Index: chapter.sgml
===================================================================
RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v
retrieving revision 1.122
diff -u -r1.122 chapter.sgml
--- chapter.sgml 2002/12/04 15:21:24 1.122
+++ chapter.sgml 2002/12/05 00:24:18
@@ -101,7 +101,7 @@
servers – meaning that external entities can connect and talk
to them. As yesterday's mini-computers and mainframes become
today's desktops, and as computers become networked and
- internetworked, security becomes an even bigger issue.
+ inter-networked, security becomes an even bigger issue.
Security is best implemented through a layered
onion approach. In a nutshell, what you want to do is
@@ -254,7 +254,7 @@
Securing the kernel core, raw devices, and
- filesystems.
+ file systems.
@@ -522,7 +522,7 @@
to a special group that only staff can access, and get rid of
(chmod 000) any suid binaries that nobody uses.
A server with no display generally does not need an
- xterm binary. Sgid binaries can be
+ xterm binary. SGID binaries can be
almost as dangerous. If an intruder can break an sgid-kmem binary,
the intruder might be able to read /dev/kmem
and thus read the encrypted password file, potentially compromising
@@ -572,7 +572,7 @@
Securing the Kernel Core, Raw Devices, and
- Filesystems
+ File systems
If an attacker breaks root he can do
just about anything, but
@@ -650,7 +650,7 @@
allow the limited-access box to ssh to
the other machines. Except for its network traffic, NFS is the
least visible method – allowing you to monitor the
- filesystems on each client box virtually undetected. If your
+ file systems on each client box virtually undetected. If your
limited-access server is connected to the client boxes through a
switch, the NFS method is often the better choice. If your
limited-access server is connected to the client boxes through a
@@ -1386,7 +1386,7 @@
Unix passwords at any time. Generally speaking, this should only
be used for people who are either unable to use the
key program, like those with dumb terminals, or
- those who are uneducable.
+ those who are ineducable.
The third line (permit port) allows all
users logging in on the specified terminal line to use Unix
@@ -3501,7 +3501,7 @@
must be compiled into the kernel. If this option has
not been compiled in, a warning message will be displayed
- when attempting to mount a file system sporting ACLs.
+ when attempting to mount a file system supporting ACLs.
ACLs rely on extended attributes being enabled on
the file system. This is supported natively in the next generation of
the UNIX file system or UFS2.
@@ -3512,7 +3512,7 @@
problem.To enable ACLs on a file system, the
- option can be passed to &man.tunefs.8; in a manner similar to the Soft Updates
+ option has to be passed to &man.tunefs.8; in a manner similar to the Soft Updates
process:&prompt.root; umount /usr