html | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/slackbook/html/security-current.html b/slackbook/html/security-current.html new file mode 100644 index 00000000..12e20716 --- /dev/null +++ b/slackbook/html/security-current.html @@ -0,0 +1,138 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta name="generator" content="HTML Tidy, see www.w3.org" /> +<title>Keeping Current</title> +<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /> +<link rel="HOME" title="Slackware Linux Essentials" href="index.html" /> +<link rel="UP" title="Security" href="security.html" /> +<link rel="PREVIOUS" title="Host Access Control" href="security-host.html" /> +<link rel="NEXT" title="Archive Files" href="archive-files.html" /> +<link rel="STYLESHEET" type="text/css" href="docbook.css" /> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> +</head> +<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084" +alink="#0000FF"> +<div class="NAVHEADER"> +<table summary="Header navigation table" width="100%" border="0" cellpadding="0" +cellspacing="0"> +<tr> +<th colspan="3" align="center">Slackware Linux Essentials</th> +</tr> + +<tr> +<td width="10%" align="left" valign="bottom"><a href="security-host.html" +accesskey="P">Prev</a></td> +<td width="80%" align="center" valign="bottom">Chapter 14 Security</td> +<td width="10%" align="right" valign="bottom"><a href="archive-files.html" +accesskey="N">Next</a></td> +</tr> +</table> + +<hr align="LEFT" width="100%" /> +</div> + +<div class="SECT1"> +<h1 class="SECT1"><a id="SECURITY-CURRENT" name="SECURITY-CURRENT">14.3 Keeping +Current</a></h1> + +<div class="SECT2"> +<h2 class="SECT2"><a id="SECURITY-CURRENT-LIST" name="SECURITY-CURRENT-LIST">14.3.1 <var +class="LITERAL">slackware-security</var> mailing list</a></h2> + +<p>Whenever a security problem affects Slackware, an email is sent to all subscribers to +the <var class="LITERAL">slackware-security@slackware.com</var> mailing list. Reports are +sent out for vulnerabilities of any part of Slackware, apart from the software in <tt +class="FILENAME">/extra</tt> or <tt class="FILENAME">/pasture</tt>. These security +announcement emails include details on obtaining updated versions of Slackware packages +or work-arounds, if any.</p> + +<p>Subscribing to Slackware mailing lists is covered in <a +href="help-online.html#HELP-ONLINE-EMAIL">Section 2.2.2</a>.</p> +</div> + +<div class="SECT2"> +<h2 class="SECT2"><a id="SECURITY-CURRENT-PATCHES" name="SECURITY-CURRENT-PATCHES">14.3.2 +The <tt class="FILENAME">/patches</tt> directory</a></h2> + +<p>Whenever updated packages are released for a version of Slackware (usually only to fix +a security problem, in the case of already released Slackware versions), they are placed +in the <tt class="FILENAME">/patches</tt> directory. The full path to these patches will +depend on the mirror you are using, but will take the form <tt +class="FILENAME">/path/to/slackware-x.x/patches/</tt>.</p> + +<p>Before installing these packages, it is a good idea to verify the <tt +class="COMMAND">md5sum</tt> of the package. <tt class="COMMAND">md5sum</tt>(1) is a +commandline utility that creates a “unique” mathematical hash of the file. If +a single bit of the file has been changed, it will generate a different md5sum value.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">%</samp> <kbd +class="USERINPUT">md5sum package-<ver>-<arch>-<rev>.tgz</kbd> +6341417aa1c025448b53073a1f1d287d package-<ver>-<arch>-<rev>.tgz +</pre> +</td> +</tr> +</table> + +<p>You should then check this against the line for the new package in the <tt +class="FILENAME">CHECKSUMS.md5</tt> file in the root of the <tt +class="FILENAME">slackware-<var class="REPLACEABLE">$VERSION</var></tt> directory (also +in the <tt class="FILENAME">/patches</tt> directory for patches) or in the email to the +<var class="LITERAL">slackware-security</var> mailing list.</p> + +<p>If you have a file with the md5sum values in it, you can source it instead with the +<var class="OPTION">-c</var> option to <tt class="COMMAND">md5sum</tt>.</p> + +<table border="0" bgcolor="#E0E0E0" width="100%"> +<tr> +<td> +<pre class="SCREEN"> +<samp class="PROMPT">#</samp> <kbd class="USERINPUT">md5sum -c CHECKSUMS.md5</kbd> +./ANNOUNCE.10_0: OK +./BOOTING.TXT: OK +./COPYING: OK +./COPYRIGHT.TXT: OK +./CRYPTO_NOTICE.TXT: OK +./ChangeLog.txt: OK +./FAQ.TXT: FAILED +</pre> +</td> +</tr> +</table> + +<p>As you can see, any files that <tt class="COMMAND">md5sum</tt> evaluates as correct +are listed “<var class="LITERAL">OK</var>” while files that fail are labelled +“<var class="LITERAL">FAILED</var>”. (Yes, this was an insult to your +intelligence. Why do you put up with me?)</p> +</div> +</div> + +<div class="NAVFOOTER"> +<hr align="LEFT" width="100%" /> +<table summary="Footer navigation table" width="100%" border="0" cellpadding="0" +cellspacing="0"> +<tr> +<td width="33%" align="left" valign="top"><a href="security-host.html" +accesskey="P">Prev</a></td> +<td width="34%" align="center" valign="top"><a href="index.html" +accesskey="H">Home</a></td> +<td width="33%" align="right" valign="top"><a href="archive-files.html" +accesskey="N">Next</a></td> +</tr> + +<tr> +<td width="33%" align="left" valign="top">Host Access Control</td> +<td width="34%" align="center" valign="top"><a href="security.html" +accesskey="U">Up</a></td> +<td width="33%" align="right" valign="top">Archive Files</td> +</tr> +</table> +</div> +</body> +</html> + |