summaryrefslogtreecommitdiffstats
path: root/doc/book-enea-nfv-access-user-hardening-guide
diff options
context:
space:
mode:
Diffstat (limited to 'doc/book-enea-nfv-access-user-hardening-guide')
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/book.xml18
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_template.xml151
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated.xml165
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated_template_how_to_use.txt320
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/guidelines_hardening_linux.xml212
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/intro_hardentools_tech.xml209
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/intro_info_security.xml144
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/doc/introduction.xml102
-rw-r--r--doc/book-enea-nfv-access-user-hardening-guide/swcomp.mk10
9 files changed, 1331 insertions, 0 deletions
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/book.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/book.xml
new file mode 100644
index 0000000..fe6b11f
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/book.xml
@@ -0,0 +1,18 @@
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4<!ENTITY % local.common.attrib "xml:base CDATA #IMPLIED">
5]>
6<book id="book_enea_nfv_access_user_hardening_guide">
7 <title><trademark class="registered">Enea</trademark> NFV Access User's Hardening Guide</title>
8
9 <subtitle>Release Version <xi:include href="eltf_params_updated.xml"
10 xmlns:xi="http://www.w3.org/2001/XInclude"
11 xpointer="element(EneaLinux_REL_VER/1)" /></subtitle>
12 <!-- OLINKDBPATH_USED_BY_XMLMIND ../../s_docbuild/olinkdb -->
13 <xi:include href="../../s_docbuild/template/docsrc_common/bookinfo_userdoc.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
14 <xi:include href="introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
15 <xi:include href="intro_info_security.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
16 <xi:include href="guidelines_hardening_linux.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
17 <xi:include href="intro_hardentools_tech.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
18</book> \ No newline at end of file
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_template.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_template.xml
new file mode 100644
index 0000000..eaa7ebd
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_template.xml
@@ -0,0 +1,151 @@
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<section id="eltf_created_params">
5 <title>File with Parameters in the Book Auto-updated by ELFT</title>
6
7 <note>
8 <para>See the <emphasis
9 role="bold">eltf_params_updated_template_howto_use.txt</emphasis> text
10 file for description of how to create the final <emphasis
11 role="bold">eltf_params_updated.xml</emphasis> from this template and for
12 all <emphasis role="bold">REQUIREMENTS</emphasis>. Use the command
13 "<emphasis role="bold">make eltf</emphasis>" to extract a full list of all
14 ELTF variables, which always begins with ELTF_ and don't only rely on the
15 howto text file list! The plan is that ELTF will auto-update this when
16 needed.</para>
17 </note>
18
19 <section id="host_prereq">
20 <title>Common Parameters</title>
21
22 <bridgehead>A programlisting, ID
23 "eltf-prereq-apt-get-commands-host"</bridgehead>
24
25 <para id="eltf-prereq-apt-get-commands-host"><programlisting>ELTF_PL_HOST_PREREQ</programlisting></para>
26
27 <bridgehead>A programlisting, ID
28 "eltf-getting-repo-install-command"</bridgehead>
29
30 <para id="eltf-getting-repo-install-command"><programlisting>ELTF_PL_GET_REPO</programlisting></para>
31
32 <bridgehead>Several phrase elements, various IDs. Ensure EL_REL_VER is
33 correct also compared to the "previous" REL VER in pardoc-distro.xml
34 "prev_baseline".</bridgehead>
35
36 <para id="EneaLinux_REL_VER"><phrase>ELTF_EL_REL_VER</phrase></para>
37
38 <para id="Yocto_VER"><phrase>ELTF_YOCTO_VER</phrase></para>
39
40 <para id="Yocto_NAME"><phrase>ELTF_YOCTO_NAME</phrase></para>
41
42 <para id="ULINK_YOCTO_PROJECT_DOWNLOAD"><ulink
43 url="ELTF_YOCTO_PROJ_DOWNLOAD_URL">ELTF_YOCTO_PROJ_DOWNLOAD_TXTURL</ulink></para>
44
45 <para id="ULINK_ENEA_LINUX_URL"><ulink
46 url="ELTF_EL_DOWNLOAD_URL">ELTF_EL_DOWNLOAD_TXTURL</ulink></para>
47
48 <bridgehead>A programlisting, ID "eltf-repo-cloning-enea-linux". Use
49 $MACHINE/default.xml as parameter, where MACHINE is one of the target
50 directory names in the manifest.</bridgehead>
51
52 <para id="eltf-repo-cloning-enea-linux"><programlisting>ELTF_PL_CLONE_W_REPO</programlisting></para>
53
54 <bridgehead>A table with ONE row, only the row with ID
55 "eltf-eclipse-version-row" is included in the book. MANUALLY BOTH in the
56 template.xml and in the updated.xml, set condition hidden on the
57 &lt;row&gt;, if eclipse is not in the release.</bridgehead>
58
59 <informaltable>
60 <tgroup cols="1">
61 <tbody>
62 <row id="eltf-eclipse-version-row">
63 <entry>Eclipse version ELTF_ECLIPSE_VERSION plus command line
64 development tools are included in this Enea NFV Access release.</entry>
65 </row>
66 </tbody>
67 </tgroup>
68 </informaltable>
69
70 <bridgehead>Below is one big section with title "Supported Targets with
71 Parameters". The entire section is included completely in the book via ID
72 "eltf-target-tables-section" and shall be LAST in the template. The
73 template contains ONE target subsection. COPY/APPEND it, if multiple
74 targets exist in the release and optionally add rows with additional
75 target parameters in each target subsection table.</bridgehead>
76 </section>
77
78 <section id="eltf-target-tables-section">
79 <title>Supported Targets with Parameters</title>
80
81 <para>The tables below describes the target(s) supported in this Enea
82 NFV Access release.</para>
83
84 <section id="eltf-target-table-ELTF_T_MANIFEST_DIR">
85 <title>MACHINE ELTF_T_MANIFEST_DIR - Information</title>
86
87 <para><informaltable>
88 <tgroup cols="2">
89 <colspec colwidth="6*" />
90
91 <colspec colwidth="9*" />
92
93 <tbody>
94 <row>
95 <entry>Target official name</entry>
96
97 <entry>ELTF_T_NAME</entry>
98 </row>
99
100 <row>
101 <entry>Architecture and Description</entry>
102
103 <entry>ELTF_T_ARC_DESC</entry>
104 </row>
105
106 <row>
107 <entry>Link to target datasheet</entry>
108
109 <entry>See <ulink
110 url="ELTF_T_DS_URL">ELTF_T_DS_TXTURL</ulink></entry>
111 </row>
112
113 <row>
114 <entry>Poky version</entry>
115
116 <entry>ELTF_T_POKY_VER</entry>
117 </row>
118
119 <row>
120 <entry>GCC version</entry>
121
122 <entry>ELTF_T_GCC_VER</entry>
123 </row>
124
125 <row>
126 <entry>Linux Kernel Version</entry>
127
128 <entry>ELTF_T_KERN_VER</entry>
129 </row>
130
131 <row>
132 <entry>Supported Drivers</entry>
133
134 <entry>ELTF_T_DRIVERS</entry>
135 </row>
136
137 <row>
138 <entry>Enea rpm folder for downloading RPM packages for this
139 target</entry>
140
141 <entry><ulink
142 url="ELTF_T_EL_RPM_URL">ELTF_T_EL_RPM_TXTURL</ulink></entry>
143 </row>
144 </tbody>
145 </tgroup>
146 </informaltable></para>
147 </section>
148
149 <!-- ELTFADD_MORE_TARGET_SECTIONS_BELOW_IF_NEEDED -->
150 </section>
151</section> \ No newline at end of file
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated.xml
new file mode 100644
index 0000000..f6bd068
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated.xml
@@ -0,0 +1,165 @@
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<section id="eltf_created_params">
5 <title>File with Parameters in the Book Auto-updated by ELFT</title>
6
7 <note>
8 <para>See the <emphasis
9 role="bold">eltf_params_updated_template_howto_use.txt</emphasis> text
10 file for description of how to create the final <emphasis
11 role="bold">eltf_params_updated.xml</emphasis> from this template and for
12 all <emphasis role="bold">REQUIREMENTS</emphasis>. Use the command
13 "<emphasis role="bold">make eltf</emphasis>" to extract a full list of all
14 ELTF variables, which always begins with ELTF_ and don't only rely on the
15 howto text file list! The plan is that ELTF will auto-update this when
16 needed.</para>
17 </note>
18
19 <section id="host_prereq">
20 <title>Common Parameters</title>
21
22 <bridgehead>A programlisting, ID
23 "eltf-prereq-apt-get-commands-host"</bridgehead>
24
25 <para id="eltf-prereq-apt-get-commands-host"><programlisting># Host Ubuntu 14.04.5 LTS 64bit
26sudo apt-get -y update
27sudo apt-get -y install sed wget subversion git-core coreutils unzip texi2html \
28 texinfo libsdl1.2-dev docbook-utils fop gawk python-pysqlite2 diffstat \
29 make gcc build-essential xsltproc g++ desktop-file-utils chrpath \
30 libgl1-mesa-dev libglu1-mesa-dev autoconf automake groff libtool xterm \
31 libxml-parser-perl</programlisting></para>
32
33 <bridgehead>A programlisting, ID
34 "eltf-getting-repo-install-command"</bridgehead>
35
36 <para id="eltf-getting-repo-install-command"><programlisting>mkdir -p ~/bin
37curl https://storage.googleapis.com/git-repo-downloads/repo &gt; ~/bin/repo
38chmod a+x ~/bin/repo
39export PATH=~/bin:$PATH</programlisting></para>
40
41 <bridgehead>Several phrase elements, various IDs. Ensure EL_REL_VER is
42 correct also compared to the "previous" REL VER in pardoc-distro.xml
43 "prev_baseline".</bridgehead>
44
45 <para id="EneaLinux_REL_VER"><phrase>1.0</phrase></para>
46
47 <para id="Yocto_VER"><phrase>2.1</phrase></para>
48
49 <para id="Yocto_NAME"><phrase>krogoth</phrase></para>
50
51 <para id="ULINK_YOCTO_PROJECT_DOWNLOAD"><ulink
52 url="http://www.yoctoproject.org/downloads/core/krogoth/21">http://www.yoctoproject.org/downloads/core/krogoth/21</ulink></para>
53
54 <para id="ULINK_ENEA_LINUX_URL"><ulink
55 url="https://linux.enea.com/6">https://linux.enea.com/6</ulink></para>
56
57 <bridgehead>A programlisting, ID "eltf-repo-cloning-enea-linux". Use
58 $MACHINE/default.xml as parameter, where MACHINE is one of the target
59 directory names in the manifest.</bridgehead>
60
61 <para id="eltf-repo-cloning-enea-linux"><programlisting>mkdir enea-linux
62cd enea-linux
63repo init -u git@git.enea.com:linux/manifests/el_manifests-virtualization.git \
64 -b refs/tags/EL6 -m $MACHINE/default.xml
65repo sync</programlisting></para>
66
67 <bridgehead>A table with ONE row, only the row with ID
68 "eltf-eclipse-version-row" is included in the book. MANUALLY in book, set
69 condition hidden if eclipse is not in the release. Do this both in
70 template.xml and updated.xml.</bridgehead>
71
72 <informaltable>
73 <tgroup cols="1">
74 <tbody>
75 <row condition="hidden" id="eltf-eclipse-version-row">
76 <entry>Eclipse version 4.3 (Mars) plus command line development
77 tools are included in this Enea NFV Access release.</entry>
78 </row>
79 </tbody>
80 </tgroup>
81 </informaltable>
82
83 <bridgehead>Below is one big section with title "Supported Targets with
84 Parameters". The entire section is included completely in the book via ID
85 "eltf-target-tables-section" and shall be LAST in the template. The
86 template contains ONE target subsection. COPY/APPEND it, if multiple
87 targets exist in the release and optionally add rows with additional
88 target parameters in each target subsection table.</bridgehead>
89 </section>
90
91 <section id="eltf-target-tables-section">
92 <title>Supported Reference Boards with Parameters</title>
93
94 <para>The tables below describes the target(s) supported in this Enea NFV
95 Access release.</para>
96
97 <section id="eltf-target-table-p2041rdb">
98 <title>MACHINE p2041rdb - Information</title>
99
100 <para><informaltable>
101 <tgroup cols="2">
102 <colspec colwidth="6*" />
103
104 <colspec colwidth="9*" />
105
106 <tbody>
107 <row>
108 <entry>Target official name</entry>
109
110 <entry>P2041RDB</entry>
111 </row>
112
113 <row>
114 <entry>Architecture and Description</entry>
115
116 <entry>Power, e500mc</entry>
117 </row>
118
119 <row>
120 <entry>Link to target datasheet</entry>
121
122 <entry>See <ulink
123 url="http://www.nxp.com/products/microcontrollers-and-processors/power-architecture-processors/qoriq-power-architecture-processors/p2041-qoriq-reference-design-board:RDP2041BOARD">link
124 to NXP's datasheet</ulink></entry>
125 </row>
126
127 <row>
128 <entry>Poky version</entry>
129
130 <entry>Git-commit-id:
131 75ca53211488a3e268037a44ee2a7ac5c7181bd2</entry>
132 </row>
133
134 <row>
135 <entry>GCC version</entry>
136
137 <entry>5.3</entry>
138 </row>
139
140 <row>
141 <entry>Linux Kernel Version</entry>
142
143 <entry>3.12</entry>
144 </row>
145
146 <row>
147 <entry>Supported Drivers</entry>
148
149 <entry>Ethernet, I2C, SPI, PCI Express, USB, Flash,
150 SD/SDHC/SDXC, RTC</entry>
151 </row>
152
153 <row>
154 <entry>Enea rpm folder for downloading RPM packages for this
155 target</entry>
156
157 <entry><ulink
158 url="https://linux.enea.com/6/p2041rgb/rpm">https://linux.enea.com/6/p2041rgb/rpm</ulink></entry>
159 </row>
160 </tbody>
161 </tgroup>
162 </informaltable></para>
163 </section>
164 </section>
165</section> \ No newline at end of file
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated_template_how_to_use.txt b/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated_template_how_to_use.txt
new file mode 100644
index 0000000..87a6445
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/eltf_params_updated_template_how_to_use.txt
@@ -0,0 +1,320 @@
1eltf_params_template_updated_howto_use.txt
2
3This is a way to collect all parameters for an Enea NFV Access release
4in one parameter file, easy to automatically update by ELTF regularly.
5
6NOTE: Both the release info AND the open source books use parameters from
7 here, but the XML file is inside the release info book directory.
8
9NOTE: The manifest_conf.mk, or overridden by the environment variable
10 MANIFESTHASH, contains the full tag (or hashvalue) for downloading
11 the manifest when the books are built. The list of target
12 directories are fetched from the manifest into the book.
13 The eltf_params_updates.xml can all the time contain
14 the final next complete tag e.g. refs/tags/EL6 or similar
15 in the ELTF_PL_CLONE_W_REPO parameter command lines.
16
17The ordinary book XML files use xi:include statements to include elements
18from this parameter file. The book XML files can thus be manually edited.
19Before editing, you must run "make init".
20Any other text in the template or updated.xml file, outside the parts that
21are included in the book, are not used but still all must be correct
22DocBook XML files.
23
24ELTF work:
25 template => ELTF replaces ALL ELTF_xxx variables => updated XML file
26 => push to git only if changed
27
28
29eltf_params_template.xml (in git)
30 File used by ELTF to autocreate/update the real parameter
31 file eltf_params_updated.xml.
32
33eltf_params_updated.xml (in git)
34 Real parameter file where ELTF has replaced all ELTF_xx variables with
35 strings, in several cases with multiline strings.
36 No spaces or linefeed allowed in beginning or end of the variable values!
37
38
39xi:include: Each parameter is xi:include'ed in various book files, using
40 the IDs existing in the parameter files.
41 In most cases the 1:st element inside an element with an ID is included
42 using a format like eltf-prereq-apt-get-commands-host/1.
43 In very few cases the element with the ID is included in the book, one
44 example is the target section which has an ID, but which contains
45 multiple subsections, one per target.
46 All IDs in a book must be unique.
47
48DocBook XML: All XML files must be correct DocBook XML files.
49
50Do NOT edit/save the real *updated.xml file with XMLmind to avoid changes
51 not done by ELTF. But it is OK to open the real file in XMLmind to
52 check that the format is correct.
53
54ELTF should autocreate a temporary "real" file but only replace
55 and push the eltf_params_updated.xml if it is changed.
56
57
58make eltf
59 This lists all ELTF_xxx variables and some rules how to treat them
60
61DocBook Format: All elements - rules:
62 Several strict generic XML rules apply for all strings:
63 1. No TABs allowed or any other control chr than "linefeed"
64 2. Only 7-bit ASCII
65 3. Any < > & must be converted to &lt; &gt; and &amp;
66 Similar for any other non-7-bit-ASCII but avoid those!
67 4. No leading spaces or linefeeds when replacing the ELTF_* variable
68 5. No trailing spaces or linefeeds when replacing the ELTF_* variable
69 6. Note: Keep existing spaces before/efter ELTF_* in a few cases.
70
71DocBook Format: <programlisting> - rules: ELTF*PL* variables
72 Several strict rules apply for the multiline string in programlisting
73 in addition to the general XML rules above:
74 7. Max line length < 80 char
75 8. Use backslash (\) to break longer lines
76 9. Use spaces (e.g. 4) to indent continuation lines in programlistings
77 10. No trailing spaces on any line
78 11. No spaces or linefeed immediately after leading <programlisting>
79 12. No spaces or linefeed before trailing </programlisting>
80
81DocBook Format: <ulink> - rules: ELTF_*URL* variables
82 13. ELTF_*URL and corresponding ELTF_*TXTURL shall be identical strings
83 14. Only if the URL is extremely long, the TXTURL can be a separate string
84
85Each target has one section with target parameters:
86 <section id="eltf-target-table-ELTF_T_MANIFEST_DIR">
87 <title>MACHINE ELTF_T_MANIFEST_DIR - Information</title>
88 ..... with many ELTF_ variables ....
89 </section>
90
91 15. If there is only one target. ELTF just replaces ELTF parameters
92
93 16. It there are multiple targets. ELTF copies the section and appends the
94 section the required number of times.
95 Each section ID will become unique: eltf-target-table-ELTF_T_MANIFEST_DIR
96 Each section title will become unique
97
98Tables with target parameters in each target section:
99 17. It is possible for ELTF to append more rows with one parameter each
100 to these tables, because the entire tables are included in the book
101
102Special - NOT YET READY DEFINED how to handle the optionally included
103 Eclipse and its version, but this is a first suggestion:
104 18. Just now ELTF can define ELFT_ECLIPSE_VERSION as a full string
105 with both version number and name,
106 19. MANUALLY if Eclipse is NOT included in the release,
107 the release manager should manually set condition="hidden" on
108 the entire section in the book XML about Eclipse
109
110
111
112BELOW WE TRY TO EXPLAIN EACH ELTF_* variable, but always check with make eltf
113if there are more new variables, missing in this description file.
114
115_____________________________________________________________________________
116ELTF_PL_HOST_PREREQ Multiline list of host prerequisites, e.g. commands
117 like sudo apt-get install xxxx or similar.
118 First line = comment with the complete host name!
119 It is possible to include multiple hosts by just
120 adding an empty line, comment with host name, etc.
121 xi:include eltf-prereq-apt-get-commands-host/1
122 This is a <programlisting>...</programlisting>
123 Example:
124# Host Ubuntu 14.04.5 LTS 64bit
125sudo apt-get update
126sudo apt-get install sed wget subversion git-core coreutils unzip texi2html \
127 texinfo libsdl1.2-dev docbook-utils fop gawk python-pysqlite2 diffstat \
128 make gcc build-essential xsltproc g++ desktop-file-utils chrpath \
129 libgl1-mesa-dev libglu1-mesa-dev autoconf automake groff libtool xterm \
130 libxml-parser-perl
131
132_____________________________________________________________________________
133ELTF_PL_GET_REPO Multiline commands to download the repo tool
134 xi:include eltf-getting-repo-install-command/1
135 This is a <programlisting>...</programlisting>
136 Example:
137mkdir -p ~/bin
138curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
139chmod a+x ~/bin/repo
140export PATH=~/bin:$PATH
141
142_____________________________________________________________________________
143ELTF_EL_REL_VER General parameter string: The version of this Enea
144 Linux release. Major version and optional .Minor
145 Typically created from MAJOR and MINOR in enea.conf
146 MINOR in enea.conf is empty or contains a dot+minor
147 xi_include EneaLinux_REL_VER/1
148 This is a <phrase>X.x</phrase> used in many places.
149 Examples:
1506
151 or
1526.1
153
154_____________________________________________________________________________
155ELTF_YOCTO_VER General parameter string: Yocto version, created
156 from DISTRO in poky.ent
157 xi:include Yocto_VER/1
158 This is a <phrase>X.x</phrase> used in many places.
159 Example:
1602.1
161
162_____________________________________________________________________________
163ELTF_YOCTO_NAME General parameter string: Yocto name (branch), created
164 from DISTRO_NAME_NO_CAP in poky.ent
165 xi:include Yocto_NAME/1
166 This is a <phrase>X.x</phrase> used in many places.
167 Example:
168krogoth
169
170_____________________________________________________________________________
171ELTF_YOCTO_PROJ_DOWNLOAD_TXTURL General parameters. These two are IDENTICAL
172ELTF_YOCTO_PROJ_DOWNLOAD_URL strings with correct Yocto version string
173 at the end, typically without "dot".
174 xi:include ULINK_YOCTO_PROJECT_DOWNLOAD/1
175 This is an <ulink url="...">...</ulink>
176 Example:
177http://www.yoctoproject.org/downloads/core/krogoth/21
178
179_____________________________________________________________________________
180ELTF_EL_DOWNLOAD_TXTURL General parameters. These two are IDENTICAL strings
181ELTF_EL_DOWNLOAD_URL and shall be the http:/..... address where
182 Enea NFV Access can be downloaded
183 Often containing same version as in ELTF_EL_REL_VER
184 xi:include ULINK_ENEA_LINUX_URL/1
185 This is an <ulink url="...">...</ulink>
186 Example:
187http://linux.enea.com/6
188
189_____________________________________________________________________________
190ELTF_PL_CLONE_W_REPO Multiline commands to run repo to clone everything.
191 Use the variable $MACHINE/default.xml (the text in
192 the book will list the avaiable values of MACHINE,
193 taken from the manifest repository)
194 xi:include eltf-repo-cloning-enea-linux/1
195 This is a <programlisting>...</programlisting>
196 Example:
197mkdir enea-linux
198cd enea-linux
199repo init -u git://git.enea.com/linux/el_manifests-standard.git \
200 -b refs/tags/EL6 -m $MACHINE/default.xml
201repo sync
202
203_____________________________________________________________________________
204ELTF_ECLIPSE_VERSION Optional general parameter string.
205 NOT YET READY DEFINED
206 Just now a release manage must manually set
207 condition="hidden" on the Eclipse section,
208 if Eclipse is not included in the release.
209 ELTF just replaces ELTF_ECLIPSE_VERSION with a full
210 string with "X.Y (name)"
211 It includes the ID and can only be ONCE in the book.
212 xi:include eltf-eclipse-version-row
213 Example.
2144.5 (Mars)
215
216
217_____________________________________________________________________________
218ELTF_T_* All these are in each target (MACHINE) and ELTF
219 must separately replace them with strings for
220 each target
221 NOTE: All (except the MANIFEST_DIR) are in rows
222 in a table and ELTF can select to append
223 more parameters by adding more rows
224
225_____________________________________________________________________________
226ELTF_T_MANIFEST_DIR This happens to be in two places. Must be exactly
227ELTF_T_MANIFEST_DIR the directory name in the manifest, e.g. same
228 as the MACHINE names in $MACHINE/default.xml.
229 In book: a) Part of section ID
230 b) Part of section title
231 Examples:
232p2041rgb
233 or
234ls1021aiot
235 or
236qemuarm
237
238_____________________________________________________________________________
239ELTF_T_NAME Target specific: "Target Official Name"
240 NOT same as the target directory name in most cases.
241 In book: An <entry> element in a row
242 Examples:
243P2041RGB
244 or
245LS1021a-IoT
246 or
247qemuarm
248
249_____________________________________________________________________________
250ELTF_T_ARC_DESC Target specific: "Architecture and Description"
251 It can be a short identification string or
252 it can be a longer descriptive sentence.
253 In book: An <entry> element in a row
254 Examples:
255Power, e500mc
256 or
257ARM Cortex-A7
258
259_____________________________________________________________________________
260ELTF_T_DS_TXTURL Target specific: "Link to target datasheet. These
261ELTF_T_DS_URL two usually are IDENTICAL strings with correct
262 hyperlink to the target's official datasheet.
263 In book: an <ulink url="...">...</ulink>
264 Only if the link is VERY LONG, the text part shall
265 instead be a descriptive string (see 2:nd example).
266 NOTE: Also here no spaces or line-feeds!
267 Examples:
268url="http://wiki.qemu.org">http://wiki.qemu.org
269or
270url="http://www.nxp.com/products/microcontrollers-and-processors/arm-processors/qoriq-arm-processors/qoriq-ls1021a-iot-gateway-reference-design:LS1021A-IoT">link to NXP's datasheet
271
272_____________________________________________________________________________
273ELTF_T_POKY_VER Target specific: "Poky version" created either
274 from POKYVERSION in poky.ent
275 or using a hashvalue with a leading string, in
276 which case it may be different per target.
277 In book: An <entry> in a row
278 Examples:
27915.0.0
280or
281Git commit id: 75ca53211488a3e268037a44ee2a7ac5c7181bd2
282
283_____________________________________________________________________________
284ELTF_T_GCC_VER Target specific: "GCC Version". Should be in poky
285 but not easy to find among various parameters.
286 ELTF would extract it from build logs building SDK
287 and it is possibly different per target.
288 In book: An <entry> in a row
289 Example:
2905.3
291
292_____________________________________________________________________________
293ELTF_T_KERN_VER Target specific: "Linux Kernel Version". Often
294 different per target.
295 In book: An <entry> in a row
296 Example:
2973.12
298
299_____________________________________________________________________________
300ELTF_T_DRIVERS Target specific: "Supported Drivers". This is a
301 comma-separated list of driver names.
302 ELTF should create the list in same order for each
303 target, e.g. alphabetic migth be OK.
304 In book: An <entry> in a row
305 Example:
306Ethernet, I2C, SPI, PCI, USB, SD/SDHC/SDXC
307
308
309_____________________________________________________________________________
310ELTF_T_EL_RPM_TXTURL Target specific: "Enea rpm folder for downloading
311ELTF_T_EL_RPM_URL RPM packages for this target". These two are
312 INDENTICAL strings with hyperlink to the web site
313 at Enea where the customer can download RPMs
314 Note: Often the ELFT_EL_REL_VER value and
315 the ELTF_T_MANIFEST_DIR are used in the link.
316 In book: an <ulink url="...">...</ulink>
317 Example:
318url="https://linux.enea.com/6/ls1021aiot/rpm">https://linux.enea.com/6/ls1021aiot/rpm
319
320_____________________________________________________________________________
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/guidelines_hardening_linux.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/guidelines_hardening_linux.xml
new file mode 100644
index 0000000..46245da
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/guidelines_hardening_linux.xml
@@ -0,0 +1,212 @@
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<chapter id="linux_hardening">
5 <title>Guidelines on How to Harden a Linux System</title>
6
7 <para>In order to effectively create apt security layers to harden your
8 system correctly, you must first analyze your needs and answer several
9 ideas/questions which are detailed below.</para>
10
11 <orderedlist>
12 <listitem>
13 <para><emphasis role="bold">Analyzing and defining Roles for your
14 system</emphasis></para>
15
16 <itemizedlist>
17 <listitem>
18 <para>What purpose does the system have?</para>
19 </listitem>
20
21 <listitem>
22 <para>What security risks apply to the system?</para>
23 </listitem>
24
25 <listitem>
26 <para>Is it host/server? Does it need to do remote access? Public
27 use?</para>
28 </listitem>
29
30 <listitem>
31 <para>How hardened the system need to be? (This depends on what role
32 it has).</para>
33 </listitem>
34 </itemizedlist>
35 </listitem>
36
37 <listitem>
38 <para><emphasis role="bold">Review Policies and
39 Compliances</emphasis></para>
40
41 <para>What policies and compliances must your system adhere to? Examples
42 of possible standards and polices, among many others, are:</para>
43
44 <itemizedlist>
45 <listitem>
46 <para>PCI DSS (confidentiality of credit card consumer data)</para>
47 </listitem>
48
49 <listitem>
50 <para>HIPAA (protects patient data in health care system)</para>
51 </listitem>
52
53 <listitem>
54 <para>FISMA (Federal Information Security Management Act)</para>
55 </listitem>
56
57 <listitem>
58 <para>ISO 27001 family (Information Security Management
59 Systems)</para>
60 </listitem>
61 </itemizedlist>
62 </listitem>
63
64 <listitem>
65 <para><emphasis role="bold">Keep the Software
66 up-to-date</emphasis></para>
67
68 <para>Apply software updates and security fixes regularly. Upgrade as
69 soon a new version is available. It is easier to hack a system which is
70 running publicly known vulnerable software but this can be avoided.
71 Linux provides all necessary tools to keep the system updated. All
72 security updates should be reviewed and applied as soon as
73 possible.</para>
74 </listitem>
75
76 <listitem>
77 <para><emphasis role="bold">Mandatory Access Control
78 (MAC)</emphasis></para>
79
80 <para>SELinux, TOMOYO, SMACK (Simplified Mandatory Access Control
81 Kernel).</para>
82 </listitem>
83
84 <listitem>
85 <para><emphasis role="bold">Memory Protection and ASLR
86 </emphasis></para>
87
88 <para>There are two major mechanisms in place to protect memory access
89 which turned on by default on most x86-64 Linux systems. The first is
90 the so-called NX bit, which is a setting that gives finer-grained
91 permissions to mapped memory regions. The second is address space layout
92 randomization (ASLR) which randomizes where certain parts of a program
93 are loaded into memory. For further reading on this, see <ulink
94 url="https://eklitzke.org/memory-protection-and-aslr">here</ulink>.</para>
95 </listitem>
96
97 <listitem>
98 <para><emphasis role="bold">Block unauthorized access to a network and
99 Restrict Access</emphasis></para>
100
101 <itemizedlist>
102 <listitem>
103 <para>Enable the firewall (see what rules are already configured
104 iptables -L)</para>
105 </listitem>
106
107 <listitem>
108 <para>Use Intrusion Detection/Intrusion Prevention</para>
109 </listitem>
110
111 <listitem>
112 <para>Disable unused accounts, create user groups and domain
113 policy</para>
114 </listitem>
115
116 <listitem>
117 <para>Remove unused/unsecure/obsolete software</para>
118 </listitem>
119
120 <listitem>
121 <para>Disable unused services</para>
122 </listitem>
123
124 <listitem>
125 <para>Restrict remote access and administration</para>
126 </listitem>
127 </itemizedlist>
128 </listitem>
129
130 <listitem>
131 <para><emphasis role="bold">Use tools to detect
132 vulnerabilities</emphasis></para>
133
134 <itemizedlist>
135 <listitem>
136 <para>Vulnerability scanner, such as Nessus, SAINT, OpenVAS.</para>
137 </listitem>
138
139 <listitem>
140 <para>Network analyzer, such as Nmap, Wireshark.</para>
141 </listitem>
142
143 <listitem>
144 <para>Baseline Analyzer, such as Bastille which can view OS
145 configuration and try to optimize.</para>
146 </listitem>
147 </itemizedlist>
148 </listitem>
149
150 <listitem>
151 <para><emphasis role="bold">Create a Secure logging
152 System</emphasis></para>
153
154 <para>Create a secure Linux logging system that can be expanded to other
155 types of systems for secure logging. By using logs, data can be
156 collected in order to discern why a server crashed. If the server is
157 unrecoverable, remote logs allow you the ability to see what happened
158 prior to the crash, even without the system running. If the crash was
159 related to an intrusion, any information that describes how the system
160 was compromised can help determine new approaches so further intrusions
161 can be prevented.</para>
162 </listitem>
163
164 <listitem>
165 <para><emphasis role="bold">Backup &amp; recovery</emphasis></para>
166
167 <para>If a system is compromised, the first concern is how to recover.
168 To ensure that there is something to recove, backup the data and
169 configurations continually.</para>
170 </listitem>
171
172 <listitem>
173 <para><emphasis role="bold">Physical Security</emphasis></para>
174
175 <para>No matter how many security features may be implemented, there is
176 always a way that an attacker with physical access to the system
177 (hardware and software) may by-pass them. To make this as difficult as
178 possible, there are several actions that can be taken to provide a
179 degree of security against an attacker with physical access to the
180 machine:</para>
181
182 <itemizedlist>
183 <listitem>
184 <para>Make sure unauthorized persons don&rsquo;t have easy access to
185 the hardware and software.</para>
186 </listitem>
187
188 <listitem>
189 <para>Prevent an attacker from booting from another disk/USB.</para>
190 </listitem>
191
192 <listitem>
193 <para>Set permissions and login restrictions as well as a firmware
194 password. It is also important to set a secondary bootloader
195 password (LILO or GRUB) to prevent malicious users from
196 booting.</para>
197 </listitem>
198
199 <listitem>
200 <para>Encrypt disks before they are installed.</para>
201 </listitem>
202 </itemizedlist>
203 </listitem>
204
205 <listitem>
206 <para><emphasis role="bold">Review Process</emphasis></para>
207
208 <para>Review your security process and security policies often, and
209 continually seek to improve them.</para>
210 </listitem>
211 </orderedlist>
212</chapter> \ No newline at end of file
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/intro_hardentools_tech.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/intro_hardentools_tech.xml
new file mode 100644
index 0000000..294d67e
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/intro_hardentools_tech.xml
@@ -0,0 +1,209 @@
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<chapter id="intro_hardentools_tech">
3 <title>A Brief Introduction to Hardening Tools and Technologies</title>
4
5 <para>Linux by default, is not a secure operating system however, it has
6 many features and tools that can help secure it thoroughly. Detailed below
7 are several useful tools and features available for Linux which can help
8 harden the Linux system to really high degrees.</para>
9
10 <section id="namespaces">
11 <title>Namespaces</title>
12
13 <para>Namespaces are a feature of the Linux kernel that isolate and
14 virtualize system resources for a collection of processes. Examples of
15 resources that can be virtualized are:</para>
16
17 <itemizedlist>
18 <listitem>
19 <para>Process IDs</para>
20 </listitem>
21
22 <listitem>
23 <para>Hostnames</para>
24 </listitem>
25
26 <listitem>
27 <para>User IDs</para>
28 </listitem>
29
30 <listitem>
31 <para>Network access</para>
32 </listitem>
33
34 <listitem>
35 <para>UTS</para>
36 </listitem>
37
38 <listitem>
39 <para>Control Group (cgroup)</para>
40 </listitem>
41
42 <listitem>
43 <para>Interprocess communication (IPC)</para>
44 </listitem>
45
46 <listitem>
47 <para>Filesystems (mnt)</para>
48 </listitem>
49 </itemizedlist>
50
51 <para>Namespaces are a fundamental aspect of containers on Linux. Tools
52 like Docker make isolating Linux processes into their own little system
53 environments easy. This makes it possible to run a whole range of
54 applications on a single real Linux machine and ensure that no processes
55 can interfere with each other, without having to resort to using virtual
56 machines. </para>
57 </section>
58
59 <section id="intrusion_prev_dev">
60 <title>Linux Intrusion Prevention/Detection Systems</title>
61
62 <para>An Intrusion Prevention System (IPS) and an Intrusion Detection
63 System (IDS) provide an effective layer of security. The Linux Intrusion
64 Detection System (LIDS) is a patch to the Linux kernel and associated
65 administrative tools, and enhances the kernel's security by implementing
66 Mandatory Access Control (MAC).</para>
67
68 <para>When a LIDS system is booted, file restrictions are enforced
69 immediately. Once the system has come on, the <command>lidsadm
70 -I</command> command will seal off the kernel, preventing any additional
71 kernel modules from affecting it.</para>
72 </section>
73
74 <section id="kernel_hardening">
75 <title>Kernel Hardening</title>
76
77 <para>Kernel hardening is primarily about the kernel protecting itself,
78 eliminating classes of exploits, and reducing its attack surface. Two
79 approaches to hardening the standard Linux kernel are: </para>
80
81 <itemizedlist>
82 <listitem>
83 <para>Address space (memory) protection</para>
84 </listitem>
85
86 <listitem>
87 <para>Advance Access Control System</para>
88 </listitem>
89 </itemizedlist>
90
91 <para>Buffer overflows (in languages such as C) are one of the leading
92 vulnerabilities exploited to gain control of a system. The problem arises
93 when a user can insert more data into a buffer than it was originally
94 allocated for. Restrictions however, on an application's address space
95 prevent many types of buffer overflows attacks.</para>
96 </section>
97
98 <section id="lsm">
99 <title>Linux Security Modules (LSM)</title>
100
101 <para>LSM is a framework part of the Linux kernel. LSM API implements
102 hooks at all security-critical points within the kernel. The modules
103 currently accepted in the official kernel are:</para>
104
105 <itemizedlist>
106 <listitem>
107 <para>AppArmor</para>
108 </listitem>
109
110 <listitem>
111 <para>SELinux</para>
112 </listitem>
113
114 <listitem>
115 <para>Smack</para>
116 </listitem>
117
118 <listitem>
119 <para>TOMOYO Linux</para>
120 </listitem>
121
122 <listitem>
123 <para>Yama</para>
124 </listitem>
125 </itemizedlist>
126
127 <section id="selinux">
128 <title>SELinux</title>
129
130 <para><emphasis role="bold">SELinux, Security Enhanced Linux</emphasis>
131 is a Kernel security mechanism for the supporting access control
132 security policy. SELinux has three configuration modes:</para>
133
134 <itemizedlist>
135 <listitem>
136 <para>Disabled: Turned-off</para>
137 </listitem>
138
139 <listitem>
140 <para>Permissive: Prints warnings</para>
141 </listitem>
142
143 <listitem>
144 <para>Enforcing: Policy is enforced</para>
145 </listitem>
146 </itemizedlist>
147
148 <para>Edit the selinux config file to change the
149 configuration:<programlisting># /etc/selinux/config
150SELINUX=enforcing</programlisting></para>
151 </section>
152 </section>
153
154 <section id="acl">
155 <title>POSIX Access Control Lists (ACL)</title>
156
157 <para>In addition to the file owner, the file group etc., additional users
158 and groups can be granted or denied access by using POSIX ACLs. For a
159 file, ACLs can be configured:</para>
160
161 <itemizedlist>
162 <listitem>
163 <para>Per user </para>
164 </listitem>
165
166 <listitem>
167 <para>Per group</para>
168 </listitem>
169
170 <listitem>
171 <para>Via the effective right mask</para>
172 </listitem>
173
174 <listitem>
175 <para>For users not in the user group, for the file</para>
176 </listitem>
177 </itemizedlist>
178 </section>
179
180 <section id="log_audit">
181 <title>Logging and Auditing</title>
182
183 <para>Audit logs are useful for analyzing system behavior, and may help
184 detect attempts at compromising the system. Enea Linux distributions have
185 logging mechanisms that record all system activities. The syslog service
186 manages the logs in <command>/var/log/</command>. These logs are critical
187 for troubleshooting purposes.</para>
188 </section>
189
190 <section id="secure_net_coms">
191 <title>Secure Network Communication</title>
192
193 <para>Encrypt and authenticate network communication using IPsec.</para>
194 </section>
195
196 <section id="hd_encrypting">
197 <title>Hard Disk Encryption and Disk Protection</title>
198
199 <para>Encrypt the disks before they are installed. This is a crucial step
200 as it will prevent unauthorized access to data even when the hard disk is
201 connected to a different machine.</para>
202
203 <para>Disk protection is a key step in securing data. Make sure that you
204 backup data so that situations such as a damaged system and bugs in the OS
205 updates won't affect them. The backup must be transferred offsite
206 for major servers to keep data secure during unforeseen disasters. Backup
207 management must also be well-defined.</para>
208 </section>
209</chapter> \ No newline at end of file
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/intro_info_security.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/intro_info_security.xml
new file mode 100644
index 0000000..bbc203b
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/intro_info_security.xml
@@ -0,0 +1,144 @@
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<chapter id="intro_info_security">
5 <title>Introduction to Information Security</title>
6
7 <para><remark>I want to add an intro to this chapter, it's too brief and
8 vague, what is the purpose of these 3 lists, what are they intended to
9 introduce?</remark></para>
10
11 <section id="security_categories">
12 <title>Related Security Categories</title>
13
14 <itemizedlist>
15 <listitem>
16 <para>Internet Security</para>
17 </listitem>
18
19 <listitem>
20 <para>Cyberwarfare</para>
21 </listitem>
22
23 <listitem>
24 <para>Computer Security</para>
25 </listitem>
26
27 <listitem>
28 <para>Mobile Security</para>
29 </listitem>
30
31 <listitem>
32 <para>Network Security</para>
33 </listitem>
34 </itemizedlist>
35 </section>
36
37 <section id="threats">
38 <title>Threats</title>
39
40 <itemizedlist>
41 <listitem>
42 <para>Computer Crime</para>
43 </listitem>
44
45 <listitem>
46 <para>Vulnerability</para>
47 </listitem>
48
49 <listitem>
50 <para>Eavesdropping</para>
51 </listitem>
52
53 <listitem>
54 <para>Exploitation</para>
55 </listitem>
56
57 <listitem>
58 <para>Trojan Horse</para>
59 </listitem>
60
61 <listitem>
62 <para>Computer Viruses and Computer Worms</para>
63 </listitem>
64
65 <listitem>
66 <para>Denial of Service</para>
67 </listitem>
68
69 <listitem>
70 <para>Malware</para>
71 </listitem>
72
73 <listitem>
74 <para>Payload</para>
75 </listitem>
76
77 <listitem>
78 <para>Rootkit</para>
79 </listitem>
80
81 <listitem>
82 <para>Keylogger</para>
83 </listitem>
84 </itemizedlist>
85 </section>
86
87 <section id="defenses">
88 <title>Defenses</title>
89
90 <itemizedlist>
91 <listitem>
92 <para>Computer Access Control</para>
93 </listitem>
94
95 <listitem>
96 <para>Application Security</para>
97 </listitem>
98
99 <listitem>
100 <para>Antivirus Software</para>
101 </listitem>
102
103 <listitem>
104 <para>Secure Coding</para>
105 </listitem>
106
107 <listitem>
108 <para>Security by Design</para>
109 </listitem>
110
111 <listitem>
112 <para>Secure Operating Systems</para>
113 </listitem>
114
115 <listitem>
116 <para>Authentication</para>
117 </listitem>
118
119 <listitem>
120 <para>Multi-factor Authentication</para>
121 </listitem>
122
123 <listitem>
124 <para>Authorization</para>
125 </listitem>
126
127 <listitem>
128 <para>Data-centric Security</para>
129 </listitem>
130
131 <listitem>
132 <para>Firewall</para>
133 </listitem>
134
135 <listitem>
136 <para>Intrusion Detection System</para>
137 </listitem>
138
139 <listitem>
140 <para>Intrusion Prevention System</para>
141 </listitem>
142 </itemizedlist>
143 </section>
144</chapter> \ No newline at end of file
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/introduction.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/introduction.xml
new file mode 100644
index 0000000..af6b99d
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/doc/introduction.xml
@@ -0,0 +1,102 @@
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<chapter id="overview">
5 <title>Overview</title>
6
7 <para>This document describes a set of activities needed for securing Enea
8 NFV Access by users. Most security hardening configurations and features
9 affect performance, and should only be set if more security but less
10 performance is required and acceptable. We emphasize to use layers of
11 security to get the desired degree of hardening.</para>
12
13 <section id="intro">
14 <title>Introduction</title>
15
16 <para>This document describes several hardening techniques and Open Source
17 tools available for Enea NFV Access platforms.</para>
18
19 <section id="rev-hist">
20 <title>Revision History</title>
21
22 <table>
23 <tgroup cols="4">
24 <colspec align="center" />
25
26 <thead>
27 <row>
28 <entry align="center">Revision</entry>
29
30 <entry align="center">Author</entry>
31
32 <entry align="center">Date</entry>
33
34 <entry align="center">Purpose of Revision</entry>
35 </row>
36 </thead>
37
38 <tbody>
39 <row>
40 <entry>3</entry>
41
42 <entry>Sona Sarmadi</entry>
43
44 <entry>2017-09-07</entry>
45
46 <entry>Added Introduction to Information Security, sec
47 2.</entry>
48 </row>
49
50 <row>
51 <entry>2</entry>
52
53 <entry>Sona Sarmadi</entry>
54
55 <entry>2017-09-07</entry>
56
57 <entry>Updated section 2.</entry>
58 </row>
59
60 <row>
61 <entry>1</entry>
62
63 <entry>Sona Sarmadi</entry>
64
65 <entry>2017-08-31</entry>
66
67 <entry>Initial Revision, hardening guideline for users.</entry>
68 </row>
69 </tbody>
70 </tgroup>
71 </table>
72 </section>
73
74 <section id="references">
75 <title>References</title>
76
77 <itemizedlist>
78 <listitem>
79 <para><ulink
80 url="https://www.sans.org/reading-room/whitepapers/linux/linux-kernel-hardening-1294">www.sans.org/reading-room/whitepapers/linux/linux-kernel-hardening-1294</ulink></para>
81 </listitem>
82
83 <listitem>
84 <para><ulink
85 url="https://lwn.net/Articles/705262/">lwn.net/Articles/705262/</ulink></para>
86 </listitem>
87 </itemizedlist>
88 </section>
89
90 <section id="def_acro">
91 <title>Definitions and Acronyms</title>
92
93 <para>Definitions</para>
94
95 <para>[FIXME]</para>
96
97 <para>Acronyms</para>
98
99 <para>[FIXME]</para>
100 </section>
101 </section>
102</chapter> \ No newline at end of file
diff --git a/doc/book-enea-nfv-access-user-hardening-guide/swcomp.mk b/doc/book-enea-nfv-access-user-hardening-guide/swcomp.mk
new file mode 100644
index 0000000..2fe78b5
--- /dev/null
+++ b/doc/book-enea-nfv-access-user-hardening-guide/swcomp.mk
@@ -0,0 +1,10 @@
1# Component build specification
2
3# Version of THIS book
4BOOK_VER ?= $(REL_VER)-dev
5
6DOCBOOK_SRC := $(COMP)/swcomp.mk $(COMP)/doc/book.xml $(shell find $(COMP)/doc -type f \( -name "*.xml" -o -name "*.svg" -o -name "*.png" \) ! -name "book.xml" -print)
7
8BOOKPACKAGES := book-enea-nfv-access-user-hardening-guide
9BOOKDESC_$(BOOKPACKAGES) := "Enea NFV Access $(PROD_VER) User's Hardening Guide"
10BOOKDEFAULTCONDITION := $(DEFAULTCONDITIONS)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-05-13 01:44:00 +0000