svn commit: r54381 - in head/ja_JP.eucJP/books/handbook: . bsdinstall

Ryusuke SUZUKI ryusuke at FreeBSD.org
Tue Jul 28 15:00:42 UTC 2020 

Author: ryusuke
Date: Tue Jul 28 15:00:41 2020
New Revision: 54381
URL: https://svnweb.freebsd.org/changeset/doc/54381

Log:
  - Merge the following from the English version:
  
  	r53939 -> r53958	head/ja_JP.eucJP/books/handbook/Makefile
  	r53945 -> r53961	head/ja_JP.eucJP/books/handbook/bsdinstall/chapter.xml

Modified:
  head/ja_JP.eucJP/books/handbook/Makefile
  head/ja_JP.eucJP/books/handbook/bsdinstall/chapter.xml

Modified: head/ja_JP.eucJP/books/handbook/Makefile
==============================================================================
--- head/ja_JP.eucJP/books/handbook/Makefile	Tue Jul 28 07:47:22 2020	(r54380)
+++ head/ja_JP.eucJP/books/handbook/Makefile	Tue Jul 28 15:00:41 2020	(r54381)
@@ -3,7 +3,7 @@
 #
 # Build the FreeBSD Handbook (Japanese).
 #
-# Original revision: r53939
+# Original revision: r53958
 #
 
 # ------------------------------------------------------------------------
@@ -66,6 +66,7 @@ IMAGES_EN+= bsdinstall/bsdinstall-distfile-verifying.p
 IMAGES_EN+= bsdinstall/bsdinstall-final-confirmation.png
 IMAGES_EN+= bsdinstall/bsdinstall-finalconfiguration.png
 IMAGES_EN+= bsdinstall/bsdinstall-final-modification-shell.png
+IMAGES_EN+= bsdinstall/bsdinstall-hardening.png
 IMAGES_EN+= bsdinstall/bsdinstall-keymap-10.png
 IMAGES_EN+= bsdinstall/bsdinstall-keymap-loading.png
 IMAGES_EN+= bsdinstall/bsdinstall-keymap-select-default.png

Modified: head/ja_JP.eucJP/books/handbook/bsdinstall/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/bsdinstall/chapter.xml	Tue Jul 28 07:47:22 2020	(r54380)
+++ head/ja_JP.eucJP/books/handbook/bsdinstall/chapter.xml	Tue Jul 28 15:00:41 2020	(r54381)
@@ -3,7 +3,7 @@
      The FreeBSD Documentation Project
      The FreeBSD Japanese Documentation Project
 
-     Original revision: r53945
+     Original revision: r53961
      $FreeBSD$
 -->
 <chapter xmlns="http://docbook.org/ns/docbook"
@@ -993,7 +993,8 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4.</s
 	</mediaobject>
       </figure>
 
-      <para>¥­¡¼¥Þ¥Ã¥×¤¬Æɤ߹þ¤Þ¤ì¤ë¤È¡¢bsdinstall ¤Ï
+      <para>¥­¡¼¥Þ¥Ã¥×¤¬Æɤ߹þ¤Þ¤ì¤ë¤È¡¢
+	<application>bsdinstall</application> ¤Ï
 	<xref linkend="bsdinstall-keymap-10"/> ¤òɽ¼¨¤·¤Þ¤¹¡£
 	¾å²¼¤ÎÌð°õ¥­¡¼¤ò»È¤Ã¤Æ¡¢
 	¥·¥¹¥Æ¥à¤Î¥­¡¼¥Ü¡¼¥É¤ËºÇ¤â¶á¤¤¥­¡¼¥Þ¥Ã¥×¤òÁªÂò¤·¤Æ¤¯¤À¤µ¤¤¡£
@@ -2389,7 +2390,7 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4.</s
 	<listitem>
 	  <para><literal>ntpdate</literal> -
 	    µ¯Æ°»þ¤Î¼«Æ°»þ¹ïƱ´ü¤òÍ­¸ú¤Ë¤·¤Þ¤¹¡£
-	    ¤³¤Îµ¡Ç½¤Ï¡¢¸½ºß ntpd ¥Ç¡¼¥â¥ó¤Ç¤âÍøÍѤǤ­¤Þ¤¹¡£
+	    ¤³¤Îµ¡Ç½¤Ï¡¢¸½ºß &man.ntpd.8; ¥Ç¡¼¥â¥ó¤Ç¤âÍøÍѤǤ­¤Þ¤¹¡£
 	    ͱͽ´ü´Ö¤¬·Ð²á¤·¤¿¤é¡¢&man.ntpdate.8;
 	    ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ï¤½¤ÎÌòÌܤò½ª¤¨¤ëͽÄê¤Ç¤¹¡£</para>
 	</listitem>
@@ -2416,7 +2417,115 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4.</s
 	</listitem>
       </itemizedlist>
     </sect2>
+    
+    <sect2 xml:id="bsdinstall-hardening">
+      <title>¥»¥­¥å¥ê¥Æ¥£¤ò¶¯²½¤¹¤ë¥ª¥×¥·¥ç¥ó¤òÍ­¸ú¤Ë¤¹¤ë</title>
 
+      <para>¼¡¤Î¥á¥Ë¥å¡¼¤Ç¤Ï¡¢
+	Í­¸ú¤Ë¤¹¤ë¥»¥­¥å¥ê¥Æ¥£¥ª¥×¥·¥ç¥ó¤òÀßÄꤷ¤Þ¤¹¡£
+	¤¹¤Ù¤Æ¤Ï¥ª¥×¥·¥ç¥ó¤Ç¤¹¤¬¡¢Í­¸ú¤Ë¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£</para>
+
+      <figure xml:id="bsdinstall-hardening-options">
+	<title>¥»¥­¥å¥ê¥Æ¥£¤ò¶¯²½¤¹¤ë¥ª¥×¥·¥ç¥ó¤ÎÀßÄê</title>
+
+	<mediaobject>
+	  <imageobject>
+	    <imagedata fileref="bsdinstall/bsdinstall-hardening"/>
+	  </imageobject>
+	</mediaobject>
+      </figure>
+
+      <para>¤³¤Î¥á¥Ë¥å¡¼¤ÇÍ­¸ú¤Ë¤Ç¤­¤ë¤Î¤Ï¡¢°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤Ç¤¹¡£</para>
+
+      <itemizedlist>
+	<listitem>
+	  <para><literal>hide_uids</literal> -
+	    ¾ðÊóϳ±ÌËɻߤΤ¿¤á¡¢Æø¢¤Î¤Ê¤¤¥æ¡¼¥¶¤¬¡¢Â¾¤Î¥æ¡¼¥¶ (UID)
+	    ¤Ë¤è¤ê¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥×¥í¥»¥¹¤ò¸«¤ì¤Ê¤¤¤è¤¦¤Ë¡¢
+	    ¾¤Î¥æ¡¼¥¶¤¬¼Â¹Ô¤·¤Æ¤¤¤ë¥×¥í¥»¥¹¤ò±£¤·¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>hide_gids</literal> -
+	    ¾ðÊóϳ±ÌËɻߤΤ¿¤á¡¢Æø¢¤Î¤Ê¤¤¥æ¡¼¥¶¤¬¡¢Â¾¤Î¥°¥ë¡¼¥× (GID)
+	    ¤Ë¤è¤ê¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥×¥í¥»¥¹¤ò¸«¤ì¤Ê¤¤¤è¤¦¤Ë¡¢
+	    ¾¤Î¥æ¡¼¥¶¤¬¼Â¹Ô¤·¤Æ¤¤¤ë¥×¥í¥»¥¹¤ò±£¤·¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>hide_jail</literal> -
+	    Æø¢¤Î¤Ê¤¤¥æ¡¼¥¶¤¬¡¢jail
+	    ¤ÎÃæ¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥×¥í¥»¥¹¤ò¸«¤ì¤Ê¤¤¤è¤¦¤Ë¡¢
+	    jail ¤Ç¼Â¹ÔÃæ¤Î¥×¥í¥»¥¹¤ò±£¤·¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>read_msgbuf</literal> -
+	    ¸¢¸Â¤Î¤Ê¤¤¥æ¡¼¥¶¤¬¡¢&man.dmesg.8;
+	    ¤ò»È¤Ã¤Æ¥«¡¼¥Í¥ë¥í¥°¥Ð¥Ã¥Õ¥¡¤Î¥á¥Ã¥»¡¼¥¸¤ò¸«¤ë¤³¤È¤Ç¡¢
+	    ¥«¡¼¥Í¥ë¥á¥Ã¥»¡¼¥¸¥Ð¥Ã¥Õ¥¡¤òÆɤळ¤È¤ò̵¸ú¤Ë¤·¤Þ¤¹¡£ 
+	  </para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>proc_debug</literal> -
+	    ptrace() ¤ª¤è¤Ó ktrace() ¤È¤¤¤Ã¤¿ procfs µ¡Ç½¤ò´Þ¤à¡¢
+	    ¤µ¤Þ¤¶¤Þ¤ÊÆø¢¤Î¤Ê¤¤¥×¥í¥»¥¹´Ö¤Î¥Ç¥Ð¥Ã¥­¥ó¥°¥µ¡¼¥Ó¥¹¤ò¡¢
+	    Æø¢¤Î¤Ê¤¤¥æ¡¼¥¶¤¬Ìµ¸ú¤Ë¤·¤Ê¤¤¤è¤¦¤Ë¡¢
+	    ¥×¥í¥»¥¹¥Ç¥Ð¥Ã¥­¥ó¥°µ¡Ç½¤ò̵¸ú¤Ë¤·¤Þ¤¹¡£
+	    ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ë¤è¤Ã¤Æ¡¢PHP
+	    ¤Ê¤É¤Î¥¹¥¯¥ê¥×¥È¸À¸ì¤ËÂФ¹¤ëÁȤ߹þ¤ß¤Î¥Ç¥Ð¥Ã¥­¥ó¥°µ¡Ç½¤ÈƱÍͤˡ¢
+	    ¤¿¤È¤¨¤Ð &man.lldb.1;, &man.truss.1;, &man.procstat.1;
+	    ¤Ê¤É¤ÎÆø¢¤Î¤Ê¤¤¥æ¡¼¥¶¤Ë¤è¤ë¥Ç¥Ð¥Ã¥­¥ó¥°¥Ä¡¼¥ë¤â̵¸ú¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>random_pid</literal> - ¿·¤·¤¯À¸À®¤µ¤ì¤ë¥×¥í¥»¥¹¤Î
+	    PID ¤ò¥é¥ó¥À¥à²½¤·¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>clear_tmp</literal> - ¥·¥¹¥Æ¥à¤Îµ¯Æ°»þ¤Ë
+	    <filename>/tmp</filename> ¤ò¶õ¤Ë¤·¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>disable_syslogd</literal> -
+	    <application>syslogd</application> ¥Í¥Ã¥È¥ï¡¼¥¯¥½¥±¥Ã¥È¤òÊĤ¸¤Þ¤¹¡£
+	    ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os; ¤Ï <application>syslogd</application> ¤ò
+	    <command>-s</command> ¤ò»È¤Ã¤¿°ÂÁ´¤ÊÊýË¡¤Ç¼Â¹Ô¤·¤Þ¤¹¡£
+	    ¤³¤ì¤Ï¡¢³°¤«¤é¤Î¥Ý¡¼¥È 514 ¤ËÂФ¹¤ë UDP ¥ê¥¯¥¨¥¹¥È¤òÂÔµ¡¤·¤Þ¤»¤ó¡£
+	    ¤³¤Î¥ª¥×¥·¥ç¥ó¤òÍ­¸ú¤Ë¤¹¤ë¤È¡¢
+	    <application>syslogd</application> ¤ò
+	    <command>-ss</command> ¥Õ¥é¥°¤Ç¼Â¹Ô¤·¤Þ¤¹¡£
+	    ¤³¤Î¥Õ¥é¥°¤Ë¤è¤ê¡¢<application>syslogd</application>
+	    ¤Ï¶õ¤¤¤Æ¤¤¤ë¤É¤Î¥Ý¡¼¥È¤«¤é¤â¼õ¤±ÉÕ¤±¤Þ¤»¤ó¡£
+	    ¾ÜºÙ¤Ï¡¢&man.syslogd.8; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>disable_sendmail</literal> -
+	    sendmail MTA ¤ò̵¸ú¤Ë¤·¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>secure_console</literal> -
+	    ¤³¤Î¥ª¥×¥·¥ç¥ó¤òÍ­¸ú¤Ë¤¹¤ë¤È¡¢¥·¥ó¥°¥ë¥æ¡¼¥¶¥â¡¼¥É¤ËÆþ¤ëºÝ¤Ë¡¢
+	    ¥×¥í¥ó¥×¥È¤ËÂФ·¤Æ root ¥Ñ¥¹¥ï¡¼¥É¤¬É¬ÍפȤʤê¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>disable_ddtrace</literal> -
+	    &dtrace; ¤Ï¡¢
+	    ¼Â¹ÔÃæ¤Î¥«¡¼¥Í¥ë¤Ë¼ÂºÝ¤Ë±Æ¶Á¤òµÚ¤Ü¤¹¥â¡¼¥É¤Ç¼Â¹Ô¤Ç¤­¤Þ¤¹¡£
+	    Ç˲õŪ¤Ê¥¢¥¯¥·¥ç¥ó¤Ï¡¢ÌÀ¼¨Åª¤ËÍ­¸ú¤Ë¤·¤Ê¤¤¸Â¤ê¤ÏÍøÍѤǤ­¤Þ¤»¤ó¡£
+	    Ç˲õŪ¤Ê¥¢¥¯¥·¥ç¥ó¤ò¼Â¹Ô¤Ç¤­¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+	    <command>-w</command> ¤ò»È¤Ã¤Æ &dtrace; ¤ò¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+	    ¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï &man.dtrace.1; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+	</listitem>
+      </itemizedlist>
+    </sect2>
+
     <sect2 xml:id="bsdinstall-addusers">
       <title>¥æ¡¼¥¶¤ÎÄɲÃ</title>
 
@@ -2628,6 +2737,11 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4.</s
 	<listitem>
 	  <para><literal>Services</literal> -
 	    <xref linkend="bsdinstall-sysconf"/> ¤ÇÀâÌÀ¤·¤Æ¤¤¤Þ¤¹¡£</para>
+	</listitem>
+
+	<listitem>
+	  <para><literal>System Hardening</literal> -
+	    <xref linkend="bsdinstall-hardening"/> ¤ÇÀâÌÀ¤·¤Æ¤¤¤Þ¤¹¡£</para>
 	</listitem>
 
 	<listitem>

More information about the svn-doc-head mailing list