From nobody Sat Jan 29 14:11:26 2022 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DC1B81986098 for ; Sat, 29 Jan 2022 14:11:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JmGTW2PbJz51T0; Sat, 29 Jan 2022 14:11:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643465487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PoDEVRjZszle7PTx1iYDE3UlP88UTBXzM/seyDPTbRE=; b=PMDvNBJjm4bZMK6JkIw4/jtQFLownaaPAFg5/O+94JgX54Ns5+VmkBI3a+P2TgJdgToJOe N0u3+TM0pLguVOuBNIxATIOstuN4LeCLnxb3yi/ZpcJBOb2F50oWc2u/LX2ALsdFZMry5E 72oUqsQOXN9dZtxuUpZZPEsTyrK4KEwlieqBz+WbtDC2Ib2f/KgfiWbHs7kf3yHfw2HDgq iqbCN7cG6ofiGequViZ/ehTDMmluoQJWR52R//ibALoAqE53Yu4h2R3KaEf5P936z0dF49 jY5YhbQktEsg4CSNMFtj2MSBFLMQzHtkV7/6ZUekL+Nu//VCswl4h8J9Clhe5Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E9003169FA; Sat, 29 Jan 2022 14:11:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20TEBQNn082277; Sat, 29 Jan 2022 14:11:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20TEBQM1082276; Sat, 29 Jan 2022 14:11:26 GMT (envelope-from git) Date: Sat, 29 Jan 2022 14:11:26 GMT Message-Id: <202201291411.20TEBQM1082276@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Benedict Reuschling Subject: git: 1ae23eb218 - main - Spell 'availability' correctly. List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bcr X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1ae23eb218c254fa95febf1b2591ff5eea53ab23 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643465487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PoDEVRjZszle7PTx1iYDE3UlP88UTBXzM/seyDPTbRE=; b=CryG792TlnIg4Ve1o9IVRRqDqO0nVCf1WoP9/L1j1SeqsYm2zBH31TjNDhwRA5TPt9Xt08 snbE6sgBpKPdTZOajvjfK+bztZuScU4G+HXQPb/IHlR4Y8cKa00WxPzfD5Ud3vdJJvssN7 8ttPbotQZwIJyyUxibJEXTvHxWHElxurNuIjgyUkWqDf1AQGdqxpOUvyQt1e3SaPt9e4If vJEDlHtZtI3U2odPSJGP6zkGOcnTjjb1Kk87Puy3b13yLSVuWw0ma1/2MqpLUD5cMwzZuD HsG0He/pTFBolels4BVKkAJvdWcak5h1QNcACbwmh5h2MsuJn3IfI8SEHGBtdA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643465487; a=rsa-sha256; cv=none; b=FnYqFXFzCo9u/46COQaQy69IqZ1/u8bRDP/KUWVKBLDLpolrnSvO70S5rLW4eyG3wsbgHr GzgtAicDbACiT8rEleyZZyPDmMQAylSI31O1yUschgTs4k7kxHtHrDY/ztJKPRpNsYFRzT BL2s9t8WARlNpbXP3wxjbRebv4t2B7RkHxWaj9f3okYYx+4ZxboJJP4woNX02Gs1/kf35O SL7P9Tmhc1ECJSZs+dviHouuzNaHzKzBzjGZWTR5RZml41LplZ5MmO8+QMYE5ukmPCN40j kprvt9oiuQy9WEFcM+8QzxpCvMeijtIHGTRagrjBjCTURbJMDdXVIaMl0tx/gw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bcr: URL: https://cgit.FreeBSD.org/doc/commit/?id=1ae23eb218c254fa95febf1b2591ff5eea53ab23 commit 1ae23eb218c254fa95febf1b2591ff5eea53ab23 Author: Benedict Reuschling AuthorDate: 2022-01-29 14:10:27 +0000 Commit: Benedict Reuschling CommitDate: 2022-01-29 14:10:27 +0000 Spell 'availability' correctly. --- .../content/en/books/handbook/security/_index.adoc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc index 371ddf908e..2725174d23 100644 --- a/documentation/content/en/books/handbook/security/_index.adoc +++ b/documentation/content/en/books/handbook/security/_index.adoc @@ -87,7 +87,7 @@ A weak entry point in any system could allow intruders to gain access to critica One of the core principles of information security is the CIA triad, which stands for the Confidentiality, Integrity, and Availability of information systems. The CIA triad is a bedrock concept of computer security as customers and users expect their data to be protected. -For example, a customer expects that their credit card information is securely stored (confidentiality), that their orders are not changed behind the scenes (integrity), and that they have access to their order information at all times (availablility). +For example, a customer expects that their credit card information is securely stored (confidentiality), that their orders are not changed behind the scenes (integrity), and that they have access to their order information at all times (availability). To provide CIA, security professionals apply a defense in depth strategy. The idea of defense in depth is to add several layers of security to prevent one single layer failing and the entire security system collapsing. @@ -175,7 +175,7 @@ Blowfish is not part of AES and is not considered compliant with any Federal Inf Its use may not be permitted in some environments. ==== -To determine which hash algorithm is used to encrypt a user's password, the superuser can view the hash for the user in the FreeBSD password database. +To determine which hash algorithm is used to encrypt a user's password, the superuser can view the hash for the user in the FreeBSD password database. Each hash starts with a symbol which indicates the type of hash mechanism used to encrypt the password. If DES is used, there is no beginning symbol. For MD5, the symbol is `$`. @@ -293,7 +293,7 @@ For more information, see man:pw[8]. A _rootkit_ is any unauthorized software that attempts to gain `root` access to a system. Once installed, this malicious software will normally open up another avenue of entry for an attacker. -Realistically, once a system has been compromised by a rootkit and an investigation has been performed, the system should be reinstalled from scratch. +Realistically, once a system has been compromised by a rootkit and an investigation has been performed, the system should be reinstalled from scratch. There is tremendous risk that even the most prudent security or systems engineer will miss something an attacker left behind. A rootkit does do one thing useful for administrators: once detected, it is a sign that a compromise happened at some point. @@ -441,7 +441,7 @@ Source routing is a method for detecting and accessing non-routable addresses on This should be disabled as non-routable addresses are normally not routable on purpose. To disable this feature, set `net.inet.ip.sourceroute` and `net.inet.ip.accept_sourceroute` to `0`. -When a machine on the network needs to send messages to all hosts on a subnet, an ICMP echo request message is sent to the broadcast address. +When a machine on the network needs to send messages to all hosts on a subnet, an ICMP echo request message is sent to the broadcast address. However, there is no reason for an external host to perform such an action. To reject all external broadcast requests, set `net.inet.icmp.bmcastecho` to `0`. @@ -565,7 +565,7 @@ FreeBSD/i386 (example.com) (ttypa) login: otp-md5 498 gr4269 ext -Password: +Password: .... The OPIE prompts provides a useful feature. @@ -1510,7 +1510,7 @@ Foreground mode. 2006-01-30 01:36:18: INFO: IPsec-SA established: ESP/Tunnel 172.16.5.4[0]->192.168.1.12[0] spi=175852902(0xa7b4d66) .... -To ensure the tunnel is working properly, switch to another console and use man:tcpdump[1] to view network traffic using the following command. +To ensure the tunnel is working properly, switch to another console and use man:tcpdump[1] to view network traffic using the following command. Replace `em0` with the network interface card as required: [source,shell] @@ -1836,7 +1836,7 @@ This will start sshd, the daemon program for OpenSSH, the next time the system b # service sshd start .... -The first time sshd starts on a FreeBSD system, the system's host keys will be automatically created and the fingerprint will be displayed on the console. +The first time sshd starts on a FreeBSD system, the system's host keys will be automatically created and the fingerprint will be displayed on the console. Provide users with the fingerprint so that they can verify it the first time they connect to the server. Refer to man:sshd[8] for the list of available options when starting sshd and a more complete discussion about authentication, the login process, and the various configuration files.