ach-master.git
6 years agoMerge pull request #32 from ax3l/ssh-moreEtmMacs
Aaron Zauner [Sun, 5 Jan 2014 20:28:45 +0000 (12:28 -0800)]
Merge pull request #32 from ax3l/ssh-moreEtmMacs

SSHd: add ETM MACs for SHA2

6 years agoOnly advertise OpenSSH 6.4
Axel Huebl [Sun, 5 Jan 2014 20:16:25 +0000 (21:16 +0100)]
Only advertise OpenSSH 6.4

GCM, UMAC and ETM added in 6.2, but due to a memory corruption vulnerability
in 6.2 and 6.3 by an insecure GCM implementation
  http://www.openssh.com/txt/gcmrekey.adv
we only recommend OpenSSH 6.4+
  http://www.openssh.com/txt/release-6.4

6 years agoETM for SSH2 was introduced in OpenSSH 6.2
Axel Huebl [Sun, 5 Jan 2014 20:01:30 +0000 (21:01 +0100)]
ETM for SSH2 was introduced in OpenSSH 6.2

I tested the settings for OpenSSH 6.4.
Release log for OpenSSH 6.2: http://www.openssh.com/txt/release-6.2

6 years agoRemove aes-192 for now
Axel Huebl [Sun, 5 Jan 2014 19:42:54 +0000 (20:42 +0100)]
Remove aes-192 for now

6 years agoMerge pull request #37 from Intichar/master
Aaron Zauner [Sun, 5 Jan 2014 19:33:14 +0000 (11:33 -0800)]
Merge pull request #37 from Intichar/master

Minor changes in IOS section

6 years agoRemove AllowUsers
Axel Huebl [Sun, 5 Jan 2014 10:53:48 +0000 (11:53 +0100)]
Remove AllowUsers

Too specific. Thanks to @azet for the feedback!

6 years agoAdd intermediate aes192-ctr
Axel Huebl [Sun, 5 Jan 2014 00:04:25 +0000 (01:04 +0100)]
Add intermediate aes192-ctr

Won't harm and increases available ciphers

6 years agospaces -> tabs
Axel Huebl [Sat, 4 Jan 2014 23:58:18 +0000 (00:58 +0100)]
spaces -> tabs

6 years agoOptional: Whitelist static users for login
Axel Huebl [Sat, 4 Jan 2014 23:46:55 +0000 (00:46 +0100)]
Optional: Whitelist static users for login

Quite conservative but useful for systems with a very limited number
of allowed system users for SSH.

6 years agoTested with OpenSSH 6.4, too
Axel Huebl [Sat, 4 Jan 2014 23:41:54 +0000 (00:41 +0100)]
Tested with OpenSSH 6.4, too

6 years agoRevert "Merge pull request #36 from krono/krono/draft-enhanchement"
Aaron Kaplan [Sat, 4 Jan 2014 19:08:20 +0000 (20:08 +0100)]
Revert "Merge pull request #36 from krono/krono/draft-enhanchement"

This reverts commit 76b22bb473e0f089fcd78159af74f3226b9be089, reversing
changes made to a3b6a5dffd72b739b98b8c9c0ead5793ab747479.

Reason:
oops, wait... I see some problems:
1) the header on the top of each page always says "Contents" (no matter which chapter it is)
2) the draft git version in the footer disappeared
3) I actually don't see a bitmap.
Sorry, reverting for now...

6 years agoShould really learn the alphabet...
Axel Huebl [Sat, 4 Jan 2014 19:00:12 +0000 (20:00 +0100)]
Should really learn the alphabet...

6 years agoAdded myself to the reviewers list
Axel Huebl [Sat, 4 Jan 2014 18:59:00 +0000 (19:59 +0100)]
Added myself to the reviewers list

6 years agoMerge pull request #36 from krono/krono/draft-enhanchement
AaronK [Sat, 4 Jan 2014 18:57:21 +0000 (10:57 -0800)]
Merge pull request #36 from krono/krono/draft-enhanchement

Change Draft-mark handling

6 years agoMerge pull request #33 from ax3l/apache2-notefix
Aaron Zauner [Sat, 4 Jan 2014 16:30:24 +0000 (08:30 -0800)]
Merge pull request #33 from ax3l/apache2-notefix

Confusion: EECDH+Cipher and stated "omit ECDHE"

6 years agoMinor changes in IOS section
Intichar [Sat, 4 Jan 2014 10:14:06 +0000 (11:14 +0100)]
Minor changes in IOS section

4096 bit rsa keys, corrected "404" link @ cisco homepage

6 years agoChange Draft-mark handling
Tobias Pape [Fri, 3 Jan 2014 19:08:42 +0000 (20:08 +0100)]
Change Draft-mark handling

 1. Replace textual mark by whole-page bitmapped image.
    This is necessary to avoid accidental selection of the mark
    when copy&paste-ing from the document.
 2. Add a draft-indicator at bottom and top of the page.

Eventually, we can:
 1. Remove the watermark altogether
 2. Remove the draft-info from the normal page footer.

6 years agoremove the draft across the document, since it is a problem with copy & paste
Aaron Kaplan [Fri, 3 Jan 2014 15:29:22 +0000 (16:29 +0100)]
remove the draft across the document, since it is a problem with copy & paste

6 years agoMerge pull request #35 from Ardobras/master
AaronK [Fri, 3 Jan 2014 15:17:23 +0000 (07:17 -0800)]
Merge pull request #35 from Ardobras/master

lighttpd config fix

6 years agolighttpd config fix
Ardobras [Fri, 3 Jan 2014 14:02:10 +0000 (15:02 +0100)]
lighttpd config fix

just ran across this small typo. either this or the curly bracket below should be removed to keep it c&p able. keep up the good work!

6 years agoremember to update the webserver config (and document it ;-)
Aaron Kaplan [Fri, 3 Jan 2014 13:19:37 +0000 (14:19 +0100)]
remember to update the webserver config (and document it ;-)

6 years agoDid you mean EECDH here?
Axel Huebl [Fri, 3 Jan 2014 01:13:40 +0000 (02:13 +0100)]
Did you mean EECDH here?

EECDH and ECDHE are synonyms
  https://www.mail-archive.com/openssl-dev@openssl.org/msg33405.html
but writing "you can omit all ciphers starting with ECDHE" and only
listing ciphers starting with "EECDH" will confuse the reader.

6 years agoSSHd: add ETM MACs for SHA2
Axel Huebl [Fri, 3 Jan 2014 00:25:28 +0000 (01:25 +0100)]
SSHd: add ETM MACs for SHA2

Should be in since 6.1 (but tested with OpenSSH 6.4).

6 years agoMerge pull request #31 from ax3l/external-links
AaronK [Thu, 2 Jan 2014 21:56:35 +0000 (13:56 -0800)]
Merge pull request #31 from ax3l/external-links

External links

6 years agoMerge pull request #30 from ax3l/text-apachehttps
AaronK [Thu, 2 Jan 2014 21:55:01 +0000 (13:55 -0800)]
Merge pull request #30 from ax3l/text-apachehttps

Replace httpS with bold s as in #22 for nginx

6 years agoremoved line vty stuff in ASA (thanks mario zabrocki)
Aaron Zauner [Thu, 2 Jan 2014 18:29:46 +0000 (19:29 +0100)]
removed line vty stuff in ASA (thanks mario zabrocki)

6 years agoMove setting to hypersetup
Axel Huebl [Thu, 2 Jan 2014 16:12:48 +0000 (17:12 +0100)]
Move setting to hypersetup

6 years agoOpen External Links in New Window
Axel Huebl [Thu, 2 Jan 2014 16:06:55 +0000 (17:06 +0100)]
Open External Links in New Window

I am viewing this document with Firefox's internal pdf viewer, which results in
opening all external links in the same tab as the document itself.

See https://en.wikibooks.org/wiki/LaTeX/Hyperlinks#Customization for the option
pdfnewwindow "define if a new window should get opened when a link leads out of
the current document".

I am not sure of one should add this option to
  fonts/opensans/doc/fonts/opensans/opensans.tex
too.

6 years agoReplace httpS with bold s as in #22 for nginx
Axel Huebl [Thu, 2 Jan 2014 16:00:06 +0000 (17:00 +0100)]
Replace httpS with bold s as in #22 for nginx

- grep'ed last two occurences of httpS://
- update to same style as in nginx section (pull #22)

6 years agoMerge pull request #29 from ax3l/master
AaronK [Thu, 2 Jan 2014 15:41:09 +0000 (07:41 -0800)]
Merge pull request #29 from ax3l/master

Disclaimer: Replace Heise Link (en)

6 years agoDisclaimer: Replace Heise Link (en)
Axel Huebl [Thu, 2 Jan 2014 15:36:08 +0000 (16:36 +0100)]
Disclaimer: Replace Heise Link (en)

Replace the link to the german homepage of heise online with the english one.

6 years agoMerge pull request #28 from Bananeweizen/patch-1
AaronK [Thu, 2 Jan 2014 15:34:12 +0000 (07:34 -0800)]
Merge pull request #28 from Bananeweizen/patch-1

Update README.md

6 years agoMerge pull request #24 from qbi/patch-1
AaronK [Thu, 2 Jan 2014 15:33:30 +0000 (07:33 -0800)]
Merge pull request #24 from qbi/patch-1

Corrected small typo

6 years agoMerge pull request #25 from qbi/patch-2
AaronK [Thu, 2 Jan 2014 15:33:14 +0000 (07:33 -0800)]
Merge pull request #25 from qbi/patch-2

TODO: Test with non-Debian-OS

6 years agoTODO: add timestamp and git shorthash to title page
Pepi Zawodsky [Thu, 2 Jan 2014 14:56:49 +0000 (15:56 +0100)]
TODO: add timestamp and git shorthash to title page

6 years agoAdded requested export formats, TXT, HTML and EPUB
Pepi Zawodsky [Thu, 2 Jan 2014 14:50:10 +0000 (15:50 +0100)]
Added requested export formats, TXT, HTML and EPUB

6 years agotry to remove the "DRAFT" letters across the document
Aaron Kaplan [Thu, 2 Jan 2014 14:05:34 +0000 (15:05 +0100)]
try to remove the "DRAFT" letters across the document
document open TODOs

6 years agoUpdate README.md
Bananeweizen [Thu, 2 Jan 2014 13:55:17 +0000 (14:55 +0100)]
Update README.md

Fix word repetition, typography and markdown formatting.

6 years agofix openvpn easy-rsa wording. It was an example, not a definitive number. Thx riepl...
Aaron Kaplan [Thu, 2 Jan 2014 13:35:06 +0000 (14:35 +0100)]
fix openvpn easy-rsa wording. It was an example, not a definitive number. Thx riepl@cert.at!

6 years agodocument how to check how much entropy is avail on linux
Aaron Kaplan [Thu, 2 Jan 2014 13:20:07 +0000 (14:20 +0100)]
document how to check how much entropy is avail on linux

6 years agoMerge pull request #27 from vzsze/patch-1
AaronK [Thu, 2 Jan 2014 10:41:40 +0000 (02:41 -0800)]
Merge pull request #27 from vzsze/patch-1

Fix typo in "How to test" commandline.

6 years agoMerge pull request #26 from Astranox/master
AaronK [Thu, 2 Jan 2014 10:37:10 +0000 (02:37 -0800)]
Merge pull request #26 from Astranox/master

fix command for checking for incoming

6 years agoFix typo in "How to test" commandline.
Rolf Kutz [Thu, 2 Jan 2014 00:28:56 +0000 (01:28 +0100)]
Fix typo in "How to test" commandline.

6 years agofix command for checking for incoming
David Kaufmann [Wed, 1 Jan 2014 22:13:09 +0000 (23:13 +0100)]
fix command for checking for incoming
tls-connections in postfix
also this only works with smtpd_tls_loglevel = 1,
even on postfix 2.9.6-2 (debian wheezy)

6 years agoTODO: Test with non-Debian-OS
Jens Kubieziel [Wed, 1 Jan 2014 21:59:39 +0000 (22:59 +0100)]
TODO: Test with non-Debian-OS

Right now the configs seem to be only tested with Debian GNU/Linux. However Fedora, SUSE etc. bring different versions of OpenSSL. So they might not work there.

6 years agoCorrected small typo
Jens Kubieziel [Wed, 1 Jan 2014 21:57:41 +0000 (22:57 +0100)]
Corrected small typo

6 years agoMerge github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Wed, 1 Jan 2014 17:24:36 +0000 (18:24 +0100)]
Merge github.com:BetterCrypto/Applied-Crypto-Hardening

6 years agoMerge pull request #22 from mrothe/patch-1
AaronK [Wed, 1 Jan 2014 17:23:38 +0000 (09:23 -0800)]
Merge pull request #22 from mrothe/patch-1

webserver.tex: use faster redirect for nginx

6 years agowebserver.tex: use faster redirect for nginx
mrothe [Wed, 1 Jan 2014 14:39:24 +0000 (15:39 +0100)]
webserver.tex: use faster redirect for nginx

Doing a redirect by return is faster than what was previously used.
Also replace in the text the capital S by a bold one in "https://"

6 years agorephrase todo
Aaron Kaplan [Tue, 31 Dec 2013 20:33:59 +0000 (21:33 +0100)]
rephrase todo

6 years agoproxy solutions: deleted repeating text
Aaron Kaplan [Tue, 31 Dec 2013 20:32:04 +0000 (21:32 +0100)]
proxy solutions: deleted repeating text
mailservers: formatting
im: it was not clear where the version string starts and ends

6 years agoGrammar, spelling
Aaron Kaplan [Tue, 31 Dec 2013 20:26:10 +0000 (21:26 +0100)]
Grammar, spelling

6 years agotypos
Aaron Kaplan [Tue, 31 Dec 2013 20:24:18 +0000 (21:24 +0100)]
typos

6 years agostyle/grammar
Aaron Kaplan [Tue, 31 Dec 2013 20:15:55 +0000 (21:15 +0100)]
style/grammar

6 years agoChange Debian Wheezy -> Debian 7.0 as recommended by Cyril (see mailing list, 30th...
Aaron Kaplan [Tue, 31 Dec 2013 16:41:17 +0000 (17:41 +0100)]
Change Debian Wheezy -> Debian 7.0 as recommended by Cyril (see mailing list, 30th of Dec 2013)

6 years agoMerge pull request #21 from cy8aer/lighty-corrections
AaronK [Tue, 31 Dec 2013 13:40:32 +0000 (05:40 -0800)]
Merge pull request #21 from cy8aer/lighty-corrections

syntax error on Lighty 1.4.33-1+nmu2 (Debian Sallie):

6 years agosyntax error on Lighty 1.4.33-1+nmu2 (Debian Sallie):
Thomas Renard [Tue, 31 Dec 2013 12:41:39 +0000 (13:41 +0100)]
syntax error on Lighty 1.4.33-1+nmu2 (Debian Sallie):

" instead of " for ssl.cipher-list

6 years agonote to self about RFC for storing keys in DNS
Aaron Kaplan [Tue, 31 Dec 2013 10:24:43 +0000 (11:24 +0100)]
note to self about RFC for storing keys in DNS

6 years agoupdate TODO . Thx Alexandre for the good ideas.
Aaron Kaplan [Tue, 31 Dec 2013 10:21:58 +0000 (11:21 +0100)]
update TODO . Thx Alexandre for the good ideas.
removed reviewers.tex and an old version
reviewers.tex is now in acknowledgement.tex

6 years agooops, reviewers moved to acknowledgement.tex
Aaron Kaplan [Tue, 31 Dec 2013 10:18:30 +0000 (11:18 +0100)]
oops, reviewers moved to acknowledgement.tex

6 years agoadd reviewers. Somehow Berg's changes in
Aaron Kaplan [Tue, 31 Dec 2013 10:09:14 +0000 (11:09 +0100)]
add reviewers. Somehow Berg's changes in
https://github.com/BetterCrypto/Applied-Crypto-Hardening/commit/ed1e29456746015130886b11b6a20b81440fc460
git overwritten again. RE-do them

6 years agoMerge pull request #20 from schwindp/master
AaronK [Tue, 31 Dec 2013 08:45:26 +0000 (00:45 -0800)]
Merge pull request #20 from schwindp/master

small typo in further_research.tex

6 years agosmall typo
Peter Schwindt [Tue, 31 Dec 2013 08:36:08 +0000 (09:36 +0100)]
small typo

6 years agoremoved additional settings text due to serverkeybits not being used
Aaron Zauner [Mon, 30 Dec 2013 22:40:14 +0000 (23:40 +0100)]
removed additional settings text due to serverkeybits not being used

6 years agofixed a few errors in sshd_config - thanx kurt roeckx, hugh o\'brien
Aaron Zauner [Mon, 30 Dec 2013 19:12:02 +0000 (20:12 +0100)]
fixed a few errors in sshd_config - thanx kurt roeckx, hugh o\'brien

6 years agoMerge pull request #19 from schwindp/master
AaronK [Sun, 29 Dec 2013 12:22:47 +0000 (04:22 -0800)]
Merge pull request #19 from schwindp/master

Update im.tex (small typos, more \url{}). Thx Peter!

6 years agoUpdate im.tex (small typos, more \url{})
Peter Schwindt [Sun, 29 Dec 2013 11:59:25 +0000 (12:59 +0100)]
Update im.tex (small typos, more \url{})

use moar \url{}

6 years agoinserted missing half sentence
cm [Sat, 28 Dec 2013 15:57:11 +0000 (16:57 +0100)]
inserted missing half sentence

6 years agofix references of things which moved to the appendix
Aaron Kaplan [Sat, 28 Dec 2013 15:19:47 +0000 (16:19 +0100)]
fix references of things which moved to the appendix

6 years agofix references to appendix A (previously section "tools")
Aaron Kaplan [Sat, 28 Dec 2013 15:15:39 +0000 (16:15 +0100)]
fix references to appendix A (previously section "tools")

6 years agoMerge pull request #18 from krono/latex-cleanups
AaronK [Sat, 28 Dec 2013 15:10:12 +0000 (07:10 -0800)]
Merge pull request #18 from krono/latex-cleanups

Latex cleanups. Looks good, checked by Aaron and Eva. These changes deal with latex code per se. Not with the content.

6 years agoMerge github.com:BetterCrypto/Applied-Crypto-Hardening
Aaron Kaplan [Sat, 28 Dec 2013 15:08:35 +0000 (16:08 +0100)]
Merge github.com:BetterCrypto/Applied-Crypto-Hardening

6 years agomake it a subsection*
Tobias Pape [Sat, 28 Dec 2013 00:18:34 +0000 (01:18 +0100)]
make it a subsection*

6 years agoFront image is unreferenced, hence no figure.
Tobias Pape [Fri, 27 Dec 2013 23:46:10 +0000 (00:46 +0100)]
Front image is unreferenced, hence no figure.

6 years agoUse multicol in further research
Tobias Pape [Fri, 27 Dec 2013 23:45:33 +0000 (00:45 +0100)]
Use multicol in further research

6 years agolabels and sections
Tobias Pape [Fri, 27 Dec 2013 23:44:54 +0000 (00:44 +0100)]
labels and sections

add more labels to sections
make appendix stuff chapters

6 years agoreplace dot-generated reading guide by tikz one,
Tobias Pape [Fri, 27 Dec 2013 23:28:32 +0000 (00:28 +0100)]
replace dot-generated reading guide by tikz one,

can use hyperlinks there

6 years agomake the appendix an appendix.
Tobias Pape [Fri, 27 Dec 2013 22:28:50 +0000 (23:28 +0100)]
make the appendix an appendix.

6 years agounify cite commands to ~\cite{foo}.
Tobias Pape [Fri, 27 Dec 2013 22:28:33 +0000 (23:28 +0100)]
unify cite commands to ~\cite{foo}.

On the way, use things like ~\cite[page n]{foo}

6 years agoadd me to ack, simplify ack by using multicol
Tobias Pape [Fri, 27 Dec 2013 21:58:08 +0000 (22:58 +0100)]
add me to ack, simplify ack by using multicol

6 years agoadd emacs/AUCTeX multifile comments as needed.
Tobias Pape [Fri, 27 Dec 2013 21:36:23 +0000 (22:36 +0100)]
add emacs/AUCTeX multifile comments as needed.

Actually just for me, but does not harm anyone.

6 years agofix \input file names
Tobias Pape [Fri, 27 Dec 2013 21:36:08 +0000 (22:36 +0100)]
fix \input file names

6 years agoCapture Ciphersuite in a Macro for later use
Tobias Pape [Fri, 27 Dec 2013 21:35:45 +0000 (22:35 +0100)]
Capture Ciphersuite in a Macro for later use

6 years agofine tuning style
Tobias Pape [Fri, 27 Dec 2013 21:34:51 +0000 (22:34 +0100)]
fine tuning style

6 years agopimp listings. arrow at line breaks
Tobias Pape [Fri, 27 Dec 2013 21:09:53 +0000 (22:09 +0100)]
pimp listings. arrow at line breaks

6 years agomake proper use of draft mode
Tobias Pape [Fri, 27 Dec 2013 21:09:17 +0000 (22:09 +0100)]
make proper use of draft mode

6 years agoremove excessive vskips. handled by parskip
Tobias Pape [Fri, 27 Dec 2013 21:08:06 +0000 (22:08 +0100)]
remove excessive vskips. handled by parskip

6 years agoremove unused comments, move \pagestyle to style.tex
Tobias Pape [Fri, 27 Dec 2013 19:20:13 +0000 (20:20 +0100)]
remove unused comments, move \pagestyle to style.tex

6 years agoremove superfluous \date
Tobias Pape [Fri, 27 Dec 2013 19:19:44 +0000 (20:19 +0100)]
remove superfluous \date

6 years agoThis no longer looks like the howtotex template
Tobias Pape [Fri, 27 Dec 2013 18:57:29 +0000 (19:57 +0100)]
This no longer looks like the howtotex template

6 years agosplit out defined commands to common/commands.tex
Tobias Pape [Fri, 27 Dec 2013 18:55:54 +0000 (19:55 +0100)]
split out defined commands to common/commands.tex

6 years agosplit out stylistic config into common/style.tex
Tobias Pape [Fri, 27 Dec 2013 18:42:34 +0000 (19:42 +0100)]
split out stylistic config into common/style.tex

6 years agomove package loadings to system.tex
Tobias Pape [Fri, 27 Dec 2013 18:33:47 +0000 (19:33 +0100)]
move package loadings to system.tex

6 years agosplit out system-level config into common/system.tex
Tobias Pape [Fri, 27 Dec 2013 18:22:39 +0000 (19:22 +0100)]
split out system-level config into common/system.tex

6 years agosplit hyperref invocation. allow for unicode. make urls sans-serif
Tobias Pape [Fri, 27 Dec 2013 18:17:05 +0000 (19:17 +0100)]
split hyperref invocation. allow for unicode. make urls sans-serif

6 years agostyle page footer via koma
Tobias Pape [Fri, 27 Dec 2013 18:16:32 +0000 (19:16 +0100)]
style page footer via koma

6 years agoremove caption package and use already present koma config
Tobias Pape [Fri, 27 Dec 2013 18:04:58 +0000 (19:04 +0100)]
remove caption package and use already present koma config

6 years agosimplify title.tex
Tobias Pape [Fri, 27 Dec 2013 17:57:51 +0000 (18:57 +0100)]
simplify title.tex

6 years agouse scrpage2 for now
Tobias Pape [Fri, 27 Dec 2013 17:49:23 +0000 (18:49 +0100)]
use scrpage2 for now

6 years agoadd scrhack to make koma play nice with listings/float
Tobias Pape [Fri, 27 Dec 2013 17:45:40 +0000 (18:45 +0100)]
add scrhack to make koma play nice with listings/float