doc-el commit 1023:36046d110386 - Translate sections 14.2 - 14.3...
freebsd-doc-el at lists.hellug.gr
freebsd-doc-el at lists.hellug.gr
Sun Nov 9 06:50:07 EET 2008
changeset: 1023:36046d110386
user: Stylianos Sideridis <siderste at yahoo.gr>
date: 2008-11-07 19:12 +0200
details: http://hg.hellug.gr/freebsd/doc-el/?cmd=changeset;node=36046d110386
description:
Translate sections 14.2 - 14.3 (security chapter)
diffstat:
1 file changed, 1384 insertions(+), 807 deletions(-)
el_GR.ISO8859-7/books/handbook/security/chapter.sgml | 2191 +++++++++++-------
diffs (truncated from 2514 to 300 lines):
diff -r 9947f38d88e2 -r 36046d110386 el_GR.ISO8859-7/books/handbook/security/chapter.sgml
--- a/el_GR.ISO8859-7/books/handbook/security/chapter.sgml Thu Nov 06 17:15:05 2008 +0200
+++ b/el_GR.ISO8859-7/books/handbook/security/chapter.sgml Fri Nov 07 19:12:54 2008 +0200
@@ -7,7 +7,7 @@
$FreeBSD: doc/el_GR.ISO8859-7/books/handbook/security/chapter.sgml,v 1.2 2008/01/14 14:19:47 keramida Exp $
%SOURCE% en_US.ISO8859-1/books/handbook/security/chapter.sgml
- %SRCID% 1.332
+ %SRCID% 1.323
-->
@@ -36,7 +36,7 @@
óýóôçìá, üóï êáé ãéá áóöÜëåéá ìÝóù Internet. Ôï Internet äåí åßíáé
ðëÝïí Ýíá <quote>öéëéêü</quote> ìÝñïò óôï ïðïßï êáèÝíáò èÝëåé íá åßíáé
ï åõãåíéêüò óáò ãåßôïíáò. Ç áíÜãêç áóöÜëéóçò ôïõ óõóôÞìáôïò óáò åßíáé
- åðéôáêôéêÞ ãéá íá ðñïóôáôÝøåôå ôá äåäïìÝíá óáò,ôçí ðíåõìáôéêÞ óáò
+ åðéôáêôéêÞ ãéá íá ðñïóôáôÝøåôå ôá äåäïìÝíá óáò, ôçí ðíåõìáôéêÞ óáò
éäéïêôçóßá, ôï ÷ñüíï óáò, êáé ðïëëÜ ðåñéóóüôåñá áðü ôá ÷Ýñéá ôùí ÷Üêåñò
êáé ôùí ïìïßùí ôïõò.</para>
@@ -125,48 +125,50 @@
</sect1>
<sect1 id="security-intro">
- <title>Introduction</title>
-
- <para>Security is a function that begins and ends with the system
- administrator. While all BSD &unix; multi-user systems have some
- inherent security, the job of building and maintaining additional
- security mechanisms to keep those users <quote>honest</quote> is
- probably one of the single largest undertakings of the sysadmin.
- Machines are only as secure as you make them, and security concerns
- are ever competing with the human necessity for convenience. &unix;
- systems, in general, are capable of running a huge number of
- simultaneous processes and many of these processes operate as
- servers — meaning that external entities can connect and talk
- to them. As yesterday's mini-computers and mainframes become
- today's desktops, and as computers become networked and
- inter-networked, security becomes an even bigger issue.</para>
-
- <para>System security also pertains to dealing with various forms of
- attack, including attacks that attempt to crash, or otherwise make a
- system unusable, but do not attempt to compromise the
- <username>root</username> account (<quote>break root</quote>).
- Security concerns
- can be split up into several categories:</para>
+ <title>ÅéóáãùãÞ</title>
+
+ <para>Ç áóöÜëåéá åßíáé ìéá ëåéôïõñãßá ðïõ îåêéíÜ êáé ôåëåéþíåé ìå ôïí
+ äéá÷åéñéóôÞ ôïõ óõóôÞìáôïò. Åíþ üëá ôá BSD &unix; ðïëõ-÷ñçóôéêÜ
+ óõóôÞìáôá Ý÷ïõí êÜðïéá áóöÜëåéá ðïõ êëçñïíïìïýí, ç åñãáóßá ôçò
+ äçìéïõñãßáò êáé óõíôÞñçóçò ðñüóèåôùí ìç÷áíéóìþí áóöáëåßáò ãéá íá
+ êñáôÞóåôå áõôïýò ôïõò ÷ñÞóôåò <quote>ôßìéïõò</quote> åßíáé ìÜëëïí
+ ìéá áðü ôéò ìåãáëýôåñåò åõèýíåò ôïõ sysadmin. Ôá ìç÷áíÞìáôá åßíáé ìüíï
+ ôüóï áóöáëÞ üóï ôá êÜíåôå, êáé ôá èÝìáôá áóöÜëåéáò åßíáé ðÜíôá óå
+ óõíáãùíéóìü ìå ôçí áíèñþðéíç áíÜãêç ãéá Üíåóç. Ôá &unix; óõóôÞìáôá
+ , ãåíéêÜ, åßíáé éêáíÜ íá ôñÝ÷ïõí Ýíáí ìåãÜëï áñéèìü ôáõôü÷ñïíùí
+ äéåñãáóéþí êáé ðïëëÝò áðü áõôÝò ôéò äéåñãáóßåò ëåéôïõñãïýí þò åîõðçñÝôåò
+ — ðïõ óçìáßíåé üôé åîùôåñéêÝò ïíôüôçôåò ìðïñïýí íá óõíäåèïýí êáé
+ íá ìéëÞóïõí ìå áõôÝò. ¼óï ïé ÷èåóéíïß ìéêñï-õðïëïãéóôÝò êáé ôá ìåãÜëá
+ óõóôÞìáôá ãßíïíôáé ôá óçìåñéíÜ desktops, êáé üóï ïé õðïëïãéóôÝò ãßíïíôáé
+ äõêôéáêïß êáé äéáäõêôéáêïß, ç áóöÜëåéá ãßíåôáé Ýíá áêüìá ìåãáëýôåñï
+ èÝìá.</para>
+
+ <para>Ç áóöÜëåéá óõóôçìÜôùí åðßóçò ó÷åôßæåôáé ìå ôçí áíôéìåôþðéóç äéáöüñùí
+ åéäþí åðßèåóçò, ðåñéëáìâÜíïíôáò åðéèÝóåéò ðïõ ðñïóðáèïýí íá êñáóÜñïõí,
+ Þ áëëéþò íá êáôáóôÞóïõí ôï óýóôçìá Ü÷ñçóôï, áëëÜ ðïõ äåí ðñïóðáèïýí íá
+ åêèÝóïõí óå êßíäõíï ôïí <username>root</username> ëïãáñéáóìü
+ (<quote>break root</quote>).
+ Ôá èÝìáôá áóöÜëåéáò ìðïñïýí íá ÷ùñéóôïýí óå äéÜöïñåò êáôçãïñßåò :</para>
<orderedlist>
<listitem>
- <para>Denial of service attacks.</para>
- </listitem>
-
- <listitem>
- <para>User account compromises.</para>
- </listitem>
-
- <listitem>
- <para>Root compromise through accessible servers.</para>
- </listitem>
-
- <listitem>
- <para>Root compromise via user accounts.</para>
- </listitem>
-
- <listitem>
- <para>Backdoor creation.</para>
+ <para>ÅðéèÝóåéò Üñíçóçò õðçñåóßáò.</para>
+ </listitem>
+
+ <listitem>
+ <para>¸êèåóç óå êßíäõíï ëïãáñéáóìþí ÷ñçóôþí.</para>
+ </listitem>
+
+ <listitem>
+ <para>¸êèåóç óå êßíäõíï ôïõ Root ìÝóù ðñïóâÜóéìùí åîõðçñåôþí.</para>
+ </listitem>
+
+ <listitem>
+ <para>¸êèåóç óå êßíäõíï ôïõ Root ìÝóù ëïãáñéáóìþí ÷ñçóôþí.</para>
+ </listitem>
+
+ <listitem>
+ <para>Äçìéïõñãßá backdoor.</para>
</listitem>
</orderedlist>
@@ -181,263 +183,284 @@
</indexterm>
<indexterm><primary>Denial of Service (DoS)</primary></indexterm>
- <para>A denial of service attack is an action that deprives the
- machine of needed resources. Typically, DoS attacks are
- brute-force mechanisms that attempt to crash or otherwise make a
- machine unusable by overwhelming its servers or network stack. Some
- DoS attacks try to take advantage of bugs in the networking
- stack to crash a machine with a single packet. The latter can only
- be fixed by applying a bug fix to the kernel. Attacks on servers
- can often be fixed by properly specifying options to limit the load
- the servers incur on the system under adverse conditions.
- Brute-force network attacks are harder to deal with. A
- spoofed-packet attack, for example, is nearly impossible to stop,
- short of cutting your system off from the Internet. It may not be
- able to take your machine down, but it can saturate your
- Internet connection.</para>
+ <para>Ìéá åðßèåóç Üñíçóçò õðçñåóßáò (denial of service) åßíáé ìéá åíÝñãåéá
+ ðïõ óôåñåß ôï ìç÷Üíçìá áðü ðüñïõò ðïõ ÷ñåéÜæåôáé. ÔõðéêÜ, ïé DoS
+ åðéèÝóåéò åßíáé ìç÷áíéóìïß áíçëåïýò-äýíáìçò (brute-force) ðïõ
+ ðñïóðáèïýí íá êñáóÜñïõí Þ áëëéþò íá êáôáóôÞóïõí Ü÷ñçóôï Ýíá ìç÷Üíçìá
+ êáôáêëýæïíôáò ôéò õðçñåóßåò Þ ôçí óôïßâá äõêôßïõ. ÌåñéêÝò DoS
+ åðéèÝóåéò ðñïóðáèïýí íá åêìåôáëåõôïýí óöÜëìáôá óôçí óôïßâá äõêôßïõ
+ þóôå íá êñáóÜñïõí ôï ìç÷Üíçìá ìå Ýíá ìüíï ðáêÝôï. Ôï ôåëåõôáßï ìðïñåß
+ íá äéïñèùèåß åöáñìüæïíôáò óôïí ðõñÞíá ìßá äéüñèùóç óöÜëìáôïò. Ïé
+ åðéèÝóåéò óôéò õðçñåóßåò ìðïñïýí óõ÷íÜ íá äéïñèùèïýí åöáñìüæïíôáò
+ êáôÜëëçëåò åðéëïãÝò ãéá ôïí ðåñéïñéóìü ôïõ öïñôßïõ ðïõ õößóôáíôáé ïé
+ õðçñåóßåò óôï óýóôçìá êÜôù áðü áíôßîïåò óõíèÞêåò. Ïé áíçëåïýò-äýíáìçò
+ åðéèÝóåéò áðü ôï äýêôéï åßíáé äõóêïëüôåñåò óôçí áíôéìåôþðéóÞ ôïõò. Ìéá
+ åðßèåóç spoofed-packet, ãéá ðáñÜäåéãìá, åßíáé ó÷åäüí áäýíáôï íá
+ óôáìáôçèåß, äéáêüðôïíôáò Ýôóé ôï óýóôçìÜ óáò áðü ôï Internet. Ìðïñåß
+ íá ìçí åßíáé éêáíÞ ãéá íá êñáóÜñåé ôï óýóôçìÜ óáò, áëëÜ èá åðéöÝñåé
+ êïñåóìü óôçí óýíäåóÞ óáò ìå ôï Internet.</para>
<indexterm>
<primary>security</primary>
<secondary>account compromises</secondary>
</indexterm>
- <para>A user account compromise is even more common than a DoS
- attack. Many sysadmins still run standard
+ <para>Ç Ýêèåóç ëïãáñéáóìþí ÷ñçóôþí óå êßíäõíï åßíáé ðéï óõ÷íÞ åðßèåóç
+ áðü ìéá DoS åðßèåóç. Ðïëëïß sysadmins áêüìá åêôåëïýí óõíÞèåéò
<application>telnetd</application>, <application>rlogind</application>,
- <application>rshd</application>,
- and <application>ftpd</application> servers on their machines.
- These servers, by default, do
- not operate over encrypted connections. The result is that if you
- have any moderate-sized user base, one or more of your users logging
- into your system from a remote location (which is the most common
- and convenient way to login to a system) will have his or her
- password sniffed. The attentive system admin will analyze his
- remote access logs looking for suspicious source addresses even for
- successful logins.</para>
-
- <para>One must always assume that once an attacker has access to a
- user account, the attacker can break <username>root</username>.
- However, the reality is that in a well secured and maintained system,
- access to a user account does not necessarily give the attacker
- access to <username>root</username>. The distinction is important
- because without access to <username>root</username> the attacker
- cannot generally hide his tracks and may, at best, be able to do
- nothing more than mess with the user's files, or crash the machine.
- User account compromises are very common because users tend not to
- take the precautions that sysadmins take.</para>
+ <application>rshd</application>, êáé <application>ftpd</application>
+ õðçñåóßåò óôá ìç÷áíÞìáôá ôïõò. ÁõôÝò ïé õðçñåóßåò, åî' ïñéóìïý, äåí
+ ëåéôïõñãïýí ðÜíù áðü êñõðôïãñáöçìÝíåò óõíäÝóåéò. Ôï áðïôÝëåóìá åßíáé
+ ðùò áí Ý÷åôå ìéá ìåôñßïõ- ìåãÝèïõò âÜóç ÷ñçóôþí, Ýíáò Þ ðåñéóóüôåñïé
+ áðü ôïõò ÷ñÞóôåò óáò ðïõ óõíäÝïíôáé óôï óýóôçìÜ óáò áðü ìéá
+ áðïìáêñõóìÝíç ôïðïèåóßá (ï ïðïßïò åßíáé ï ðéï êïéíüò êáé âïëéêüò
+ ôñüðïò íá óõíäÝåóáé óå Ýíá óýóôçìá) èá ôïõò Ý÷ïõí ìõñéóôåß ôïí
+ êùäéêü ôïõò. Ï ðñïóåêôéêüò äéá÷åéñéóôÞò óõóôÞìáôïò èá áíáëýóåé ôá
+ logs ôùí áðïìáêñõóìÝíùí óõíäÝóåùí øÜ÷íïíôáò ãéá ýðïðôåò äéåõèýíóåéò
+ áêüìá êáé ãéá åðéôõ÷çìÝíåò óõíäÝóåéò.</para>
+
+ <para>ÐñÝðåé ðÜíôá íá èåùñåß êáíåßò üôé áöïý Ýíáò åðéôéèÝìåíïò
+ áðïêôÞóåé ðñüóâáóç óå Ýíáí ëïãáñéáóìü ÷ñÞóôç, ï åðéôéèÝìåíïò ìðïñåß
+ íá óðÜóåé ôïí ëïãáñéáóìü <username>root</username>. Ùóôüóï, ç
+ ðñáãìáôéêüôçôá åßíáé ïôé óå Ýíá êÜëá áóöáëéóìÝíï êáé óõíôçñïýìåíï
+ óýóôçìá, ç ðñüóâáóç óå Ýíá ëïãáñéáóìü ÷ñÞóôç äåí äßíåé áðáñáßôçôá
+ ðñüóâáóç óôïí ëïãáñéáóìü ôïõ <username>root</username>. Ç äéáöïñÜ
+ åßíáé óçìáíôéêÞ åðåéäÞ ÷ùñßò ðñüóâáóç óôïí ëïãáñéáóìü
+ <username>root</username> ï åðéôéèÝìåíïò äåí ìðïñåß ãåíéêÜ íá
+ êáëýøåé ôá ß÷íç ôïõ êáé ìðïñåß, óôçí êáëýôåñç, íá åßíáé éêáíüò íá
+ êÜíåé ôßðïôá ðáñáðÜíù áðü ôï íá ìðåñäÝøåé ôïõò öáêÝëïõò ôïõ ÷ñÞóôç,
+ Þ íá êñáóÜñåé ôï ìç÷Üíçìá. Ïé åêèÝóåéò ôùí ëïãáñéáóìþí ÷ñçóôþí óå
+ êßíäõíï åßíáé ðïëý ðéï óõíÞèåéò åðåéäÞ ïé ÷ñÞóôåò ôåßíïõí íá ìçí
+ ðáßñíïõí ôéò ðñïöõëÜîåéò ðïõ ïé sysadmins ðáßñíïõí.</para>
<indexterm>
<primary>security</primary>
<secondary>backdoors</secondary>
</indexterm>
- <para>System administrators must keep in mind that there are
- potentially many ways to break <username>root</username> on a machine.
- The attacker may know the <username>root</username> password,
- the attacker may find a bug in a root-run server and be able
- to break <username>root</username> over a network
- connection to that server, or the attacker may know of a bug in
- a suid-root program that allows the attacker to break
- <username>root</username> once he has broken into a user's account.
- If an attacker has found a way to break <username>root</username>
- on a machine, the attacker may not have a need
- to install a backdoor. Many of the <username>root</username> holes
- found and closed to date involve a considerable amount of work
- by the attacker to cleanup after himself, so most attackers install
- backdoors. A backdoor provides the attacker with a way to easily
- regain <username>root</username> access to the system, but it
- also gives the smart system administrator a convenient way
- to detect the intrusion.
- Making it impossible for an attacker to install a backdoor may
- actually be detrimental to your security, because it will not
- close off the hole the attacker found to break in the first
- place.</para>
-
-
- <para>Security remedies should always be implemented with a
- multi-layered <quote>onion peel</quote> approach and can be
- categorized as follows:</para>
+ <para>Ïé äéá÷åéñéóôÝò óõóôçìÜôùí ðñÝðåé íá Ý÷ïõí óôï ìõáëü ôïõò üôé
+ õðÜñ÷ïõí ðïëëïß ôñüðïé íá óðÜóåé ï ëïãáñéáóìüò ôïõ
+ <username>root</username> óå Ýíá ìç÷Üíçìá. Ï åðéôéèÝìåíïò ìðïñåß
+ íá ãíùñßæåé ôïí êùäéêü ôïõ <username>root</username>, ìðïñåß íá
+ âñåß ìéá äõóëåéôïõñãßá óå ìéá root-run õðçñåóßá êáé íá åßíáé
+ éêáíüò íá óðÜóåé ôïí ëïãáñéáóìü <username>root</username> áðü
+ ìéá óýíäåóç äéêôýïõ óå áõôÞí ôçí õðçñåóßá, Þ ï åðéôéèÝìåíïò ìðïñåß
+ íá ãíùñßæåé ìéá äõóëåéôïõñãßá óå Ýíá suid-root ðñüãñáììá ðïõ
+ åðéôñÝðåé óôïí åðéôéèÝìåíï íá óðÜóåé ôïí ëïãáñéáóìü ôïõ
+ <username>root</username> áöïý èá Ý÷åé óðÜóåé ôïí ëïãáñéáóìü åíüò
+ ÷ñÞóôç. Áí Ýíáò åðéôéèÝìåíïò Ý÷åé âñåé Ýíáí ôñüðï ãéá íá óðÜóåé
+ ôïí ëïãáñéáóìü <username>root</username> óå Ýíá ìç÷Üíçìá, ï
+ åðéôéèÝìåíïò ìðïñåß íá ìçí ÷ñåéáóôåß íá åãêáôáóôÞóåé ìéá backdoor.
+ ÐïëëÝò áðü ôéò ôñýðåò ôïõ ëïãáñéáóìïý ôïõ <username>root</username>
+ âñßóêïíôáé êáé êëåßíïíôáé Ýùò ôçí çìÝñá ðïõ Ýíá óçìáíôéêü ðïóü
+ åñãáóßáò Ý÷åé ãßíåé áðü ôïí åðéôéèÝìåíï ãéá íá êáèáñßóåé ôá ß÷íç
+ ðïõ Üöçóå, Ýôóé ïé ðåñéóóüôåñïé åðéôéèÝìåíïé åãêáèéóôïýí backdoors.
+ Ìéá backdoor ðáñÝ÷åé óôïí åðéôéèÝìåíï Ýíáí ôñüðï þóôå åýêïëá íá
+ îáíáêåñäßóåé ðñüóâáóç óôï óýóôçìá ìå äéêáéþìáôá ôïõ
+ <username>root</username>, áëëÜ åðßóçò äßíåé óôïí Ýîõðíï äéá÷åéñéóôÞ
+ ôïõ óõóôÞìáôïò Ýíáí âïëéêü ôñüðï íá áíé÷íÝõóåé ôçí åéóâïëÞ. ÊÜíïíôáò
+ áäýíáôç ôçí åêáôÜóôáóç backdoor áðü ôïí åðéôéèÝìåíï ìðïñåß óôçí
+ ðñáãìáôéêüôçôá íá åßíáé åðéâëáâÞò ãéá ôçí áóöÜëåéÜ óáò, åðåéäÞ
+ Ýôóé äåí êëåßíåé ç ôñýðá ðïõ ï åðéôéèÝìåíïò âñÞêå ãéá íá óðÜóåé
+ áñ÷éêÜ.</para>
+
+
+ <para>Ïé èåñáðåßåò áóöáëåßáò èá ðñÝðåé ðÜíôïôå íá åöáñìüæïíôáé óå ìéá
+ ðïëý-åðßðåäç <quote>óáí öëïýäá êñåììõäéïý</quote> ðñïóÝããéóç êáé
+ ìðïñïýí íá êáôçãïñéïðïéçèïýí ùò åîÞò:</para>
<orderedlist>
<listitem>
- <para>Securing <username>root</username> and staff accounts.</para>
- </listitem>
-
- <listitem>
- <para>Securing <username>root</username>–run servers
- and suid/sgid binaries.</para>
- </listitem>
-
- <listitem>
- <para>Securing user accounts.</para>
- </listitem>
-
- <listitem>
- <para>Securing the password file.</para>
- </listitem>
-
- <listitem>
- <para>Securing the kernel core, raw devices, and
- file systems.</para>
- </listitem>
-
- <listitem>
- <para>Quick detection of inappropriate changes made to the
- system.</para>
- </listitem>
-
- <listitem>
- <para>Paranoia.</para>
+ <para>ÁóöÜëåéá ôïõ ëïãáñéáóìïý ôïõ <username>root</username> êáé
+ ôùí ëïãáñéáóìþí ôïõ ðñïóùðéêïý.</para>
+ </listitem>
+
+ <listitem>
+ <para>ÁóöÜëåéá ôùí õðçñåóßùí ðïõ ôñÝ÷ïõí ùò
More information about the Freebsd-doc-el
mailing list