svn commit: r51084 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Mon Oct 9 02:09:45 UTC 2017
Author: ryusuke
Date: Mon Oct 9 02:09:43 2017
New Revision: 51084
URL: https://svnweb.freebsd.org/changeset/doc/51084
Log:
- Merge the following from the English version:
r28158 -> r29000 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Sun Oct 8 12:38:21 2017 (r51083)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Mon Oct 9 02:09:43 2017 (r51084)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r28158
+ Original revision: r29000
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -131,26 +131,6 @@
¤µ¤é¤Ë¥³¥ó¥Ô¥å¡¼¥¿¤¬Áê¸ß¤ËÀܳ¤µ¤ì¤¿¥Í¥Ã¥È¥ï¡¼¥¯¤ò·ÁÀ®¤¹¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿º£Æü¡¢
¥»¥¥å¥ê¥Æ¥£¤Ï°ìÁØÂ礤ʴؿ´»ö¤Ë¤Ê¤Ã¤Æ¤¤Æ¤¤¤Þ¤¹¡£</para>
- <para>¥»¥¥å¥ê¥Æ¥£¤ò¼ÂÁõ¤¹¤ë¤Ë¤Ï¡¢
- ¥¿¥Þ¥Í¥®¤Î¤è¤¦¤Ë³¬Áز½¤¹¤ë¼êË¡
- (a layered <quote>onion</quote> approach)
- ¤¬ºÇŬ¤Ç¤¹¡£
- ¤É¤¦¤¹¤ì¤ÐÎɤ¤¤Î¤«´Êñ¤ËÀâÌÀ¤¹¤ë¤È¡¢
- ÊØÍø¤Êµ¡Ç½¤ÈƱ¤¸¿ô¤À¤±¥»¥¥å¥ê¥Æ¥£¤Î³¬Áؤòºî¤ê¡¢
- ¥·¥¹¥Æ¥à¤Ø¤Î¿¯Æþ¤òÃí°Õ¿¼¤¯´Æ»ë¤¹¤ë¤Î¤Ç¤¹¡£
- ¤¢¤Ê¤¿¤Ï¥»¥¥å¥ê¥Æ¥£¤ò²áÅ٤˸·½Å¤Ë¤·¤¿¤ê¡¢
- ¿¯Æþ¤Î´Æ»ë¤Ë»þ´Ö¤ò¤È¤é¤ì¤¿¤¤¤È¤Ï»×¤ï¤Ê¤¤¤Ç¤·¤ç¤¦¡£
- ¤³¤Î¿¯Æþ¤Îȯ¸«¤È¤¤¤¦Éôʬ¤Ï¡¢
- ¤¢¤é¤æ¤ë¥»¥¥å¥ê¥Æ¥£µ¡¹½¤Ë¤ª¤¤¤ÆºÇ¤â½ÅÍפÊÉôʬ¤Î°ì¤Ä¤Ê¤Î¤Ç¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢¥·¥¹¥Æ¥à¤Î³Æ¥Ð¥¤¥Ê¥ê¤Ë
- <literal>schg</literal> ¥Õ¥é¥° (&man.chflags.1; »²¾È)
- ¤òÀßÄꤹ¤ë¤Î¤Ï¡¢Â礷¤Æ°ÕÌ£¤¬¤¢¤ê¤Þ¤»¤ó¡£
- ¥Õ¥é¥°¤òÀßÄꤹ¤ë¤È°ì»þŪ¤Ë¥Ð¥¤¥Ê¥ê¤¬Êݸ¤ì¡¢
- ¿¯Æþ¤·¤Æ¤¤¿¹¶·â¼Ô¤Ë¤è¤Ã¤Æ¥·¥¹¥Æ¥à¤Ë²Ã¤¨¤é¤ì¤ëÊѹ¹¤Î¤¦¤Á¡¢
- Íưפ˸¡½Ð²Äǽ¤ÊÊѹ¹¤Ï¹Ô¤Ê¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
- ¤·¤«¤·¤½¤Î·ë²Ì¤È¤·¤Æ¡¢¥»¥¥å¥ê¥Æ¥£µ¡¹½¤¬¤½¤Î¿¯Æþ¼Ô¤ò¸¡½Ð¤¹¤ë¤³¤È¤â
- ¤Þ¤Ã¤¿¤¯¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤·¤ç¤¦¡£</para>
-
<para>¤Þ¤¿¡¢¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Ë¤Ï¡¢
¤µ¤Þ¤¶¤Þ¤Ê·Á¤Ç¤Î¹¶·â¤ËÂн褹¤ë¤³¤È¤È¤â´Ø·¸¤·¤Æ¤¤¤Þ¤¹¡£
¹¶·â¤ÎÃæ¤Ë¤Ï <systemitem class="username">root</systemitem>
@@ -1950,7 +1930,7 @@ Edit O.K.
¤¹¤Ù¤Æ¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤òŸ³«¤·¤Þ¤¹¡£
¤³¤ì¤Ë¤Ï <command>ext_srvtab</command> ¤È¤¤¤¦¥³¥Þ¥ó¥É¤ò»ÈÍѤ·¤Þ¤¹¡£
¤³¤Î¥³¥Þ¥ó¥É¤ÇºîÀ®¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Ï¡¢Kerberos
- ¤Î³Æ¥¯¥é¥¤¥¢¥ó¥È¤Î <filename>/etc/kerberosIV</filename>
+ ¤Î³Æ¥¯¥é¥¤¥¢¥ó¥È¤Î <filename>/etc</filename>
¥Ç¥£¥ì¥¯¥È¥ê¤Ë<emphasis>°ÂÁ´¤ÊÊýË¡¤Ç</emphasis>
¥³¥Ô¡¼¤Þ¤¿¤Ï°ÜÆ°¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¤½¤ì¤¾¤ì¤Î¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È¤Ë¸ºß¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢
@@ -1979,7 +1959,7 @@ Generating 'grunt-new-srvtab'....</screen>
¤ò°ÜÆ°
²Äǽ¤Ê¥á¥Ç¥£¥¢¤Ë¥³¥Ô¡¼¤·¤ÆʪÍýŪ¤Ë°ÂÁ´¤ÊÊýË¡¤Ç±¿¤ó¤Ç¤¯¤À¤µ¤¤¡£
¥¯¥é
- ¥¤¥¢¥ó¥È¤Î<filename>/etc/kerberosIV</filename>¥Ç¥£¥ì¥¯¥È¥ê¤Ç¡¢
+ ¥¤¥¢¥ó¥È¤Î<filename>/etc</filename>¥Ç¥£¥ì¥¯¥È¥ê¤Ç¡¢
̾Á°¤ò <filename>srvtab</filename>¤ËÊѹ¹¤·¡¢
mode¤ò600¤Ë¤¹¤ë¤Î¤ò˺¤ì¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£</para>
@@ -2514,16 +2494,19 @@ Verifying password - Password: <userinput>xxxxxxxx</us
¥×¥ê¥ó¥·¥Ñ¥ë¤Î¥Á¥±¥Ã¥È¤òÆþ¼ê¤·¤¿¤ê¡¢
°ìÍ÷¤òɽ¼¨¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¤³¤È¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
- <screen>&prompt.user; <userinput>k5init <replaceable>tillman</replaceable></userinput>
+ <screen>&prompt.user; <userinput>kinit <replaceable>tillman</replaceable></userinput>
tillman at EXAMPLE.ORG's Password:
-&prompt.user; <userinput>k5list</userinput>
+&prompt.user; <userinput>klist</userinput>
Credentials cache: FILE:<filename>/tmp/krb5cc_500</filename>
Principal: tillman at EXAMPLE.ORG
Issued Expires Principal
Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/EXAMPLE.ORG at EXAMPLE.ORG</screen>
+ <para>ɬÍפ¬¤Ê¤¯¤Ê¤Ã¤¿»þ¤Ë¤Ï¡¢¥Á¥±¥Ã¥È¤òÇË´þ¤Ç¤¤Þ¤¹¡£</para>
+
+ <screen>&prompt.user; <userinput>k5destroy</userinput></screen>
</sect2>
<sect2>
@@ -2689,19 +2672,6 @@ kadmin><userinput> exit</userinput></screen>
(<command>ssh</command> ¤Î¤è¤¦¤Ë)
¤¹¤Ù¤Æ¤Î¥Ç¡¼¥¿¥¹¥È¥ê¡¼¥à¤¬°Å¹æ²½¤µ¤ì¤Þ¤¹¡£</para>
- <para><application>Kerberos</application>
- ¤Î¥³¥¢¤Î¥¯¥é¥¤¥¢¥ó¥È¥¢¥×¥ê¥±¡¼¥·¥ç¥ó
- (ÅÁÅýŪ¤Ë¡¢<command>kinit</command>,
- <command>klist</command>, <command>kdestroy</command> ¤ª¤è¤Ó
- <command>kpasswd</command> ¤È¤¤¤¦Ì¾Á°¤Ç¤¹) ¤Ï¡¢&os;
- ¤Î¥Ù¡¼¥¹¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
- 5.0 °ÊÁ°¤Î &os; ¤Ç¤Ï¡¢
- <command>k5init</command>,
- <command>k5list</command>, <command>k5destroy</command>,
- <command>k5passwd</command> ¤ª¤è¤Ó <command>k5stash</command>
- ¤È¸À¤¦Ì¾Á°¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
- ¤³¤ì¤é¤ÏÄ̾ï°ìÅÙ¤·¤«ÍѤ¤¤é¤ì¤Þ¤»¤ó¡£</para>
-
<para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢Heimdal ¥¤¥ó¥¹¥È¡¼¥ë¤Î
<quote>ºÇ¾®</quote> ¤È¹Í¤¨¤é¤ì¤ë¡¢¥³¥¢°Ê³°¤Î
<application>Kerberos</application>
@@ -2975,6 +2945,19 @@ jdoe at example.org</screen>
¥Õ¥©¥ï¡¼¥É¤µ¤ì¤¿¥¯¥ì¥Ç¥ó¥·¥ã¥ê¥ó¥°¤Î½ê͸¢¤òŬÀÚ¤ËÊѹ¹¤Ç¤¤ë¤è¤¦¤Ë¡¢
<command>login.krb5</command>
¥Ð¥¤¥Ê¥ê¤¬Ç§¾Ú¤Ë»È¤ï¤ì¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para></note>
+
+ <para><filename>rc.conf</filename>
+ ¤ò°Ê²¼¤ÎÀßÄê¤ò´Þ¤à¤è¤¦¤ËÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <programlisting>kerberos5_server="/usr/local/sbin/krb5kdc"
+kadmind5_server="/usr/local/sbin/kadmind"
+kerberos5_server_enable="YES"
+kadmind5_server_enable="YES"</programlisting>
+
+ <para>¤³¤ì¤ò¹Ô¤¦¤Î¤Ï¡¢
+ <acronym>MIT</acronym> kerberos ¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢
+ <filename role="directory">/usr/local</filename>
+ ¹½Â¤¤Î²¼¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤¿¤á¤Ç¤¹¡£</para>
</sect2>
<sect2>
@@ -3441,6 +3424,17 @@ options FAST_IPSEC # new IPsec (cannot define w/ IP
¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
</note>
+ <note>
+ <para>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤¬Å¬ÀÚ¤Ë &man.gif.4;
+ ¤âÄÉÀפǤ¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+ ¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¤Ë¤ª¤¤¤Æ¡¢
+ <option>IPSEC_FILTERGIF</option> ¤ò͸ú¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+
+ <screen>
+options IPSEC_FILTERGIF #filter ipsec packets from a tunnel
+ </screen>
+ </note>
+
<indexterm>
<primary>IPsec</primary>
<secondary>ESP</secondary>
@@ -3758,20 +3752,22 @@ Network #2 [ Internal Hosts ]
¤½¤Î¸å¡¢¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ò
&man.ifconfig.8; ¤ò»È¤Ã¤ÆÀßÄꤷ¤Þ¤¹¡£</para>
- <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1 ¤Ë¤¢¤ë¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç°Ê²¼¤Î
- 2 ¤Ä¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥È¥ó¥Í¥ë¤òºîÀ®¤·¤Þ¤¹¡£</para>
+ <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1
+ ¤Ë¤¢¤ë¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥È¥ó¥Í¥ë¤òºîÀ®¤·¤Þ¤¹¡£</para>
- <programlisting>ifconfig gif0 A.B.C.D W.X.Y.Z
-ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 0xffffffff
- </programlisting>
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> create</userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> tunnel <replaceable>A.B.C.D</replaceable> <replaceable>W.X.Y.Z</replaceable></userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> inet <replaceable>192.168.1.1</replaceable> <replaceable>192.168.2.1</replaceable> netmask <replaceable>0xffffffff</replaceable></userinput>
+ </screen>
<para>¤â¤¦ÊÒÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¡¢
IP ¥¢¥É¥ì¥¹¤Î½ç¤òµÕ¤Ë¤·¤ÆƱ¤¸¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£</para>
-
- <programlisting>ifconfig gif0 W.X.Y.Z A.B.C.D
-ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xffffffff
- </programlisting>
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> create</userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> tunnel <replaceable>W.X.Y.Z</replaceable> <replaceable>A.B.C.D</replaceable></userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> inet <replaceable>192.168.2.1</replaceable> <replaceable>192.168.1.1</replaceable> netmask <replaceable>0xffffffff</replaceable></userinput>
+ </screen>
+
<para>°Ê²¼¤ò¼Â¹Ô¤·¤Æ¡¢ÀßÄê¤ò³Îǧ¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
<programlisting>ifconfig gif0</programlisting>
@@ -3780,9 +3776,9 @@ ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xf
°Ê²¼¤Î¤è¤¦¤Ë³Îǧ¤Ç¤¤Þ¤¹¡£</para>
<screen>&prompt.root; <userinput>ifconfig gif0</userinput>
-gif0: flags=8011<UP,POINTTOPOINT,MULTICAST> mtu 1280
-inet 192.168.1.1 --> 192.168.2.1 netmask 0xffffffff
-physical address inet A.B.C.D --> W.X.Y.Z
+gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
+ tunnel inet A.B.C.D --> W.X.Y.Z
+ inet 192.168.1.1 --> 192.168.2.1 netmask 0xffffffff
</screen>
<para>½ÐÎϤ«¤é¤ï¤«¤ë¤è¤¦¤Ë¡¢
@@ -3914,7 +3910,8 @@ Destination Gateway Flags Refs Use
<para>¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È #1 ¤Î <filename>/etc/rc.conf</filename>
¤òÊÔ½¸¤·¤Æ¡¢°Ê²¼¤Î¹Ô¤ò (ɬÍפ˱þ¤¸¤Æ IP ¥¢¥É¥ì¥¹¤òÊѹ¹¤·¤Æ)
Äɲä·¤Þ¤¹¡£</para>
- <programlisting>gifconfig_gif0="A.B.C.D W.X.Y.Z"
+ <programlisting>gif_interfaces="gif0"
+gifconfig_gif0="A.B.C.D W.X.Y.Z"
ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff"
static_routes="vpn"
route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00"
More information about the svn-doc-all
mailing list