Author: jsuchome Date: Thu Mar 29 15:59:53 2012 New Revision: 67809 URL: http://svn.opensuse.org/viewcvs/yast?rev=67809&view=rev Log: - merge proofread texts Modified: trunk/security/VERSION trunk/security/package/yast2-security.changes trunk/security/src/helps.ycp Modified: trunk/security/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/VERSION?rev=67809&r1=67808&r2=67809&view=diff ============================================================================== --- trunk/security/VERSION (original) +++ trunk/security/VERSION Thu Mar 29 15:59:53 2012 @@ -1 +1 @@ -2.22.3 +2.22.4 Modified: trunk/security/package/yast2-security.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/package/yast2-security.changes?rev=67809&r1=67808&r2=67809&view=diff ============================================================================== --- trunk/security/package/yast2-security.changes (original) +++ trunk/security/package/yast2-security.changes Thu Mar 29 15:59:53 2012 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Thu Mar 29 15:59:20 CEST 2012 - jsuchome@suse.cz + +- merge proofread texts +- 2.22.4 + +------------------------------------------------------------------- Mon Mar 26 10:26:38 CEST 2012 - jsuchome@suse.cz - testsuite adapted to changes in FileUtils.ycp Modified: trunk/security/src/helps.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/helps.ycp?rev=67809&r1=67808&r2=67809&view=diff ============================================================================== --- trunk/security/src/helps.ycp (original) +++ trunk/security/src/helps.ycp Thu Mar 29 15:59:53 2012 @@ -117,9 +117,10 @@ /* Login dialog help 3/4 */ _("<p><b>Record Successful Login Attempts:</b> Logging successful login -attempts is useful. It can help to warn you of unauthorized access to the +attempts is useful. It can warn you of unauthorized access to the system (for example, a user logging in from a different location than usual). -</p>") + +</p> +") + /* Login dialog help 4/4 */ _("<p><b>Allow Remote Graphical Login:</b> Checking this allows access @@ -250,40 +251,40 @@ // help text: security overview dialog 1/ - "overview" : _("<P><B>Security Overview</B><BR>This is overview of the most important security settings.</P>") + "overview" : _("<P><B>Security Overview</B><BR>This overview shows the most important security settings.</P>") // help text: security overview dialog 1/ - + _("<P>To change the current value click the link associated to the option.</P>") + + _("<P>To change the current value, click the link associated to the option.</P>") // help text: security overview dialog 1/ - + _("<P>Check mark in the <B>Security Status</B> column means that the current value of the option is secure.</P>"), + + _("<P> A check mark in the <B>Security Status</B> column means that the current value of the option is secure.</P>"), // an error message (rich text) - "unknown_status" : _("<P><B>The current value could not be read. The service is probably not installed or the option is missing in the system.</B></P>") + "unknown_status" : _("<P><B>The current value could not be read. The service is probably not installed or the option is missing on the system.</B></P>") ]; map<string,string> help_mapping = $[ - "DISPLAYMANAGER_REMOTE_ACCESS" : _("<P>A display manager provides for a graphical login screen and can be accessed across the network by an X server running on another system if so configured.</P><P>The windows that are being displayed would then transmit their data across the network. If that network is not fully trusted, then the network traffic can be eavesdropped by an attacker, gaining access not only to the graphical content of the display, but also to usernames and passwords that are being used.</P><P>If you don't need <EM>XDMCP</EM> for remote graphical logins then disable this option.</P>"), + "DISPLAYMANAGER_REMOTE_ACCESS" : _("<P>A display manager provides a graphical login screen and can be accessed\nacross the network by an X server running on another system if so\nconfigured.</P><P>The windows that are being displayed would then transmit\ntheir data across the network. If that network is not fully trusted, then the\nnetwork traffic can be eavesdropped by an attacker, gaining access not only to\nthe graphical content of the display, but also to usernames and passwords that\nare being used.</P><P>If you do not need <EM>XDMCP</EM> for remote graphical\nlogins, then disable this option.</P>"), - "SYSTOHC" : _("<P>Upon startup, the system time is being set from the hardware clock of the computer. By consequence, setting the hardware clock before shutting down is necessary.</P><P>Consistent system time is essential for the ability of the system to create correct log messages.</P>"), + "SYSTOHC" : _("<P>Upon startup, the system time is being set from the hardware clock of the\ncomputer. As a consequence, setting the hardware clock before shutting down is\nnecessary.</P><P>Consistent system time is essential for the system to create\ncorrect log messages.</P>"), - "SYSLOG_ON_NO_ERROR" : _("<P>Malfunctions in a system are usually determined by anomalies in its behaviour. Syslog messages about events that reoccur on a regular basis are important to find causes of problems, and the absence of a single record can tell more than the absence of all log record.</P><P>From this standpoint, syslog messages of system events are only useful if they are present.</P>"), + "SYSLOG_ON_NO_ERROR" : _("<P>Malfunctions in a system are usually detected by anomalies in its behaviour. Syslog messages about events that reoccur on a regular basis are important to find causes of problems. And the absence of a single record can tell more than the absence of all log records.</P><P>Therefore, syslog messages of system events are only useful if they are present.</P>"), - "DHCPD_RUN_CHROOTED" : _("<P>Chroot execution environments are used to constrain a process to only those files that it needs by placing them in a separate subdirectory and running the process with a changed root (chroot) set to that directory.</P>"), + "DHCPD_RUN_CHROOTED" : _("<P>Chroot execution environments restrict a process to only access files that it needs by placing them in a separate subdirectory and running the process with a changed root (chroot) set to that directory.</P>"), - "DHCPD_RUN_AS" : _("<P>DHCP client daemon should run as the user <EM>dhcpd</EM> to minimize the possible threat if the service is found vulnerable to a weakness in its program code.</P><P>Please note that dhcpd must not run as <EM>root</EM> or with the <EM>CAP_SYS_CHROOT</EM> capability for the chroot execution confinement to be effective.</P>"), + "DHCPD_RUN_AS" : _("<P>The DHCP client daemon should run as the user <EM>dhcpd</EM> to minimize a possible threat if the service is found vulnerable to a weakness in its program code.</P><P>Note that dhcpd must never run as <EM>root</EM> or with the <EM>CAP_SYS_CHROOT</EM> capability for the chroot execution confinement to be effective.</P>"), - "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : _("<P>Administrators should care to not log on as <EM>root</EM> into an X Window session to minimize the usage of the root privileges.</P><P>This option does not help against careless administrators, but shall prevent attackers to be able to log on as <EM>root</EM> through the display manager if they guess or otherwise acquire the password.</P>"), + "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : _("<P>Administrators should never log on as <EM>root</EM> into an X Window session to minimize the usage of the root privileges.</P><P>This option does not help against careless administrators, but shall prevent attackers to be able to log on as <EM>root</EM> via the display manager if they guess or otherwise acquire the password.</P>"), - "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : _("<P>X Window clients, e.g. programs that open a window on your display, connect to the X server that runs on the physical machine. Programs can also run on a different system and can display their content on the X server through network connections.</P><P>When enabled it makes the X server listen on a port 6000 plus the display number. Since the network traffic is transferred unencrypted and therefore subject to network sniffing, and since another port held open by a program - here the X server - opens attack options, the secure setting is to disable it.</P><P>To display X Window clients across a network, the use of secure shell (<EM>ssh</EM>) is recommended, which allows the X Window clients to connect to the X server through the encrypted ssh connection.</P>"), + "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : _("<P>X Window clients, e.g. programs that open a window on your display, connect\nto the X server that runs on the physical machine. Programs can also run on a\ndifferent system and display their content on the X server through network\nconnections.</P><P>When enabled, the X server listens on a port 6000 plus the\ndisplay number. Since network traffic is transferred unencrypted and therefore\nsubject to network sniffing, and since the port held open by the X server\noffers attack options, the secure setting is to disable it.</P><P>To display X\nWindow clients across a network, we recommend the use of secure shell (<EM>ssh</EM>), which allows the X Window clients to connect to the X server through the encrypted ssh connection.</P>"), - "SMTPD_LISTEN_REMOTE" : _("<P>The email delivery subsystem is always started. However, it does not expose itself to the outside of the system by default because it does not listen on the SMTP network port 25.</P><P>If you do not deliver emails to your system through the SMTP protocol then disable this option.</P>"), + "SMTPD_LISTEN_REMOTE" : _("<P>The email delivery subsystem is always started. However, it does not expose\nitself outside the system by default, since it does not listen on the SMTP network port 25.</P><P>If you do not deliver emails to your system through the SMTP protocol, then disable this option.</P>"), - "DISABLE_RESTART_ON_UPDATE" : _("<P>If a package containing a service that is currently running is being updated, then the service is restarted after the files of the package are installed.</P><P>This makes sense in most cases, and it is safe to do, considering that many services either need their binaries accessible in the filesystem or their configuration files. These services would just continue to run until the services are stopped, e.g. running daemons are killed.</P><P>This setting should only be changed if there is a specific reason to do so.</P>"), + "DISABLE_RESTART_ON_UPDATE" : _("<P>If a package containing a service that is currently running is being\nupdated, the service is restarted after the files in the package have been\ninstalled.</P><P>This makes sense in most cases, and it is safe to do,\nconsidering that many services either need their binaries or configuration\nfiles accessible in the file system. Otherwise these services would continue\nto run until the services are stopped, e.g. running daemons are\nkilled.</P><P>This setting should only be changed if there is a specific\nreason to do so.</P>"), - "DISABLE_STOP_ON_REMOVAL" : _("<P>If a package containing a service that is currently running is being uninstalled, then the service is stopped before the files of the package are removed.</P><P>This makes sense in most cases, and it is safe to do, considering that many services either need their binaries accessible in the filesystem or their configuration files. These services would just continue to run until the services are stopped, e.g. running daemons are killed.</P><P>This setting should only be changed if there is a specific reason to do so.</P>"), + "DISABLE_STOP_ON_REMOVAL" : _("<P>If a package containing a service that is currently running is being\nuninstalled, the service is stopped before the files of the package are\nremoved.</P><P>This makes sense in most cases, and it is safe to do,\nconsidering that many services either need their binaries or configuration\nfiles accessible in the file system. Otherwise these services would continue\nto run until they are stopped, e.g. running daemons are\nkilled.</P><P>This setting should only be changed if there is a specific\nreason to do so.</P>"), - "net.ipv4.tcp_syncookies" : _("<P>A system can be overwhelmed with numerous connection attempts so that the system runs out of memory, leading to a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a method that can help in such situations, but in configurations with a very large number of legitimate connection attempts from one source the <EM>Enabled</EM> setting can bring problems with denied TCP connections under high load.</P><P>Still, for most environments, the syncookies are the first line of defense against SYN flood DoS attacks, so the secure setting is <EM>Enabled</EM>.</P>"), + "net.ipv4.tcp_syncookies" : _("<P>A system can be overwhelmed with numerous connection attempts so that the system runs out of memory, leading to a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a method that can help in such situations. But in configurations with a very large number of legitimate connection attempts from one source, the <EM>Enabled</EM> setting can cause problems with denied TCP connections under high load.</P><P>Still, for most environments, syncookies are the first line of defense against SYN flood DoS attacks, so the secure setting is <EM>Enabled</EM>.</P>"), "net.ipv4.ip_forward" : _("<P>IP forwarding means to pass on network packets that have been received, but that are not destined for one of the system's configured network interfaces, e.g. network interface addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is called a router. If you do not need that routing functionality, then disable this option.</P>") + _("<P>This setting applies to <EM>IPv4</EM> only.</P>"), @@ -314,8 +315,8 @@ is rather easy if you set this option.</p>") + _("This setting applies for regular users."), - "RUNLEVEL3_MANDATORY_SERVICES" : _("<P>Basic system services must be enabled to provide system consistency and to run the security related services.</P>"), - "RUNLEVEL5_MANDATORY_SERVICES" : _("<P>Basic system services must be enabled to provide system consistency and to run the security related services.</P>"), + "RUNLEVEL3_MANDATORY_SERVICES" : _("<P>Basic system services must be enabled to provide system consistency and to run the security-related services.</P>"), + "RUNLEVEL5_MANDATORY_SERVICES" : _("<P>Basic system services must be enabled to provide system consistency and to run the security-related services.</P>"), "RUNLEVEL3_EXTRA_SERVICES" : _("<P>Every running service is a potential target of a security attack. Therefore it is recommended to turn off all services which are not used by the system.</P>"), "RUNLEVEL5_EXTRA_SERVICES" : _("<P>Every running service is a potential target of a security attack. Therefore it is recommended to turn off all services which are not used by the system.</P>"), ]; -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org