Add 3 topics to nav.adoc, fix errors

2018-09-09 15:16:31 +02:00 · 2018-09-09 15:16:31 +02:00 · a74a0bf0f4
commit a74a0bf0f4
parent 2ccbcc2abd
11 changed files with 52 additions and 215 deletions
--- a/modules/ROOT/pages/_partials/con_introduction-to-luks.adoc
+++ b/modules/ROOT/pages/_partials/con_introduction-to-luks.adoc
@ -5,20 +5,20 @@ Linux Unified Key Setup (LUKS) is a specification for block device encryption.

 LUKS uses the kernel device mapper subsystem with the `dm-crypt` module. This arrangement provides a low-level mapping that handles encryption and decryption of the device data. You can use the `cryptsetup` utility to perform user-level operations such as creating and accessing encrypted devices.

-.Advantages of using LUKS
+What LUKS does::  {blank}
+
+** LUKS encrypts entire block devices and is therefore well-suited for protecting the contents of mobile devices such as removable storage media or laptop disk drives.
+
+** The underlying contents of the encrypted block device are arbitrary. This makes it useful for encrypting [command]`swap` devices. This can also be useful with certain databases that use specially formatted block devices for data storage.
+
+** LUKS uses the existing device mapper kernel subsystem.
+
+** LUKS provides passphrase strengthening which protects against dictionary attacks.
+
+** LUKS devices contain multiple key slots, allowing users to add backup keys or passphrases.

-* LUKS encrypts entire block devices and can be used for protecting the contents of mobile devices such as removable storage media and laptop disk drives.
-
-* The underlying content of the encrypted block device are arbitrary making it useful for encrypting `swap` devices. This is also useful fir databases that use specifically formatted block devices for data storage.
-
-* LUKS uses the existing device mapper kernel subsystem. This is the same subsystem used by LVM, so it is well tested.
-
-* LUKS provides passphrase strengthenin which protects against dictionary attacks.
-
-* LUKS devices contain multiple key slots allowing users to add backup keys and passphrases.
-
-.Disadvantages of using LUKS
-
-* LUKS is not useful for applications requiring many (more than eight) users to have distinct access keys to the same device.
-
-* LUKS does not work for applications requiring file-level encryption.
+What LUKS does *not* do::  {blank}
+
+** LUKS is not well-suited for applications requiring more than eight users to have distinct access keys to the same device.
+
+** LUKS is not well-suited for applications requiring file-level encryption.
--- a/modules/ROOT/pages/_partials/con_introduction-to-selinux.adoc
+++ b/modules/ROOT/pages/_partials/con_introduction-to-selinux.adoc
@ -24,7 +24,7 @@ For example, there is a policy rule that permits Apache (the web server process

 [#fig-intro-httpd-mysqld]
 .SELinux allows the Apache process running as httpd_t to access the /var/www/html/ directory and it denies the same process to access the /data/mysql/ directory because there is no allow rule for the httpd_t and mysqld_db_t type contexts). On the other hand, the MariaDB process running as mysqld_t is able to access the /data/mysql/ directory and SELinux also correctly denies the process with the mysqld_t type to access the /var/www/html/ directory labeled as httpd_sys_content_t.
-image::../images/selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example]
+image::selinux-intro-apache-mariadb.png[SELinux_Apache_MariaDB_example]

 [discrete]
 == Additional resources
--- a/modules/ROOT/pages/configuring-xorg-as-default-gnome-session.adoc
+++ b/modules/ROOT/pages/configuring-xorg-as-default-gnome-session.adoc
@ -1,8 +1,9 @@
-[id='configuring-xorg-as-default-gnome-session']
-= Configuring Xorg as the default GNOME session
 ifdef::context[:parent-context: {context}]
 :context: xorg

+[id='configuring-xorg-as-default-gnome-session']
+= Configuring Xorg as the default GNOME session
+
 Wayland is the default GNOME display server. If GNOME freezes, or some applications do not function correctly in Wayland, you can choose to run GNOME in X11.


@ -14,5 +15,7 @@ include::{partialsdir}/proc_configuring-xorg-as-default-gnome-session.adoc[level
 . link:https://docs.fedoraproject.org/f27/system-administrators-guide/Wayland.html[Wayland Display Server in the System Administrator's Guide]

 . link:https://wayland.freedesktop.org/[Wayland @ freedesktop.org]
+
+
 ifdef::parent-context[:context: {parent-context}]
 ifndef::parent-context[:!context:]
--- a/modules/ROOT/pages/creating-encrypted-block-devices.adoc
+++ b/modules/ROOT/pages/creating-encrypted-block-devices.adoc
@ -1,179 +0,0 @@
-[id='creating-encrypted-block-devices_{context}']
-= Creating encrypted block devices
-
-This procedure describes the steps to create and configure encrypted block devices after installation.
-
-[id='proc_preparing_block_device_for_encrypting']
-== Step 1: Preparing a block device
-
-* Install the `cryptsetup` package:
-+
----------
-# dnf install cryptsetup-luks
----------
-
-* Create the block devices you want to encrypt using `parted`, `pvcreate`, `lvcreate`, and `mdadm`.
-
-* Optionally, fill the device, for example, `/dev/sda3` with random data before encrypting it as this increases the strength of encryption.
-+
-[NOTE]
-========
-Filling the device with random data increases the time necessary for encryption.
-========
-+
-[WARNING]
-=========
-The commands below destroy any existing data on the device.
-=========
-
-** To fill the device with high-quality random data:
-+
-------
-dd if=/dev/urandom of=<device>
-------
-+
-This takes several minutes per gigabyte on most systems.
-+
-** To fill the device with lower-quality random data:
-+
--------
-badblocks -c 10240 -s -w -t random -v <device>
--------
-+
-This is quicker compared to the high-quality random data method.
-
-[id='proc_format-device-as-dmcrypt-encrypted-device']
-== Step 2: Formatting an encrypted device
-
-. Format the device:
-+
---------
-# cryptsetup luksFormat <device>
---------
-+
-Sample output:
-+
--------
-WARNING!
-========
-This will overwrite data on <device> (for example, /dev/xvdc) irrevocably.
-
-Are you sure? (Type uppercase yes): YES
-Enter LUKS passphrase:
-Verify passphrase:
-Command successful.
--------
-This command initializes the volume, and sets an initial key or passphrase.
-+
-[NOTE]
-==========
-The passphrase is not recoverable so do not forget it.
-==========
-
-. To verify the formatting:
-+
-----
-# cryptsetup isLuks <device> && echo Success
-----
-
-. To see a summary of the encryption information for the device:
-+
---------
-# cryptsetup luksDump <device>
---------
-
-[id='proc_create-mapping-to-allow-access-to-decrypted-contents']
-== Step 3: Creating mapping to allow access to a decrypted content
-
-To access a decrypted content on a device, you need to create a mapping using the kernel `device-mapper`.
-
-LUKS provides a UUID (Universally Unique Identifier) for each device. This UUID is guranteed to remain the same as long as the LUKS header remains intact. To find a LUKS UUID for the device, run the following command:
-
--------
-# cryptsetup luksUUID <device>
--------
-
-An example of a reliable, informative and unique mapping name would be `luks-<uuid>`, where `<uuid>` is replaced with the LUKS UUID for the device (for example, luks-50ec957a-5b5a-47ee-85e6-f8085bbc97a8).
-
-. Create a mapping to access the decrypted contents on the device:
-+
--------
-# cryptsetup luksOpen <device> <name>
--------
-+
-You are prompted to enter the passphrase for the device. Once you have authenticated, you can see the mapping `/dev/mapper/<name>` which represents the decrypted device. You can read from and write to this device like you would any other unencrypted block device.
-
-. To see the status of the mapping:
-+
------
-# cryptsetup -v status <name>
------
-+
-Sample output:
-+
--------
-/dev/mapper/<name> is active.
-  type:    LUKS1
-  cipher:  aes-cbc-essiv:sha256
-  keysize: 256 bits
-  device:  /dev/xvdc
-  offset:  4096 sectors
-  size:    419426304 sectors
-  mode:    read/write
-Command successful.
--------
-
-[id='proc_create-filesystems-on-mapped-device']
-== Step 4: Creating filesystems on a mapped device
-
-After <<proc_create-mapping-to-allow-access-to-decrypted-contents>>, you can now use the mapped device node `/dev/mapper/<name>` like any other block device.
-
-. To create an `ext2` filesystem on the mapped device:
-+
-------
-# mke2fs /dev/mapper/<name>
-------
-
-. To mount this file system:
-+
--------
-# mkdir /mnt/test/
-# mount /dev/mapper/<name> /mnt/test
--------
-
-[id='proc_add-mapping-information-to-etc-fstab']
-== Step 5: Adding the mapping information to `/etc/fstab`
-
-In order for a system to setup mapping to a device, add a corresponding entry in the `/etc/crypttab` file.
-
-. If your system does not have the `/etc/crypttab` file, create a new file and change the owner and group to `root` (`root:root`):
-+
----------
-# touch /etc/crypttab
-# chmod 0744
----------
-
-. To identify the correct device in case the device name changes, add:
-+
---------
-<name>  <device>  none
---------
-+
-Here, the `<device>` field should be given in the form `UUID=<luks_uuid>`, where `<luks_uuid>` is the LUKS UUID.
-
-[id='proc_add-entry-to-etc-fstab']
-== Step 6: Adding an entry to `/etc/fstab`
-
-To ensure a persistent mapping between the device and the mount point, add the entry in the `/etc/fstab` file:
-
------
-/dev/mapper/<name>
------
-
-== Additional resources
-
- * https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions[LUKS Project Wiki: Frequently Asked Questions]
-
- * http://man7.org/linux/man-pages/man8/cryptsetup.8.html[cryptsetup(8) man page]
-
- * http://man7.org/linux/man-pages/man8/dmsetup.8.html[dmsetup(8) man page]
--- a/modules/ROOT/pages/encrypting-drives-using-LUKS.adoc
+++ b/modules/ROOT/pages/encrypting-drives-using-LUKS.adoc
@ -1,3 +1,6 @@
+ifdef::context[:parent-context: {context}]
+:context: luks
+
 [id='encrypting-drives-using-luks']
 = Encrypting drives using LUKS

@ -5,10 +8,13 @@ As a system administrator, you can encrypt a block device. This section gives a

 :leveloffset: +1

-include::en-US/modules/con_block-device-encryption.adoc[]
+include::{partialsdir}/con_block-device-encryption.adoc[]

-include::en-US/modules/con_introduction-to-luks.adoc[]
+include::{partialsdir}/con_introduction-to-luks.adoc[]

-include::en-US/creating-encrypted-block-devices.adoc[]
+include::{partialsdir}/creating-encrypted-block-devices.adoc[]

 :leveloffset: 0
+
+ifdef::parent-context[:context: {parent-context}]
+ifndef::parent-context[:!context:]
--- a/modules/ROOT/pages/installing-spotify.adoc
+++ b/modules/ROOT/pages/installing-spotify.adoc
@ -1,5 +1,6 @@
 ifdef::context[:parent-context: {context}]
 :context: installing-spotify
+
 = Installing Spotify

 include::{partialsdir}/3rdparty-message.adoc[]
@ -7,5 +8,6 @@ include::{partialsdir}/3rdparty-message.adoc[]
 Installing the Spotify music service client on Fedora.

 include::{partialsdir}/proc_installing-spotify-on-fedora.adoc[leveloffset=+1]
+
 ifdef::parent-context[:context: {parent-context}]
 ifndef::parent-context[:!context:]
--- a/modules/ROOT/pages/proc_installing-RPM.adoc
+++ b/modules/ROOT/pages/proc_installing-RPM.adoc
@ -1,13 +1,13 @@
-[id='proc_installing-a-RPM-file']
+[id='proc_installing-an-RPM-file']
 = Installing an RPM File

 This procedure shows you how to install an RPM file after you have downloaded the file to your desktop. An RPM file contains the required installation packages for a software.

-.Prerequisites
+._Prerequisites_

 * You must have administrative permission to install new RPM files on your system. Either root password or sudo access is required.

-.Procedure
+._Procedure_

 . Open a terminal.
 . Change your working directory to the location of the RPM file. If you have downloaded the RPM file to the `Downloads` directory, enter:
@ -23,7 +23,3 @@ $ cd ~/Downloads
 ----
 $ sudo rpm -i NAME_OF_RPM.rpm
 ----
-
-
-
-
--- a/modules/ROOT/pages/troubleshooting_selinux.adoc
+++ b/modules/ROOT/pages/troubleshooting_selinux.adoc
@ -1,5 +1,6 @@
 ifdef::context[:parent-context: {context}]
 :context: prod_troubleshooting_selinux
+
 [id='prod_troubleshooting_selinux']
 = Troubleshooting SELinux

@ -65,5 +66,7 @@ include::modules/proc_troubleshooting_selinux_allowing_access_audit.adoc[levelof
 * link:https://docs-old.fedoraproject.org/en-US/Fedora/25/html/SELinux_Users_and_Administrators_Guide/chap-Security-Enhanced_Linux-Troubleshooting.html[Troubleshooting] in the SELinux User's and Administrator's Guide

 * link:https://fedorapeople.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf[Four Key Causes of SELinux Errors]
+
+
 ifdef::parent-context[:context: {parent-context}]
 ifndef::parent-context[:!context:]
--- a/modules/ROOT/pages/using-adobe-flash.adoc
+++ b/modules/ROOT/pages/using-adobe-flash.adoc
@ -1,12 +1,15 @@
-:experimental:
-//include::en-US/entities.adoc[]
-include::en-US/3rdparty-message.adoc[]
+ifdef::context[:parent-context: {context}]
+:context: adobe-flash

-[id="using_adobe_flash"]
 = Using Adobe Flash

-include::en-US/modules/con_what_is_adobe_flash.adoc[leveloffset=+1]
+include::{partialsdir}/3rdparty-message.adoc[]

-include::en-US/modules/proc_checking_fedora_version.adoc[leveloffset=+1]
+include::{partialsdir}/con_what_is_adobe_flash.adoc[leveloffset=+1]

-include::en-US/modules/proc_installing_adobe_flash.adoc[leveloffset=+1]
+include::{partialsdir}/proc_checking_fedora_version.adoc[leveloffset=+1]
+
+include::{partialsdir}/proc_installing_adobe_flash.adoc[leveloffset=+1]
+
+ifdef::parent-context[:context: {parent-context}]
+ifndef::parent-context[:!context:]