From a74a0bf0f47dfed0234c98e7c5353b7e5ad4d02f Mon Sep 17 00:00:00 2001 From: Mirek Jahoda Date: Sep 09 2018 13:16:31 +0000 Subject: Add 3 topics to nav.adoc, fix errors --- diff --git a/modules/ROOT/assets/images/selinux-intro-apache-mariadb.png b/modules/ROOT/assets/images/selinux-intro-apache-mariadb.png new file mode 100644 index 0000000..f475213 Binary files /dev/null and b/modules/ROOT/assets/images/selinux-intro-apache-mariadb.png differ diff --git a/modules/ROOT/nav.adoc b/modules/ROOT/nav.adoc index 2954cb9..a2a5c6c 100644 --- a/modules/ROOT/nav.adoc +++ b/modules/ROOT/nav.adoc @@ -16,6 +16,7 @@ * xref:fedora-life-cycle.adoc[Fedora Release Life Cycle] * xref:upgrading.adoc[Upgrading to a new release of Fedora] * xref:firewalld.adoc[Controlling network traffic with firewalld] +* xref:using-adobe-flash.adoc[Using Adobe Flash] * xref:adding-new-fonts-fedora.adoc[Adding new fonts in Fedora] * xref:create-gpg-keys.adoc[Creating GPG Keys] * xref:bootloading-with-grub2.adoc[Bootloading with GRUB2] @@ -28,6 +29,7 @@ * xref:proc_setting-key-shortcut.adoc[Setting a key shortcut to run an application in GNOME] * xref:disabling-automatic-screenlock.adoc[Disabling the GNOME automatic screen locking] * xref:viewing-logs.adoc[Viewing logs in Fedora] +* xref:encrypting-drives-using-LUKS.adoc[Encrypting drives using LUKS] * xref:assembly_installing-plugins-for-playing-movies-and-music.adoc[Installing plugins for playing movies and music] * xref:installing-and-running-vlc.adoc[Installing and running the VLC player] * xref:configuring-ip-networking-with-nmcli.adoc[Configuring networking with NetworkManager CLI (nmcli)] @@ -37,6 +39,7 @@ * xref:repositories.adoc[Fedora Repositories] * xref:adding-or-removing-software-repositories-in-fedora.adoc[Adding or removing software repositories in Fedora] * xref:reset-root-password.adoc[Resetting a root password] +* xref:proc_installing-RPM.adoc[Installing an RPM File] * xref:creating-rpm-packages.adoc[Creating RPM packages] * xref:create-hello-world-rpm.adoc[Creating a GNU Hello World RPM Package] * xref:getting-started-with-selinux.adoc[Getting started using SELinux] diff --git a/modules/ROOT/pages/_partials/con_introduction-to-luks.adoc b/modules/ROOT/pages/_partials/con_introduction-to-luks.adoc index e5098f9..cac49c5 100644 --- a/modules/ROOT/pages/_partials/con_introduction-to-luks.adoc +++ b/modules/ROOT/pages/_partials/con_introduction-to-luks.adoc @@ -5,20 +5,20 @@ Linux Unified Key Setup (LUKS) is a specification for block device encryption. LUKS uses the kernel device mapper subsystem with the `dm-crypt` module. This arrangement provides a low-level mapping that handles encryption and decryption of the device data. You can use the `cryptsetup` utility to perform user-level operations such as creating and accessing encrypted devices. -.Advantages of using LUKS - -* LUKS encrypts entire block devices and can be used for protecting the contents of mobile devices such as removable storage media and laptop disk drives. - -* The underlying content of the encrypted block device are arbitrary making it useful for encrypting `swap` devices. This is also useful fir databases that use specifically formatted block devices for data storage. - -* LUKS uses the existing device mapper kernel subsystem. This is the same subsystem used by LVM, so it is well tested. - -* LUKS provides passphrase strengthenin which protects against dictionary attacks. - -* LUKS devices contain multiple key slots allowing users to add backup keys and passphrases. - -.Disadvantages of using LUKS - -* LUKS is not useful for applications requiring many (more than eight) users to have distinct access keys to the same device. - -* LUKS does not work for applications requiring file-level encryption. +What LUKS does:: {blank} ++ +** LUKS encrypts entire block devices and is therefore well-suited for protecting the contents of mobile devices such as removable storage media or laptop disk drives. ++ +** The underlying contents of the encrypted block device are arbitrary. This makes it useful for encrypting [command]`swap` devices. This can also be useful with certain databases that use specially formatted block devices for data storage. ++ +** LUKS uses the existing device mapper kernel subsystem. ++ +** LUKS provides passphrase strengthening which protects against dictionary attacks. ++ +** LUKS devices contain multiple key slots, allowing users to add backup keys or passphrases. + +What LUKS does *not* do:: {blank} ++ +** LUKS is not well-suited for applications requiring more than eight users to have distinct access keys to the same device. ++ +** LUKS is not well-suited for applications requiring file-level encryption. diff --git a/modules/ROOT/pages/_partials/con_introduction-to-selinux.adoc b/modules/ROOT/pages/_partials/con_introduction-to-selinux.adoc index c0c5247..29a262a 100644 --- a/modules/ROOT/pages/_partials/con_introduction-to-selinux.adoc +++ b/modules/ROOT/pages/_partials/con_introduction-to-selinux.adoc @@ -24,7 +24,7 @@ For example, there is a policy rule that permits Apache (the web server process [#fig-intro-httpd-mysqld] .SELinux allows the Apache process running as httpd_t to access the /var/www/html/ directory and it denies the same process to access the /data/mysql/ directory because there is no allow rule for the httpd_t and mysqld_db_t type contexts). On the other hand, the MariaDB process running as mysqld_t is able to access the /data/mysql/ directory and SELinux also correctly denies the process with the mysqld_t type to access the /var/www/html/ directory labeled as httpd_sys_content_t. -image::../images/selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example] +image::selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example] [discrete] == Additional resources diff --git a/modules/ROOT/pages/configuring-xorg-as-default-gnome-session.adoc b/modules/ROOT/pages/configuring-xorg-as-default-gnome-session.adoc index f3b7293..880f9e0 100644 --- a/modules/ROOT/pages/configuring-xorg-as-default-gnome-session.adoc +++ b/modules/ROOT/pages/configuring-xorg-as-default-gnome-session.adoc @@ -1,8 +1,9 @@ -[id='configuring-xorg-as-default-gnome-session'] -= Configuring Xorg as the default GNOME session ifdef::context[:parent-context: {context}] :context: xorg +[id='configuring-xorg-as-default-gnome-session'] += Configuring Xorg as the default GNOME session + Wayland is the default GNOME display server. If GNOME freezes, or some applications do not function correctly in Wayland, you can choose to run GNOME in X11. @@ -14,5 +15,7 @@ include::{partialsdir}/proc_configuring-xorg-as-default-gnome-session.adoc[level . link:https://docs.fedoraproject.org/f27/system-administrators-guide/Wayland.html[Wayland Display Server in the System Administrator's Guide] . link:https://wayland.freedesktop.org/[Wayland @ freedesktop.org] + + ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/modules/ROOT/pages/creating-encrypted-block-devices.adoc b/modules/ROOT/pages/creating-encrypted-block-devices.adoc deleted file mode 100644 index b9408f0..0000000 --- a/modules/ROOT/pages/creating-encrypted-block-devices.adoc +++ /dev/null @@ -1,179 +0,0 @@ -[id='creating-encrypted-block-devices_{context}'] -= Creating encrypted block devices - -This procedure describes the steps to create and configure encrypted block devices after installation. - -[id='proc_preparing_block_device_for_encrypting'] -== Step 1: Preparing a block device - -* Install the `cryptsetup` package: -+ ----------- -# dnf install cryptsetup-luks ----------- - -* Create the block devices you want to encrypt using `parted`, `pvcreate`, `lvcreate`, and `mdadm`. - -* Optionally, fill the device, for example, `/dev/sda3` with random data before encrypting it as this increases the strength of encryption. -+ -[NOTE] -======== -Filling the device with random data increases the time necessary for encryption. -======== -+ -[WARNING] -========= -The commands below destroy any existing data on the device. -========= - -** To fill the device with high-quality random data: -+ -------- -dd if=/dev/urandom of= -------- -+ -This takes several minutes per gigabyte on most systems. -+ -** To fill the device with lower-quality random data: -+ --------- -badblocks -c 10240 -s -w -t random -v --------- -+ -This is quicker compared to the high-quality random data method. - -[id='proc_format-device-as-dmcrypt-encrypted-device'] -== Step 2: Formatting an encrypted device - -. Format the device: -+ ---------- -# cryptsetup luksFormat ---------- -+ -Sample output: -+ --------- -WARNING! -======== -This will overwrite data on (for example, /dev/xvdc) irrevocably. - -Are you sure? (Type uppercase yes): YES -Enter LUKS passphrase: -Verify passphrase: -Command successful. --------- -This command initializes the volume, and sets an initial key or passphrase. -+ -[NOTE] -========== -The passphrase is not recoverable so do not forget it. -========== - -. To verify the formatting: -+ ------ -# cryptsetup isLuks && echo Success ------ - -. To see a summary of the encryption information for the device: -+ ---------- -# cryptsetup luksDump ---------- - -[id='proc_create-mapping-to-allow-access-to-decrypted-contents'] -== Step 3: Creating mapping to allow access to a decrypted content - -To access a decrypted content on a device, you need to create a mapping using the kernel `device-mapper`. - -LUKS provides a UUID (Universally Unique Identifier) for each device. This UUID is guranteed to remain the same as long as the LUKS header remains intact. To find a LUKS UUID for the device, run the following command: - --------- -# cryptsetup luksUUID --------- - -An example of a reliable, informative and unique mapping name would be `luks-`, where `` is replaced with the LUKS UUID for the device (for example, luks-50ec957a-5b5a-47ee-85e6-f8085bbc97a8). - -. Create a mapping to access the decrypted contents on the device: -+ --------- -# cryptsetup luksOpen --------- -+ -You are prompted to enter the passphrase for the device. Once you have authenticated, you can see the mapping `/dev/mapper/` which represents the decrypted device. You can read from and write to this device like you would any other unencrypted block device. - -. To see the status of the mapping: -+ ------- -# cryptsetup -v status ------- -+ -Sample output: -+ --------- -/dev/mapper/ is active. - type: LUKS1 - cipher: aes-cbc-essiv:sha256 - keysize: 256 bits - device: /dev/xvdc - offset: 4096 sectors - size: 419426304 sectors - mode: read/write -Command successful. --------- - -[id='proc_create-filesystems-on-mapped-device'] -== Step 4: Creating filesystems on a mapped device - -After <>, you can now use the mapped device node `/dev/mapper/` like any other block device. - -. To create an `ext2` filesystem on the mapped device: -+ -------- -# mke2fs /dev/mapper/ -------- - -. To mount this file system: -+ --------- -# mkdir /mnt/test/ -# mount /dev/mapper/ /mnt/test --------- - -[id='proc_add-mapping-information-to-etc-fstab'] -== Step 5: Adding the mapping information to `/etc/fstab` - -In order for a system to setup mapping to a device, add a corresponding entry in the `/etc/crypttab` file. - -. If your system does not have the `/etc/crypttab` file, create a new file and change the owner and group to `root` (`root:root`): -+ ----------- -# touch /etc/crypttab -# chmod 0744 ----------- - -. To identify the correct device in case the device name changes, add: -+ ---------- - none ---------- -+ -Here, the `` field should be given in the form `UUID=`, where `` is the LUKS UUID. - -[id='proc_add-entry-to-etc-fstab'] -== Step 6: Adding an entry to `/etc/fstab` - -To ensure a persistent mapping between the device and the mount point, add the entry in the `/etc/fstab` file: - ------- -/dev/mapper/ ------- - -== Additional resources - - * https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions[LUKS Project Wiki: Frequently Asked Questions] - - * http://man7.org/linux/man-pages/man8/cryptsetup.8.html[cryptsetup(8) man page] - - * http://man7.org/linux/man-pages/man8/dmsetup.8.html[dmsetup(8) man page] diff --git a/modules/ROOT/pages/encrypting-drives-using-LUKS.adoc b/modules/ROOT/pages/encrypting-drives-using-LUKS.adoc index 02ea4be..fb73333 100644 --- a/modules/ROOT/pages/encrypting-drives-using-LUKS.adoc +++ b/modules/ROOT/pages/encrypting-drives-using-LUKS.adoc @@ -1,3 +1,6 @@ +ifdef::context[:parent-context: {context}] +:context: luks + [id='encrypting-drives-using-luks'] = Encrypting drives using LUKS @@ -5,10 +8,13 @@ As a system administrator, you can encrypt a block device. This section gives a :leveloffset: +1 -include::en-US/modules/con_block-device-encryption.adoc[] +include::{partialsdir}/con_block-device-encryption.adoc[] -include::en-US/modules/con_introduction-to-luks.adoc[] +include::{partialsdir}/con_introduction-to-luks.adoc[] -include::en-US/creating-encrypted-block-devices.adoc[] +include::{partialsdir}/creating-encrypted-block-devices.adoc[] :leveloffset: 0 + +ifdef::parent-context[:context: {parent-context}] +ifndef::parent-context[:!context:] diff --git a/modules/ROOT/pages/installing-spotify.adoc b/modules/ROOT/pages/installing-spotify.adoc index 48621e7..62e860a 100644 --- a/modules/ROOT/pages/installing-spotify.adoc +++ b/modules/ROOT/pages/installing-spotify.adoc @@ -1,5 +1,6 @@ ifdef::context[:parent-context: {context}] :context: installing-spotify + = Installing Spotify include::{partialsdir}/3rdparty-message.adoc[] @@ -7,5 +8,6 @@ include::{partialsdir}/3rdparty-message.adoc[] Installing the Spotify music service client on Fedora. include::{partialsdir}/proc_installing-spotify-on-fedora.adoc[leveloffset=+1] + ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/modules/ROOT/pages/proc_installing-RPM.adoc b/modules/ROOT/pages/proc_installing-RPM.adoc index fe744cb..76f8c27 100644 --- a/modules/ROOT/pages/proc_installing-RPM.adoc +++ b/modules/ROOT/pages/proc_installing-RPM.adoc @@ -1,13 +1,13 @@ -[id='proc_installing-a-RPM-file'] +[id='proc_installing-an-RPM-file'] = Installing an RPM File This procedure shows you how to install an RPM file after you have downloaded the file to your desktop. An RPM file contains the required installation packages for a software. -.Prerequisites +._Prerequisites_ * You must have administrative permission to install new RPM files on your system. Either root password or sudo access is required. -.Procedure +._Procedure_ . Open a terminal. . Change your working directory to the location of the RPM file. If you have downloaded the RPM file to the `Downloads` directory, enter: @@ -23,7 +23,3 @@ $ cd ~/Downloads ---- $ sudo rpm -i NAME_OF_RPM.rpm ---- - - - - diff --git a/modules/ROOT/pages/troubleshooting_selinux.adoc b/modules/ROOT/pages/troubleshooting_selinux.adoc index 2c08794..251c00b 100644 --- a/modules/ROOT/pages/troubleshooting_selinux.adoc +++ b/modules/ROOT/pages/troubleshooting_selinux.adoc @@ -1,5 +1,6 @@ ifdef::context[:parent-context: {context}] :context: prod_troubleshooting_selinux + [id='prod_troubleshooting_selinux'] = Troubleshooting SELinux @@ -65,5 +66,7 @@ include::modules/proc_troubleshooting_selinux_allowing_access_audit.adoc[levelof * link:https://docs-old.fedoraproject.org/en-US/Fedora/25/html/SELinux_Users_and_Administrators_Guide/chap-Security-Enhanced_Linux-Troubleshooting.html[Troubleshooting] in the SELinux User's and Administrator's Guide * link:https://fedorapeople.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf[Four Key Causes of SELinux Errors] + + ifdef::parent-context[:context: {parent-context}] ifndef::parent-context[:!context:] diff --git a/modules/ROOT/pages/using-adobe-flash.adoc b/modules/ROOT/pages/using-adobe-flash.adoc index 535ddec..ef105d0 100644 --- a/modules/ROOT/pages/using-adobe-flash.adoc +++ b/modules/ROOT/pages/using-adobe-flash.adoc @@ -1,12 +1,15 @@ -:experimental: -//include::en-US/entities.adoc[] -include::en-US/3rdparty-message.adoc[] +ifdef::context[:parent-context: {context}] +:context: adobe-flash -[id="using_adobe_flash"] = Using Adobe Flash -include::en-US/modules/con_what_is_adobe_flash.adoc[leveloffset=+1] +include::{partialsdir}/3rdparty-message.adoc[] -include::en-US/modules/proc_checking_fedora_version.adoc[leveloffset=+1] +include::{partialsdir}/con_what_is_adobe_flash.adoc[leveloffset=+1] -include::en-US/modules/proc_installing_adobe_flash.adoc[leveloffset=+1] +include::{partialsdir}/proc_checking_fedora_version.adoc[leveloffset=+1] + +include::{partialsdir}/proc_installing_adobe_flash.adoc[leveloffset=+1] + +ifdef::parent-context[:context: {parent-context}] +ifndef::parent-context[:!context:]