Mailinglist Archive: yast-commit (275 mails)

< Previous Next >
[yast-commit] r67809 - in /trunk/security: VERSION package/yast2-security.changes src/helps.ycp
Author: jsuchome
Date: Thu Mar 29 15:59:53 2012
New Revision: 67809

URL: http://svn.opensuse.org/viewcvs/yast?rev=67809&view=rev
Log:
- merge proofread texts


Modified:
trunk/security/VERSION
trunk/security/package/yast2-security.changes
trunk/security/src/helps.ycp

Modified: trunk/security/VERSION
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/security/VERSION?rev=67809&r1=67808&r2=67809&view=diff
==============================================================================
--- trunk/security/VERSION (original)
+++ trunk/security/VERSION Thu Mar 29 15:59:53 2012
@@ -1 +1 @@
-2.22.3
+2.22.4

Modified: trunk/security/package/yast2-security.changes
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/security/package/yast2-security.changes?rev=67809&r1=67808&r2=67809&view=diff
==============================================================================
--- trunk/security/package/yast2-security.changes (original)
+++ trunk/security/package/yast2-security.changes Thu Mar 29 15:59:53 2012
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Thu Mar 29 15:59:20 CEST 2012 - jsuchome@xxxxxxx
+
+- merge proofread texts
+- 2.22.4
+
+-------------------------------------------------------------------
Mon Mar 26 10:26:38 CEST 2012 - jsuchome@xxxxxxx

- testsuite adapted to changes in FileUtils.ycp

Modified: trunk/security/src/helps.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/security/src/helps.ycp?rev=67809&r1=67808&r2=67809&view=diff
==============================================================================
--- trunk/security/src/helps.ycp (original)
+++ trunk/security/src/helps.ycp Thu Mar 29 15:59:53 2012
@@ -117,9 +117,10 @@

/* Login dialog help 3/4 */
_("<p><b>Record Successful Login Attempts:</b> Logging successful login
-attempts is useful. It can help to warn you of unauthorized access to the
+attempts is useful. It can warn you of unauthorized access to the
system (for example, a user logging in from a different location than usual).
-</p>") +
+</p>
+") +

/* Login dialog help 4/4 */
_("<p><b>Allow Remote Graphical Login:</b> Checking this allows access
@@ -250,40 +251,40 @@


// help text: security overview dialog 1/
- "overview" : _("<P><B>Security Overview</B><BR>This is overview of the
most important security settings.</P>")
+ "overview" : _("<P><B>Security Overview</B><BR>This overview shows the
most important security settings.</P>")
// help text: security overview dialog 1/
- + _("<P>To change the current value click the link associated to the
option.</P>")
+ + _("<P>To change the current value, click the link associated to the
option.</P>")
// help text: security overview dialog 1/
- + _("<P>Check mark in the <B>Security Status</B> column means that the
current value of the option is secure.</P>"),
+ + _("<P> A check mark in the <B>Security Status</B> column means that the
current value of the option is secure.</P>"),

// an error message (rich text)
- "unknown_status" : _("<P><B>The current value could not be read. The
service is probably not installed or the option is missing in the
system.</B></P>")
+ "unknown_status" : _("<P><B>The current value could not be read. The
service is probably not installed or the option is missing on the
system.</B></P>")


];

map<string,string> help_mapping = $[
- "DISPLAYMANAGER_REMOTE_ACCESS" : _("<P>A display manager provides for a
graphical login screen and can be accessed across the network by an X server
running on another system if so configured.</P><P>The windows that are being
displayed would then transmit their data across the network. If that network is
not fully trusted, then the network traffic can be eavesdropped by an attacker,
gaining access not only to the graphical content of the display, but also to
usernames and passwords that are being used.</P><P>If you don't need
<EM>XDMCP</EM> for remote graphical logins then disable this option.</P>"),
+ "DISPLAYMANAGER_REMOTE_ACCESS" : _("<P>A display manager provides a
graphical login screen and can be accessed\nacross the network by an X server
running on another system if so\nconfigured.</P><P>The windows that are being
displayed would then transmit\ntheir data across the network. If that network
is not fully trusted, then the\nnetwork traffic can be eavesdropped by an
attacker, gaining access not only to\nthe graphical content of the display, but
also to usernames and passwords that\nare being used.</P><P>If you do not need
<EM>XDMCP</EM> for remote graphical\nlogins, then disable this option.</P>"),

- "SYSTOHC" : _("<P>Upon startup, the system time is being set from the
hardware clock of the computer. By consequence, setting the hardware clock
before shutting down is necessary.</P><P>Consistent system time is essential
for the ability of the system to create correct log messages.</P>"),
+ "SYSTOHC" : _("<P>Upon startup, the system time is being set from the
hardware clock of the\ncomputer. As a consequence, setting the hardware clock
before shutting down is\nnecessary.</P><P>Consistent system time is essential
for the system to create\ncorrect log messages.</P>"),

- "SYSLOG_ON_NO_ERROR" : _("<P>Malfunctions in a system are usually
determined by anomalies in its behaviour. Syslog messages about events that
reoccur on a regular basis are important to find causes of problems, and the
absence of a single record can tell more than the absence of all log
record.</P><P>From this standpoint, syslog messages of system events are only
useful if they are present.</P>"),
+ "SYSLOG_ON_NO_ERROR" : _("<P>Malfunctions in a system are usually detected
by anomalies in its behaviour. Syslog messages about events that reoccur on a
regular basis are important to find causes of problems. And the absence of a
single record can tell more than the absence of all log
records.</P><P>Therefore, syslog messages of system events are only useful if
they are present.</P>"),

- "DHCPD_RUN_CHROOTED" : _("<P>Chroot execution environments are used to
constrain a process to only those files that it needs by placing them in a
separate subdirectory and running the process with a changed root (chroot) set
to that directory.</P>"),
+ "DHCPD_RUN_CHROOTED" : _("<P>Chroot execution environments restrict a
process to only access files that it needs by placing them in a separate
subdirectory and running the process with a changed root (chroot) set to that
directory.</P>"),

- "DHCPD_RUN_AS" : _("<P>DHCP client daemon should run as the user
<EM>dhcpd</EM> to minimize the possible threat if the service is found
vulnerable to a weakness in its program code.</P><P>Please note that dhcpd must
not run as <EM>root</EM> or with the <EM>CAP_SYS_CHROOT</EM> capability for the
chroot execution confinement to be effective.</P>"),
+ "DHCPD_RUN_AS" : _("<P>The DHCP client daemon should run as the user
<EM>dhcpd</EM> to minimize a possible threat if the service is found vulnerable
to a weakness in its program code.</P><P>Note that dhcpd must never run as
<EM>root</EM> or with the <EM>CAP_SYS_CHROOT</EM> capability for the chroot
execution confinement to be effective.</P>"),

- "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : _("<P>Administrators should care to
not log on as <EM>root</EM> into an X Window session to minimize the usage of
the root privileges.</P><P>This option does not help against careless
administrators, but shall prevent attackers to be able to log on as
<EM>root</EM> through the display manager if they guess or otherwise acquire
the password.</P>"),
+ "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" : _("<P>Administrators should never log
on as <EM>root</EM> into an X Window session to minimize the usage of the root
privileges.</P><P>This option does not help against careless administrators,
but shall prevent attackers to be able to log on as <EM>root</EM> via the
display manager if they guess or otherwise acquire the password.</P>"),

- "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : _("<P>X Window clients, e.g.
programs that open a window on your display, connect to the X server that runs
on the physical machine. Programs can also run on a different system and can
display their content on the X server through network connections.</P><P>When
enabled it makes the X server listen on a port 6000 plus the display number.
Since the network traffic is transferred unencrypted and therefore subject to
network sniffing, and since another port held open by a program - here the X
server - opens attack options, the secure setting is to disable it.</P><P>To
display X Window clients across a network, the use of secure shell
(<EM>ssh</EM>) is recommended, which allows the X Window clients to connect to
the X server through the encrypted ssh connection.</P>"),
+ "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" : _("<P>X Window clients, e.g.
programs that open a window on your display, connect\nto the X server that runs
on the physical machine. Programs can also run on a\ndifferent system and
display their content on the X server through network\nconnections.</P><P>When
enabled, the X server listens on a port 6000 plus the\ndisplay number. Since
network traffic is transferred unencrypted and therefore\nsubject to network
sniffing, and since the port held open by the X server\noffers attack options,
the secure setting is to disable it.</P><P>To display X\nWindow clients across
a network, we recommend the use of secure shell (<EM>ssh</EM>), which allows
the X Window clients to connect to the X server through the encrypted ssh
connection.</P>"),

- "SMTPD_LISTEN_REMOTE" : _("<P>The email delivery subsystem is always
started. However, it does not expose itself to the outside of the system by
default because it does not listen on the SMTP network port 25.</P><P>If you do
not deliver emails to your system through the SMTP protocol then disable this
option.</P>"),
+ "SMTPD_LISTEN_REMOTE" : _("<P>The email delivery subsystem is always
started. However, it does not expose\nitself outside the system by default,
since it does not listen on the SMTP network port 25.</P><P>If you do not
deliver emails to your system through the SMTP protocol, then disable this
option.</P>"),

- "DISABLE_RESTART_ON_UPDATE" : _("<P>If a package containing a service that
is currently running is being updated, then the service is restarted after the
files of the package are installed.</P><P>This makes sense in most cases, and
it is safe to do, considering that many services either need their binaries
accessible in the filesystem or their configuration files. These services would
just continue to run until the services are stopped, e.g. running daemons are
killed.</P><P>This setting should only be changed if there is a specific reason
to do so.</P>"),
+ "DISABLE_RESTART_ON_UPDATE" : _("<P>If a package containing a service that
is currently running is being\nupdated, the service is restarted after the
files in the package have been\ninstalled.</P><P>This makes sense in most
cases, and it is safe to do,\nconsidering that many services either need their
binaries or configuration\nfiles accessible in the file system. Otherwise these
services would continue\nto run until the services are stopped, e.g. running
daemons are\nkilled.</P><P>This setting should only be changed if there is a
specific\nreason to do so.</P>"),

- "DISABLE_STOP_ON_REMOVAL" : _("<P>If a package containing a service that
is currently running is being uninstalled, then the service is stopped before
the files of the package are removed.</P><P>This makes sense in most cases, and
it is safe to do, considering that many services either need their binaries
accessible in the filesystem or their configuration files. These services would
just continue to run until the services are stopped, e.g. running daemons are
killed.</P><P>This setting should only be changed if there is a specific reason
to do so.</P>"),
+ "DISABLE_STOP_ON_REMOVAL" : _("<P>If a package containing a service that
is currently running is being\nuninstalled, the service is stopped before the
files of the package are\nremoved.</P><P>This makes sense in most cases, and it
is safe to do,\nconsidering that many services either need their binaries or
configuration\nfiles accessible in the file system. Otherwise these services
would continue\nto run until they are stopped, e.g. running daemons
are\nkilled.</P><P>This setting should only be changed if there is a
specific\nreason to do so.</P>"),

- "net.ipv4.tcp_syncookies" : _("<P>A system can be overwhelmed with
numerous connection attempts so that the system runs out of memory, leading to
a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a
method that can help in such situations, but in configurations with a very
large number of legitimate connection attempts from one source the
<EM>Enabled</EM> setting can bring problems with denied TCP connections under
high load.</P><P>Still, for most environments, the syncookies are the first
line of defense against SYN flood DoS attacks, so the secure setting is
<EM>Enabled</EM>.</P>"),
+ "net.ipv4.tcp_syncookies" : _("<P>A system can be overwhelmed with
numerous connection attempts so that the system runs out of memory, leading to
a Denial of Service (DoS) vulnerability.</P><P>The use of syncookies is a
method that can help in such situations. But in configurations with a very
large number of legitimate connection attempts from one source, the
<EM>Enabled</EM> setting can cause problems with denied TCP connections under
high load.</P><P>Still, for most environments, syncookies are the first line of
defense against SYN flood DoS attacks, so the secure setting is
<EM>Enabled</EM>.</P>"),

"net.ipv4.ip_forward" : _("<P>IP forwarding means to pass on network
packets that have been received, but that are not destined for one of the
system's configured network interfaces, e.g. network interface
addresses.</P><P>If a system forwards network traffic on ISO/OSI layer 3, it is
called a router. If you do not need that routing functionality, then disable
this option.</P>") + _("<P>This setting applies to <EM>IPv4</EM> only.</P>"),

@@ -314,8 +315,8 @@
is rather easy if you set this option.</p>") +
_("This setting applies for regular users."),

- "RUNLEVEL3_MANDATORY_SERVICES" : _("<P>Basic system services must be
enabled to provide system consistency and to run the security related
services.</P>"),
- "RUNLEVEL5_MANDATORY_SERVICES" : _("<P>Basic system services must be
enabled to provide system consistency and to run the security related
services.</P>"),
+ "RUNLEVEL3_MANDATORY_SERVICES" : _("<P>Basic system services must be
enabled to provide system consistency and to run the security-related
services.</P>"),
+ "RUNLEVEL5_MANDATORY_SERVICES" : _("<P>Basic system services must be
enabled to provide system consistency and to run the security-related
services.</P>"),
"RUNLEVEL3_EXTRA_SERVICES" : _("<P>Every running service is a potential
target of a security attack. Therefore it is recommended to turn off all
services which are not used by the system.</P>"),
"RUNLEVEL5_EXTRA_SERVICES" : _("<P>Every running service is a potential
target of a security attack. Therefore it is recommended to turn off all
services which are not used by the system.</P>"),
];

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages